Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2946 1 Lead Technologies 1 Leadtools Raster Dialog File Object 2026-04-23 N/A
Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.
CVE-2009-3095 7 Apache, Apple, Debian and 4 more 10 Http Server, Mac Os X, Debian Linux and 7 more 2026-04-23 N/A
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
CVE-2007-1598 1 Intervations 1 Filecopa 2026-04-23 N/A
Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-1467 1 Cisco 18 Acs Solution Engine, Call Manager, Ciscoworks and 15 more 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
CVE-2006-6511 1 Dadaimc 1 Dadaimc 2026-04-23 N/A
dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php).
CVE-2006-6669 1 Webcalendar 1 Webcalendar 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.
CVE-2006-5380 1 Contenido 1 Contendio 2026-04-23 N/A
Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenido_path is set to a static value
CVE-2007-4111 1 Codewidgets 1 Real Estate Listing Website Application Template 2026-04-23 N/A
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4287 1 Fishcart 1 Fishcart 2026-04-23 N/A
PHP remote file inclusion vulnerability in fc_functions/fc_example.php in FishCart 3.2 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the docroot parameter.
CVE-2007-0481 1 Cisco 1 Ios Transmission Control Protocol 2026-04-23 N/A
Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.
CVE-2007-3463 1 Microsoft 1 Windows Xp 2026-04-23 N/A
Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account.
CVE-2008-5029 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2026-04-23 N/A
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.
CVE-2006-5381 1 Contenido 1 Contendio 2026-04-23 N/A
Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory.
CVE-2007-2830 1 Madwifi 1 Madwifi 2026-04-23 N/A
The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.
CVE-2007-2545 1 Persism Cms 1 Persism Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.
CVE-2007-2832 1 Cisco 1 Call Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
CVE-2007-2137 1 Ibm 1 Tivoli Monitoring Express 2026-04-23 N/A
Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.
CVE-2007-1782 1 Cruiseworks 1 Cruiseworks 2026-04-23 N/A
CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information.
CVE-2007-2174 1 Checkpoint 1 Zonealarm 2026-04-23 N/A
The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.
CVE-2007-2833 3 Debian, Gnu, Mandrakesoft 4 Debian Linux, Emacs, Mandrake Linux and 1 more 2026-04-23 N/A
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.