Export limit exceeded: 351141 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351141 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351141 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351141 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351141 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3252 | 1 Portalapp | 1 Portalapp | 2026-04-23 | N/A |
| PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786. | ||||
| CVE-2007-3253 | 1 Astaro | 1 Security Gateway | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session. | ||||
| CVE-2007-3255 | 1 Xythos | 1 Enterprise Document Manager | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server. | ||||
| CVE-2007-3256 | 1 Xythos | 3 Digital Locker, Enterprise Document Manager, Webfile Server | 2026-04-23 | N/A |
| Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution. | ||||
| CVE-2007-3257 | 2 Gnome, Redhat | 2 Evolution, Enterprise Linux | 2026-04-23 | N/A |
| Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | ||||
| CVE-2007-3258 | 1 Vincent Hor | 1 Calendarix | 2026-04-23 | N/A |
| calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message. | ||||
| CVE-2007-3259 | 1 Vincent Hor | 1 Calendarix | 2026-04-23 | N/A |
| Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages. | ||||
| CVE-2007-3260 | 1 Hp | 1 System Management Homepage | 2026-04-23 | N/A |
| HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. | ||||
| CVE-2007-3261 | 1 Dkret | 1 Dkret | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in widgets/widget_search.php in dKret before 2.6 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2007-3263 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository." | ||||
| CVE-2007-3264 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors. | ||||
| CVE-2007-3265 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3266 | 1 Ifnet | 1 Webif.cgi | 2026-04-23 | N/A |
| Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter. | ||||
| CVE-2007-3268 | 1 Ibm | 1 Tivoli Provisioning Manager Os Deployment | 2026-04-23 | 7.5 High |
| The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error. | ||||
| CVE-2007-3269 | 1 Papoo | 1 Papoo Cms Light | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject arbitrary web script or HTML via a message to another user. NOTE: vector (2) might overlap CVE-2006-3571.1. | ||||
| CVE-2007-3276 | 1 Siteatschool | 1 Siteatschool | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Site@School (S@S) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3277 | 1 Wikindx | 1 Wikindx | 2026-04-23 | N/A |
| Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors. | ||||
| CVE-2007-3279 | 1 Postgresql | 1 Postgresql | 2026-04-23 | N/A |
| PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. | ||||
| CVE-2007-3280 | 1 Postgresql | 1 Postgresql | 2026-04-23 | N/A |
| The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access. | ||||
| CVE-2007-3281 | 1 Php Hosting Biller | 1 Php Hosting Biller | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||