Export limit exceeded: 19554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6973 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/. | ||||
| CVE-2006-6964 | 1 Mailenable | 1 Mailenable Professional | 2026-04-23 | N/A |
| MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | ||||
| CVE-2007-0370 | 1 Phpbp | 1 Phpbp | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers. | ||||
| CVE-2007-3058 | 1 Madirish Webmail | 1 Madirish Webmail | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3657 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS condition. | ||||
| CVE-2007-6628 | 1 Feng | 1 Feng | 2026-04-23 | N/A |
| LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a "RTP/AVP;unicast;client_port" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header. | ||||
| CVE-2007-4087 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php. | ||||
| CVE-2007-3611 | 1 Vrnews | 1 Vrnews | 2026-04-23 | N/A |
| admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter. | ||||
| CVE-2007-4294 | 1 Cisco | 2 Ios, Unified Communications Manager | 2026-04-23 | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. | ||||
| CVE-2007-4444 | 1 Rfactor | 1 Rfactor | 2026-04-23 | N/A |
| Multiple buffer overflows in Image Space rFactor 1.250 and earlier allow remote attackers to execute arbitrary code via a packet with ID (1) 0x80 or (2) 0x88 to UDP port 34297, related to the buffer containing the server version number. | ||||
| CVE-2007-3284 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. | ||||
| CVE-2007-3290 | 1 Livecms | 1 Livecms | 2026-04-23 | N/A |
| categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message. | ||||
| CVE-2007-4445 | 1 Rfactor | 1 Rfactor | 2026-04-23 | N/A |
| Image Space rFactor 1.250 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) an ID 0x30 packet, (2) an ID 0x38 packet, and an invalid 13-bit integer in (3) an ID 0x60 packet and (4) an ID 0x68 packet; and a denial of service (UDP port block) via (5) an ID 0x20 packet and (6) an ID 0x28 packet. | ||||
| CVE-2007-4449 | 1 Toribash | 1 Toribash | 2026-04-23 | N/A |
| The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command. | ||||
| CVE-2007-2441 | 1 Caucho Technology | 1 Resin | 2026-04-23 | N/A |
| Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. | ||||
| CVE-2007-1737 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. | ||||
| CVE-2007-2438 | 3 Foresight Linux, Redhat, Vim Development Group | 3 Foresight Linux, Enterprise Linux, Vim | 2026-04-23 | N/A |
| The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | ||||
| CVE-2007-1009 | 1 Macrovision | 1 Installanywhere | 2026-04-23 | N/A |
| Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file. | ||||
| CVE-2007-0852 | 1 Techexcel Inc. | 1 Devtrack | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1010 | 1 Zebrafeeds | 1 Zebrafeeds | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/. | ||||