Export limit exceeded: 29842 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29842 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4204 | 1 Hitachi | 3 Groupmax Collaboration Portal, Groupmax Collaboration Web Client, Ucosminexus Collaboration Portal | 2025-04-09 | N/A |
| Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collaboration Portal 07-32 through 07-32-/B, uCosminexus Collaboration Portal 06-32 through 06-32-/B, and Groupmax Collaboration Web Client - Mail/Schedule 07-32 through 07-32-/A, can assign schedule data to the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information. | ||||
| CVE-2007-4209 | 1 Aceboard | 1 Aceboard Forum | 2025-04-09 | N/A |
| SQL injection vulnerability in Recherche.php in Aceboard forum allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-4211 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2025-04-09 | N/A |
| The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. | ||||
| CVE-2007-4212 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag. | ||||
| CVE-2007-4225 | 1 Kde | 1 Konqueror | 2025-04-09 | N/A |
| Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. | ||||
| CVE-2007-4226 | 1 Bluecat Networks | 1 Adonis | 2025-04-09 | N/A |
| Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow. | ||||
| CVE-2007-4230 | 1 Jems Scripts | 1 Bellabiblio | 2025-04-09 | N/A |
| BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash | ||||
| CVE-2007-4234 | 1 Camera Life | 1 Camera Life | 2025-04-09 | N/A |
| Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4235 | 1 Vietphp | 1 Vietphp | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php. | ||||
| CVE-2007-4236 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges. | ||||
| CVE-2007-4239 | 1 C-sam | 1 Onewallet | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter. | ||||
| CVE-2007-4352 | 2 Redhat, Xpdf | 2 Enterprise Linux, Xpdf | 2025-04-09 | N/A |
| Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. | ||||
| CVE-2007-4357 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified. | ||||
| CVE-2007-4362 | 1 Prozilla | 1 Webring | 2025-04-09 | N/A |
| SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2007-4373 | 1 Rndlabs | 1 Babo Violent | 2025-04-09 | N/A |
| The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes. | ||||
| CVE-2006-6342 | 1 Klf-design | 1 Klf-realty | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp. | ||||
| CVE-2006-6344 | 1 Neocrome | 1 Seditio | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by CVE-2006-6177. NOTE: these issues might be related to SQL injection. | ||||
| CVE-2007-4374 | 1 Rndlabs | 1 Babo Violent | 2025-04-09 | N/A |
| Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages. | ||||
| CVE-2006-6345 | 1 Sap | 1 Internet Graphics Server | 2025-04-09 | N/A |
| Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134. | ||||
| CVE-2007-4375 | 1 Diskeeper | 1 Diskeeper | 2025-04-09 | N/A |
| The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address. | ||||