Export limit exceeded: 364861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0398 1 Arnotic 1 A-forum 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.
CVE-2007-0401 1 Easebay Resources 1 Login Manager 2026-04-23 N/A
SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.
CVE-2007-0402 1 Easebay Resources 1 Paypal Subscription Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2007-0404 1 Django Project 1 Django 2026-04-23 N/A
bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.
CVE-2007-0406 1 Gxine 1 Gxine 2026-04-23 N/A
Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information.
CVE-2007-0410 1 Bea 1 Weblogic Server 2026-04-23 N/A
Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events."
CVE-2007-0411 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack.
CVE-2007-0413 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.
CVE-2007-0944 1 Microsoft 5 Ie, Internet Explorer, Windows 2000 and 2 more 2026-04-23 N/A
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
CVE-2006-4513 1 Wvware 1 Wvware 2026-04-23 N/A
Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
CVE-2007-0948 1 Microsoft 2 Virtual Pc, Virtual Server 2026-04-23 N/A
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
CVE-2007-0950 1 Fullaspsite 1 Asp Hosting Site 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2007-0952 1 Scriptsez.net 1 Virtual Calendar 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range.
CVE-2007-0961 1 Cisco 2 Asa 5500, Pix Firewall Software 2026-04-23 N/A
Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets.
CVE-2007-0962 1 Cisco 3 Asa 5500, Firewall Services Module, Pix Firewall Software 2026-04-23 N/A
Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.
CVE-2007-0964 1 Cisco 1 Firewall Services Module 2026-04-23 N/A
Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.
CVE-2007-0965 1 Cisco 1 Firewall Services Module 2026-04-23 N/A
Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request.
CVE-2007-0968 1 Cisco 1 Firewall Services Module 2026-04-23 N/A
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections.
CVE-2007-0969 1 Webtester 1 Webtester 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files.
CVE-2007-0971 1 Jupiter Cms 1 Jupiter Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.