Export limit exceeded: 360701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360701 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2943 | 1 Webavis | 1 Webavis | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | ||||
| CVE-2007-2945 | 1 Rmforum | 1 Rmforum | 2026-04-23 | N/A |
| RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb. | ||||
| CVE-2007-2946 | 1 Lead Technologies | 1 Leadtools Raster Dialog File Object | 2026-04-23 | N/A |
| Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value. | ||||
| CVE-2007-2948 | 1 Mplayer | 1 Mplayer | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. | ||||
| CVE-2007-2973 | 1 Avira | 2 Antivir, Av Pack | 2026-04-23 | N/A |
| Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive. | ||||
| CVE-2007-2970 | 1 8e6 Technologies | 1 R3000 Internet Filter | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2979 | 1 Techno Dreams | 1 Web Directory | 2026-04-23 | N/A |
| Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb. | ||||
| CVE-2007-2981 | 1 Lead Technologies | 1 Leadtools Raster Ocr Document Object Library | 2026-04-23 | N/A |
| Buffer overflow in a certain ActiveX control in LEAD Technologies LEADTOOLS Raster OCR Document Object Library (ltrdc14e.dll) 14.5.0.44 allows remote attackers to execute arbitrary code via a long DictionaryFileName property. | ||||
| CVE-2007-3011 | 1 Fujitsu | 1 Serverview | 2026-04-23 | N/A |
| The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter. | ||||
| CVE-2007-3023 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors. | ||||
| CVE-2007-3045 | 2 Hitachi, Hp | 3 Hi Ux We2, Tp1 Net Osi-tp-extended, Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port. | ||||
| CVE-2007-3062 | 1 Hp | 1 System Management Homepage | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3063 | 1 Mealex | 1 My Databook | 2026-04-23 | N/A |
| SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter. | ||||
| CVE-2007-3064 | 1 Mealex | 1 My Datebook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. | ||||
| CVE-2007-3069 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence. | ||||
| CVE-2007-3070 | 1 Bdigital Web Solutions | 1 Webstudio Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. | ||||
| CVE-2007-3071 | 1 Digital River | 1 Esellerate Sdk | 2026-04-23 | N/A |
| Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument. | ||||
| CVE-2007-4226 | 1 Bluecat Networks | 1 Adonis | 2026-04-23 | N/A |
| Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow. | ||||
| CVE-2007-3093 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server. | ||||
| CVE-2007-4231 | 1 Idevspot | 1 Phphostbot | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776. | ||||