Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2908 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. | ||||
| CVE-2007-2917 | 1 Authentium | 1 Command Antivirus | 2026-04-23 | N/A |
| Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-2926 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2026-04-23 | N/A |
| ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. | ||||
| CVE-2007-2934 | 1 Windy Road | 1 Vistered Little | 2026-04-23 | N/A |
| Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. | ||||
| CVE-2007-2942 | 1 My Little Homepage | 1 My Little Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2950 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2026-04-23 | N/A |
| Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges. | ||||
| CVE-2007-2961 | 1 Filecloset | 1 Filecloset | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. | ||||
| CVE-2007-2970 | 1 8e6 Technologies | 1 R3000 Internet Filter | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2992 | 1 Omegasoft | 1 Interneserviceslosungen | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields. | ||||
| CVE-2007-3000 | 1 Php Jackknife | 1 Php Jackknife | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php. | ||||
| CVE-2007-3013 | 1 Activeweb | 1 Contentserver | 2026-04-23 | N/A |
| SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors. | ||||
| CVE-2007-3024 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. | ||||
| CVE-2007-3432 | 1 Pluxml | 1 Pluxml | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename. | ||||
| CVE-2007-3048 | 1 Gnu | 1 Screen | 2026-04-23 | N/A |
| GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue | ||||
| CVE-2007-3058 | 1 Madirish Webmail | 1 Madirish Webmail | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3068 | 1 Dvd X Studios | 1 Dvd X Player | 2026-04-23 | N/A |
| Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename. | ||||
| CVE-2007-3079 | 1 Eqdkp | 1 Eqdkp | 2026-04-23 | N/A |
| listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path. | ||||
| CVE-2007-3086 | 1 Agnitum | 1 Outpost Firewall | 2026-04-23 | N/A |
| Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex. | ||||
| CVE-2007-3095 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors. | ||||
| CVE-2007-3630 | 1 Av Scripts | 1 Av Tutorial Script | 2026-04-23 | N/A |
| changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter. | ||||