Export limit exceeded: 365260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4393 | 1 Suse | 1 Suse Linux | 2026-04-23 | N/A |
| The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions. | ||||
| CVE-2007-4382 | 1 Counterpath | 1 X-lite | 2026-04-23 | N/A |
| CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | ||||
| CVE-2007-2960 | 1 Scallywag.org | 1 Scallywag | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2438 | 3 Foresight Linux, Redhat, Vim Development Group | 3 Foresight Linux, Enterprise Linux, Vim | 2026-04-23 | N/A |
| The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | ||||
| CVE-2007-3697 | 1 Tufat | 1 Flashbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-2982 | 1 Bt | 1 Business Connect Webhelper Activex Control | 2026-04-23 | N/A |
| Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2009-1212 | 1 Precisionid | 1 Data Matrix Barcode Activex Control | 2026-04-23 | N/A |
| Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods. | ||||
| CVE-2007-2443 | 4 Canonical, Debian, Mit and 1 more | 4 Ubuntu Linux, Debian Linux, Kerberos 5 and 1 more | 2026-04-23 | N/A |
| Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. | ||||
| CVE-2007-2986 | 1 Nexen | 1 Adminbot Mx | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter. | ||||
| CVE-2007-2988 | 1 Inout Scripts | 1 Inout Meta Search Engine | 2026-04-23 | N/A |
| A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php. | ||||
| CVE-2007-2989 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298. | ||||
| CVE-2009-0755 | 1 Poppler | 1 Poppler | 2026-04-23 | N/A |
| The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. | ||||
| CVE-2009-4055 | 1 Digium | 2 Asterisk, S800i | 2026-04-23 | N/A |
| rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length. | ||||
| CVE-2007-3075 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences. | ||||
| CVE-2007-3076 | 1 Zenturi | 1 Zenturi Programchecker | 2026-04-23 | N/A |
| A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function. | ||||
| CVE-2006-5965 | 1 Passgo | 1 Sso Plus | 2026-04-23 | N/A |
| PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs. | ||||
| CVE-2007-3078 | 1 Aigaion | 1 Aigaion | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php. | ||||
| CVE-2007-3080 | 1 Hunkaray Okul | 1 Portaly | 2026-04-23 | N/A |
| SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3083 | 1 Rainbowsoft | 1 Z-blog | 2026-04-23 | N/A |
| Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb. | ||||
| CVE-2007-3555 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. | ||||