Export limit exceeded: 359753 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359753 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6214 | 1 Learnloop | 1 Learnloop | 2026-04-23 | N/A |
| Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database. | ||||
| CVE-2007-6215 | 1 Web-meetme | 1 Web-meetme | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter. | ||||
| CVE-2007-6216 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs. | ||||
| CVE-2007-6206 | 6 Canonical, Debian, Linux and 3 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2026-04-23 | N/A |
| The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. | ||||
| CVE-2007-6218 | 1 Ossigeno | 1 Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234. | ||||
| CVE-2007-6219 | 1 Ibm | 1 Tivoli Netcool Security Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-3630 | 2 Apple, Microsoft | 6 Bonjour, Windows-nt, Windows 2000 and 3 more | 2026-04-23 | N/A |
| mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||||
| CVE-2007-6221 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2026-04-23 | N/A |
| TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6222 | 1 Crm Ctt | 1 Interleave | 2026-04-23 | N/A |
| The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-7005 | 1 Php Script Tools | 1 Psy Auction | 2026-04-23 | N/A |
| SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2582 | 1 Oracle | 2 Bea Product Suite, Weblogic Server Component | 2026-04-23 | N/A |
| Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors. | ||||
| CVE-2008-3566 | 1 Zoneo-soft | 1 Freeforum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5794 | 2 Nss Ldap, Redhat | 2 Nss Ldap, Enterprise Linux | 2026-04-23 | N/A |
| Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected. | ||||
| CVE-2007-5795 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2026-04-23 | N/A |
| The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | ||||
| CVE-2007-5796 | 1 Symantec | 2 Proxysg, Proxysg Firmware | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. | ||||
| CVE-2007-5797 | 1 Apache | 1 Geronimo | 2026-04-23 | N/A |
| SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | ||||
| CVE-2007-5799 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | ||||
| CVE-2008-2583 | 1 Oracle | 2 Application Server, Oracle Portal Component | 2026-04-23 | N/A |
| Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors. | ||||
| CVE-2007-5801 | 1 Work System E-commerce | 1 Work System E-commerce | 2026-04-23 | N/A |
| Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages." | ||||
| CVE-2008-2585 | 1 Oracle | 2 E-business Suite, Report Manager Component | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors. | ||||