Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3952 1 Norman 1 Normon Antivirus 2026-04-23 N/A
The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around".
CVE-2007-4048 1 Phpsysinfo 1 Phpsysinfo 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2007-4050 1 Adempiere 1 Bazaar 2026-04-23 N/A
Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors.
CVE-2007-5481 1 Distributed Checksum Clearinghouse 1 Dcc 2026-04-23 N/A
Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood."
CVE-2007-4054 1 Php123 1 Top Sites 2026-04-23 N/A
SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2006-5617 1 Thepeak 1 Thepeak File Upload Manager 2026-04-23 N/A
Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter.
CVE-2007-4131 3 Gnu, Redhat, Rpath 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more 2026-04-23 N/A
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
CVE-2007-4136 1 Redhat 2 Conga, Rhel Cluster 2026-04-23 N/A
The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.
CVE-2007-4141 1 Openrat 1 Openrat Cms 2026-04-23 N/A
OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain sensitive information via a request containing an XSS sequence in the action parameter to index.php, which reveals the path in an error message.
CVE-2007-4228 1 Ibm 1 Aix 2026-04-23 N/A
rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.
CVE-2006-6371 1 James Barnsley 1 Jab Guest Book 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter.
CVE-2007-4230 1 Jems Scripts 1 Bellabiblio 2026-04-23 N/A
BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash
CVE-2007-4239 1 C-sam 1 Onewallet 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter.
CVE-2007-4242 1 Astaro 1 Security Gateway 2026-04-23 N/A
The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.
CVE-2007-4243 1 Astaro 1 Security Gateway 2026-04-23 N/A
Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.
CVE-2007-5513 1 Oracle 1 Database Server 2026-04-23 N/A
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.
CVE-2006-6377 1 Uploadscript 1 Uploadscript 2026-04-23 N/A
Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.
CVE-2006-5618 1 Netref 1 Netref 2026-04-23 N/A
Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter.
CVE-2007-4272 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm).
CVE-2007-4292 1 Cisco 1 Ios 2026-04-23 N/A
Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249.