Export limit exceeded: 351412 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351412 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5762 | 1 Novell | 1 Netware Client | 2026-04-23 | N/A |
| NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. | ||||
| CVE-2007-5764 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option. | ||||
| CVE-2008-5859 | 1 Constructr | 1 Constructr-cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the show_page parameter. | ||||
| CVE-2008-7155 | 1 Phprisk | 1 Netrisk | 2026-04-23 | N/A |
| NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. | ||||
| CVE-2007-5786 | 1 A-enterprise | 1 Gosamba | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php. | ||||
| CVE-2007-5787 | 1 Phptoys | 1 Micro Login System | 2026-04-23 | N/A |
| Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt. | ||||
| CVE-2007-5788 | 1 Grandstream | 1 Ht488 | 2026-04-23 | N/A |
| Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message. | ||||
| CVE-2007-5789 | 1 Grandstream | 1 Ht488 | 2026-04-23 | N/A |
| The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060. | ||||
| CVE-2007-5790 | 1 Globe7 | 1 Globe7 | 2026-04-23 | N/A |
| The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information. | ||||
| CVE-2007-5791 | 1 Vonage | 1 Motorola Phone Adapter Vt2142-vd | 2026-04-23 | N/A |
| The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content. | ||||
| CVE-2007-5797 | 1 Apache | 1 Geronimo | 2026-04-23 | N/A |
| SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | ||||
| CVE-2007-5793 | 1 Stonesoft | 1 Stonegate Ips | 2026-04-23 | N/A |
| Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection. | ||||
| CVE-2007-5794 | 2 Nss Ldap, Redhat | 2 Nss Ldap, Enterprise Linux | 2026-04-23 | N/A |
| Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected. | ||||
| CVE-2007-5796 | 1 Symantec | 2 Proxysg, Proxysg Firmware | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. | ||||
| CVE-2007-5798 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | ||||
| CVE-2007-5799 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | ||||
| CVE-2007-5801 | 1 Work System E-commerce | 1 Work System E-commerce | 2026-04-23 | N/A |
| Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages." | ||||
| CVE-2007-5802 | 1 Firewolf Technologies | 1 Synergiser | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration. | ||||
| CVE-2007-5803 | 1 Nagios | 1 Nagios | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360. | ||||
| CVE-2007-5804 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument. | ||||