Export limit exceeded: 363866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4910 1 Netinvoicing 1 Netinvoicing 2026-04-23 N/A
Unspecified vulnerability in netInvoicing before 2.7.3 has unknown impact and attack vectors, related to "security check soap".
CVE-2007-4906 1 Nuclearbb 1 Nuclearbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2007-4904 1 Realnetworks 2 Helix Player, Realplayer 2026-04-23 N/A
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
CVE-2007-4903 1 Ultra Shareware 1 Ultra Crypto Component 2026-04-23 N/A
Multiple buffer overflows in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allow remote attackers to execute arbitrary code via (1) a long string in the first argument to the AcquireContext method or (2) an unspecified vector to the DeleteContext method.
CVE-2007-0808 1 Mina Ajans 1 Mina Ajans Script 2026-04-23 N/A
PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script.
CVE-2007-4012 1 Cisco 6 4100 Wireless Lan Controller, 4400 Wireless Lan Controller, Airespace 4000 Wireless Lan Controller and 3 more 2026-04-23 N/A
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374.
CVE-2007-4011 1 Cisco 6 4100 Wireless Lan Controller, 4400 Wireless Lan Controller, Airespace 4000 Wireless Lan Controller and 3 more 2026-04-23 N/A
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841.
CVE-2007-3654 1 Netbsd 1 Netbsd 2026-04-23 N/A
The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.
CVE-2007-3566 1 Borland Software 1 Interbase 2026-04-23 N/A
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.
CVE-2007-2795 1 Ipswitch 1 Imail 2026-04-23 N/A
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
CVE-2007-2006 1 Pl-php 1 Pl-php 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter.
CVE-2007-2004 1 Inoutmailinglistmanager 1 Inoutmailinglistmanager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.
CVE-2007-1991 1 Youngzsoft 1 Cmailserver 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.
CVE-2007-1984 1 Lite-cms 1 Lite-cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
CVE-2007-1977 1 Holacms 1 Holacms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.
CVE-2009-1955 8 Apache, Apple, Canonical and 5 more 11 Apr-util, Http Server, Mac Os X and 8 more 2026-04-23 7.5 High
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
CVE-2008-2006 1 Apple 2 Ical, Mac Os X 2026-04-23 N/A
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line.
CVE-2007-5800 2 Tom Willmot, Wordpress 2 Backupwordpress Plugin, Wordpress 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.
CVE-2007-3945 2 Linux, Rsbac 2 Linux Kernel, Rule Set Based Access Control 2026-04-23 N/A
Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.
CVE-2009-1469 1 Icewarp 2 Email Server, Webmail Server 2026-04-23 N/A
CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message.