Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0921 1 Radical Technologies 1 Portal Search 2026-04-23 N/A
Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.
CVE-2007-0923 1 Radical Technologies 1 Portal Search 2026-04-23 N/A
buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.
CVE-2007-0924 1 Till Gerken 1 Phppolls 2026-04-23 N/A
Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764.
CVE-2007-0927 1 Utorrent 1 Utorrent 2026-04-23 N/A
Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.
CVE-2007-0928 1 Virtual Calendar 1 Virtual Calendar 2026-04-23 N/A
Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt.
CVE-2009-0374 1 Google 1 Chrome 2026-04-23 N/A
Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.
CVE-2009-1574 2 Ipsec-tools, Redhat 2 Ipsec-tools, Enterprise Linux 2026-04-23 N/A
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
CVE-2007-2593 1 Microsoft 2 Terminal Server, Windows 2003 Server 2026-04-23 N/A
The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
CVE-2007-1798 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.
CVE-2007-1030 1 Niels Provos 1 Libevent 2026-04-23 N/A
Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.
CVE-2007-0239 2 Openoffice, Redhat 2 Openoffice, Enterprise Linux 2026-04-23 N/A
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
CVE-2006-6436 1 Xerox 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages.
CVE-2007-1040 1 Xpression News 1 Xpression News 2026-04-23 N/A
Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.
CVE-2008-6512 1 Google 1 Gears 2026-04-23 N/A
Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain.
CVE-2009-0622 1 Cisco 4 Ace 4710, Application Control Engine Module, Catalyst 6500 and 1 more 2026-04-23 N/A
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).
CVE-2007-4076 1 Asp Indir 1 Alisveris Sitesi Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to execute arbitrary SQL commands via the (1) product_id or (2) cat_id parameter in a product mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1085 1 Google 1 Desktop 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.
CVE-2007-1170 1 Simbin 4 Gt Legends, Gtr - Fia Get Racing Game, Gtr 2 and 1 more 2026-04-23 N/A
SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port.
CVE-2007-1178 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.
CVE-2007-1818 1 Forum Picture And Meta Tags 1 Forum Picture And Meta Tags 2026-04-23 N/A
PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.