Export limit exceeded: 13022 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359550 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2387 | 1 Apple | 1 Xserve Lights-out Management | 2026-04-23 | N/A |
| Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool. | ||||
| CVE-2007-2414 | 2 Microsoft, Myserver | 2 All Windows, Myserver | 2026-04-23 | N/A |
| MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2007-2416 | 1 E-annu | 1 E-annu | 2026-04-23 | N/A |
| SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter. | ||||
| CVE-2006-6281 | 1 Dicshunary | 1 Dicshunary | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter. | ||||
| CVE-2007-1877 | 1 Vmware | 1 Workstation | 2026-04-23 | N/A |
| VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information. | ||||
| CVE-2007-4080 | 1 Alstrasoft | 1 E-friends | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564. | ||||
| CVE-2009-2477 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements. | ||||
| CVE-2007-1840 | 1 Ldap Account Manager | 1 Ldap Account Manager | 2026-04-23 | N/A |
| lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS). | ||||
| CVE-2008-3315 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374. | ||||
| CVE-2007-1832 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms." | ||||
| CVE-2007-4073 | 1 Tincan | 1 Webbler Cms | 2026-04-23 | N/A |
| Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks. | ||||
| CVE-2007-1824 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character. | ||||
| CVE-2007-1823 | 1 T-mobile | 1 Voice Mail Systems | 2026-04-23 | N/A |
| T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | ||||
| CVE-2007-1822 | 1 Alcatel-lucent | 1 Voice Mail System | 2026-04-23 | N/A |
| Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | ||||
| CVE-2007-1817 | 1 Lykoszine | 1 Lykos Reviews Module | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action. | ||||
| CVE-2007-1816 | 1 Xoops | 1 Tutoriais Module | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2007-1815 | 1 Xoops | 1 Library Module | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2007-1814 | 1 Xoops | 1 Core Module | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377. | ||||
| CVE-2008-3261 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | ||||
| CVE-2006-6279 | 1 Alexphpteam | 1 Alex Guestbook | 2026-04-23 | N/A |
| index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message. | ||||