Export limit exceeded: 359321 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359321 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3690 | 1 Drupal | 1 Forward Module | 2026-04-23 | N/A |
| The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | ||||
| CVE-2007-3691 | 1 Av Scripts | 1 Av Tutorial Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630. | ||||
| CVE-2007-3697 | 1 Tufat | 1 Flashbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-4297 | 1 Aspindir | 1 Dersimiz Haber Ekleme Modulu | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1024 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2026-04-23 | N/A |
| Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. | ||||
| CVE-2007-3706 | 1 Codeigniter | 1 Codeigniter | 2026-04-23 | N/A |
| The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie. | ||||
| CVE-2007-3707 | 1 Codeigniter | 1 Codeigniter | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. | ||||
| CVE-2008-2023 | 1 Pd9 Software | 1 Megabbs | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp. | ||||
| CVE-2007-3711 | 1 3com | 1 Tippingpoint Ips Tos | 2026-04-23 | N/A |
| Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. | ||||
| CVE-2007-3723 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | ||||
| CVE-2007-4301 | 1 Webcart | 1 Webcart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-2024 | 1 Minibb | 1 Minibb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action. | ||||
| CVE-2007-3728 | 1 Silc | 2 Silc Client, Silc Toolkit | 2026-04-23 | N/A |
| Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications. | ||||
| CVE-2007-3729 | 1 Hp | 1 Openvms | 2026-04-23 | N/A |
| The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames. | ||||
| CVE-2007-3730 | 1 Hp | 1 Openvms | 2026-04-23 | N/A |
| The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification. | ||||
| CVE-2007-4302 | 1 Freshmeat | 1 Generic Software Wrappers Toolkit | 2026-04-23 | N/A |
| Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing. | ||||
| CVE-2007-3752 | 1 Apple | 1 Itunes | 2026-04-23 | N/A |
| Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file. | ||||
| CVE-2007-3761 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. | ||||
| CVE-2007-3768 | 1 Netwin | 1 Surgeftp | 2026-04-23 | N/A |
| The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. | ||||
| CVE-2007-3775 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. | ||||