Export limit exceeded: 29852 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29852 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4067 | 1 Clever Components | 1 Internet Activex Suite | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4069 | 1 Index Script | 1 Index Script | 2025-04-09 | N/A |
| SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2007-4075 | 1 Asp Indir | 1 Alisveris Sitesi Script | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5965 | 1 Passgo | 1 Sso Plus | 2025-04-09 | N/A |
| PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs. | ||||
| CVE-2007-4077 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php. | ||||
| CVE-2007-4154 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components. | ||||
| CVE-2007-4155 | 1 Emc | 1 Vmware | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method. | ||||
| CVE-2007-4163 | 1 Index Script | 1 Index Script | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 before 20070726 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id, (2) start_id, (3) row[parent_id], and (4) row[cat_id] parameters to unspecified components, related to use of these parameters within include/utils.php. NOTE: the show_cat.php cat_id vector is already covered by CVE-2007-4069. | ||||
| CVE-2007-1675 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | N/A |
| Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. | ||||
| CVE-2007-2440 | 1 Caucho Technology | 1 Resin | 2025-04-09 | N/A |
| Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. | ||||
| CVE-2007-2443 | 4 Canonical, Debian, Mit and 1 more | 4 Ubuntu Linux, Debian Linux, Kerberos 5 and 1 more | 2025-04-09 | N/A |
| Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. | ||||
| CVE-2007-2451 | 1 Linux | 1 Linux Kernel | 2025-04-09 | N/A |
| Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2007-4279 | 1 Frontaccounting | 1 Frontaccounting | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter. | ||||
| CVE-2007-4281 | 1 Knowledgetree | 1 Open Source | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors. | ||||
| CVE-2007-2585 | 1 Barcodewiz | 1 Barcode Activex Control | 2025-04-09 | N/A |
| Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument. | ||||
| CVE-2007-1677 | 2 Navision Software, Netbsd | 2 Navision Financials Server, Netbsd | 2025-04-09 | N/A |
| Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function. | ||||
| CVE-2007-4294 | 1 Cisco | 2 Ios, Unified Communications Manager | 2025-04-09 | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. | ||||
| CVE-2007-4296 | 1 Anti-spam Smtp Proxy | 1 Server | 2025-04-09 | N/A |
| Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (ASSP) 1.3.3 has unknown impact and attack vectors. | ||||
| CVE-2007-4303 | 2 Cerb, Freebsd | 2 Cerbng, Freebsd | 2025-04-09 | N/A |
| Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb. | ||||
| CVE-2007-4305 | 5 Netbsd, Openbsd, Sysjail and 2 more | 5 Netbsd, Openbsd, Sysjail and 2 more | 2025-04-09 | N/A |
| Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. | ||||