Export limit exceeded: 29885 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29885 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2514 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2025-04-09 | N/A |
| Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. | ||||
| CVE-2007-2526 | 1 Smartcode | 1 Vnc Manager | 2025-04-09 | N/A |
| Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. | ||||
| CVE-2007-1913 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2025-04-09 | N/A |
| The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | ||||
| CVE-2006-5987 | 1 Aspintranet | 1 Aspintranet | 2025-04-09 | N/A |
| SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter. | ||||
| CVE-2009-1663 | 1 Easy-scripts | 1 Answer And Question Script | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory. | ||||
| CVE-2007-0159 | 1 Geoip | 1 Geoip | 2025-04-09 | N/A |
| Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename. | ||||
| CVE-2007-0163 | 1 Securekit | 1 Securekit Steganography | 2025-04-09 | N/A |
| SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information. | ||||
| CVE-2007-2527 | 1 Dynamicpad | 1 Dynamicpad | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php. | ||||
| CVE-2009-1634 | 1 Novell | 1 Groupwise | 2025-04-09 | N/A |
| The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. | ||||
| CVE-2007-2492 | 1 Postnuke Software Foundation | 1 Postnuke V4bjournal Module | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action. | ||||
| CVE-2007-5795 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2025-04-09 | N/A |
| The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | ||||
| CVE-2007-2528 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | N/A |
| Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. | ||||
| CVE-2007-2554 | 1 Associated Press | 1 Newspower | 2025-04-09 | N/A |
| Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript. | ||||
| CVE-2009-1522 | 2 Ibm, Microsoft | 3 Aix, Tivoli Storage Manager Client, Windows | 2025-04-09 | N/A |
| The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | ||||
| CVE-2007-2556 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-09 | N/A |
| SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI. | ||||
| CVE-2007-2686 | 1 Jetbox | 1 Jetbox Cms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task. | ||||
| CVE-2007-2559 | 1 American Cart | 1 American Cart | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php. | ||||
| CVE-2006-4688 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." | ||||
| CVE-2006-4689 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." | ||||
| CVE-2007-2565 | 1 Cdelia Software | 1 Imageprocessing | 2025-04-09 | N/A |
| Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file. | ||||