Export limit exceeded: 364491 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26320 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0052 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | ||||
| CVE-2007-6193 | 1 Citrix | 1 Netscaler | 2026-04-23 | N/A |
| The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. | ||||
| CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2026-04-23 | N/A |
| The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | ||||
| CVE-2007-6179 | 1 Kinson Chan Charray | 1 Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/. | ||||
| CVE-2007-6178 | 1 Easy Hosting Control Panel | 1 Easy Hosting Control Panel | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | ||||
| CVE-2007-6146 | 1 Hitachi | 1 Jp1 File Transmission Server | 2026-04-23 | N/A |
| Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. | ||||
| CVE-2007-6095 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2026-04-23 | N/A |
| The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. | ||||
| CVE-2007-6036 | 1 Live555 | 1 Media Server | 2026-04-23 | N/A |
| The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. | ||||
| CVE-2007-6019 | 2 Adobe, Redhat | 5 Air, Flash, Flash Player and 2 more | 2026-04-23 | N/A |
| Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. | ||||
| CVE-2007-5984 | 1 Justin Hagstrom | 1 Autoindex Php Script | 2026-04-23 | N/A |
| classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation." | ||||
| CVE-2008-2712 | 3 Canonical, Redhat, Vim | 3 Ubuntu Linux, Enterprise Linux, Vim | 2026-04-23 | N/A |
| Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. | ||||
| CVE-2007-5379 | 1 David Hansson | 1 Ruby On Rails | 2026-04-23 | N/A |
| Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file. | ||||
| CVE-2007-5335 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs. | ||||
| CVE-2007-5264 | 1 Battlefront | 1 Dropteam | 2026-04-23 | N/A |
| Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information. | ||||
| CVE-2008-6745 | 1 Blogphp | 1 Blogphp | 2026-04-23 | N/A |
| index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action. | ||||
| CVE-2007-5196 | 1 Suse | 1 Suse Linux | 2026-04-23 | N/A |
| Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. | ||||
| CVE-2007-5172 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2026-04-23 | N/A |
| Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message. | ||||
| CVE-2007-4561 | 1 Realnetworks | 1 Helix Dna Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers. | ||||
| CVE-2007-4516 | 1 Symantec Veritas | 1 Storage Foundation | 2026-04-23 | N/A |
| The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets. | ||||
| CVE-2007-4514 | 1 Hp | 1 Procurve Manager | 2026-04-23 | N/A |
| Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors. | ||||