Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1854 1 Hitachi 7 Cosminexus Component Container, Electronic Form Workflow, Ucosminexus Application Server and 4 more 2026-04-23 N/A
Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in uCosminexus Application Server Enterprise and Standard; uCosminexus Service Platform; uCosminexus Developer Standard and Professional; uCosminexus Service Architect; Electronic Form Workflow Standard Set, Professional Library Set, and Developer Client Set; and uCosminexus ERP Integrator, does not properly manage session information, which has an unspecified impact related to "unintended other requests."
CVE-2007-0487 1 Zoneo-soft 1 Freeforum 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used
CVE-2007-0966 1 Cisco 1 Firewall Services Module 2026-04-23 N/A
Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.
CVE-2006-5032 1 Phpartenaire 1 Phpartenaire 2026-04-23 N/A
PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter.
CVE-2007-0424 1 Bea 1 Weblogic Server 2026-04-23 N/A
Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption.
CVE-2007-1445 1 Betaparticle 1 Betaparticle Blog 2026-04-23 N/A
SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.
CVE-2006-5037 1 Squiz 1 Mysource Matrix 2026-04-23 N/A
MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.
CVE-2007-1532 1 Microsoft 1 Windows Vista 2026-04-23 N/A
The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.
CVE-2007-1222 2 Apple, Parallels 2 Mac Os X, Parallels Desktop 2026-04-23 N/A
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.
CVE-2008-1203 1 Adobe 1 Coldfusion 2026-04-23 N/A
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.
CVE-2007-1220 1 Microsoft 1 Xbox 360 2026-04-23 N/A
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.
CVE-2007-0421 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.
CVE-2007-6506 1 Hp 1 Software Update 2026-04-23 N/A
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
CVE-2007-1849 1 Drake Team 1 Drake Cms 2026-04-23 N/A
Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of these details are obtained from third party information. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."
CVE-2006-5038 1 Fiwin 1 Ss28s Wifi Voip Sip Skype Phone 2026-04-23 N/A
The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet.
CVE-2007-0060 2 Broadcom, Ca 24 Advantage Data Transport, Brightstor Portal, Brightstor San Manager and 21 more 2026-04-23 N/A
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
CVE-2007-0491 1 Sky Gunning 1 Myspeach 2026-04-23 N/A
PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information.
CVE-2007-1738 1 Truecrypt Foundation 1 Truecrypt 2026-04-23 N/A
TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.
CVE-2007-1510 1 Particle Blogger 1 Particle Blogger 2026-04-23 N/A
SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-2006-7120 1 Osu Open Source Lab 1 Maintain 2026-04-23 N/A
PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php