Export limit exceeded: 342278 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3279 | 1 Postgresql | 1 Postgresql | 2025-04-09 | N/A |
| PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. | ||||
| CVE-2006-5021 | 1 Redblog | 1 Redblog | 2025-04-09 | 9.8 Critical |
| Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2009-1192 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-09 | N/A |
| The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. | ||||
| CVE-2009-3630 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. | ||||
| CVE-2007-5481 | 1 Distributed Checksum Clearinghouse | 1 Dcc | 2025-04-09 | N/A |
| Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood." | ||||
| CVE-2009-1203 | 1 Cisco | 1 Adaptive Security Appliance | 2025-04-09 | N/A |
| WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. | ||||
| CVE-2007-3282 | 1 Microsoft | 2 Office, Office Msodatasourcecontrol Activex | 2025-04-09 | N/A |
| Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. | ||||
| CVE-2009-3643 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-09 | N/A |
| Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728. | ||||
| CVE-2006-5953 | 1 Lynx Internet Solutions | 1 Evolve Merchant | 2025-04-09 | N/A |
| SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid parameter. | ||||
| CVE-2007-3248 | 1 Sun | 1 Solaris | 2025-04-09 | N/A |
| Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic. | ||||
| CVE-2007-3424 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3047 | 1 Vonage | 1 Voip Telephone Adapter | 2025-04-09 | N/A |
| The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access. | ||||
| CVE-2007-3425 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2. | ||||
| CVE-2009-1574 | 2 Ipsec-tools, Redhat | 2 Ipsec-tools, Enterprise Linux | 2025-04-09 | N/A |
| racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. | ||||
| CVE-2007-3290 | 1 Livecms | 1 Livecms | 2025-04-09 | N/A |
| categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message. | ||||
| CVE-2007-3436 | 1 Microsoft | 2 Msn Messenger, Windows Xp | 2025-04-09 | N/A |
| Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. | ||||
| CVE-2009-3864 | 2 Microsoft, Sun | 3 Windows, Jdk, Jre | 2025-04-09 | N/A |
| The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. | ||||
| CVE-2007-4025 | 1 Sun | 1 Java System Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors. | ||||
| CVE-2007-3609 | 1 Emeeting | 1 Online Dating Software | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors. | ||||
| CVE-2009-1615 | 1 Gowondesigns | 1 Leap | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request. | ||||