Export limit exceeded: 10706 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359658 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2577 | 1 Oracle | 1 Weblogic Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors. | ||||
| CVE-2007-5787 | 1 Phptoys | 1 Micro Login System | 2026-04-23 | N/A |
| Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt. | ||||
| CVE-2008-2578 | 1 Oracle | 1 Weblogic Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors. | ||||
| CVE-2007-5790 | 1 Globe7 | 1 Globe7 | 2026-04-23 | N/A |
| The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information. | ||||
| CVE-2007-5791 | 1 Vonage | 1 Motorola Phone Adapter Vt2142-vd | 2026-04-23 | N/A |
| The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content. | ||||
| CVE-2008-2579 | 1 Oracle | 1 Weblogic Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors. | ||||
| CVE-2007-5792 | 1 Vonage | 1 Motorola Phone Adapter Vt2142-vd | 2026-04-23 | N/A |
| The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session. | ||||
| CVE-2007-5363 | 2 Joomla, Webmaster-tips | 2 Joomla, Panoramic Picture Viewer | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6391 | 1 Open Solution | 1 Quick.cart | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5365 | 5 Debian, Openbsd, Redhat and 2 more | 7 Debian Linux, Openbsd, Enterprise Linux and 4 more | 2026-04-23 | N/A |
| Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. | ||||
| CVE-2007-5366 | 1 Fujitsu | 3 Interstage Application Server, Interstage Apworks, Interstage Studio | 2026-04-23 | N/A |
| The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. | ||||
| CVE-2007-5368 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors. | ||||
| CVE-2007-5373 | 1 Ldapscripts | 1 Ldapscripts | 2026-04-23 | N/A |
| ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function. | ||||
| CVE-2007-5374 | 1 Lightblog | 1 Lightblog | 2026-04-23 | N/A |
| cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account. | ||||
| CVE-2007-5382 | 1 Cisco | 2 Wireless Control System, Wireless Lan Solution Engine | 2026-04-23 | N/A |
| The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. | ||||
| CVE-2007-5383 | 2 Alcatel, Bt | 2 Speedtouch 7g Router, Home Hub | 2026-04-23 | N/A |
| The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues. | ||||
| CVE-2007-5384 | 2 Alcatel, Bt | 2 Speedtouch 7g Router, Home Hub | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues. | ||||
| CVE-2007-5390 | 1 Picoflat Cms | 1 Picoflat Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter. | ||||
| CVE-2007-5392 | 2 Redhat, Xpdf | 2 Enterprise Linux, Xpdf | 2026-04-23 | N/A |
| Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. | ||||
| CVE-2007-5395 | 2 Abiword, Link Grammar | 2 Abiword Link Grammar, Link Grammar | 2026-04-23 | N/A |
| Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function. | ||||