Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3117 | 1 Adplan | 1 Seo | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers. | ||||
| CVE-2007-3118 | 1 K-letter | 1 K-letter | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php. | ||||
| CVE-2007-3120 | 1 Aiocp | 1 Aiocp | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3121 | 1 Zapping | 1 Zapping Vbi Library | 2025-04-09 | N/A |
| Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long data during a reception error. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3122 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | N/A |
| The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR. | ||||
| CVE-2007-3127 | 1 Ibm | 1 Websphere Portal | 2025-04-09 | N/A |
| content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. | ||||
| CVE-2007-3129 | 1 Utopia Software | 1 Utopia News Pro | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter. | ||||
| CVE-2007-3136 | 1 Newssync | 1 Newssync | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter. | ||||
| CVE-2007-3142 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | ||||
| CVE-2007-3144 | 1 Mozilla | 1 Mozilla | 2025-04-09 | N/A |
| Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | ||||
| CVE-2007-3145 | 1 Galeon | 1 Galeon Browser | 2025-04-09 | N/A |
| Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | ||||
| CVE-2007-3146 | 1 Zen Help Desk Software | 1 Zen Help Desk | 2025-04-09 | N/A |
| Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb. | ||||
| CVE-2007-3151 | 1 Packeteer | 1 Packetshaper | 2025-04-09 | N/A |
| rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters. | ||||
| CVE-2007-3152 | 1 Daniel Stenberg | 1 C-ares | 2025-04-09 | N/A |
| c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. | ||||
| CVE-2007-3153 | 1 Daniel Stenberg | 1 C-ares | 2025-04-09 | N/A |
| The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. | ||||
| CVE-2007-3154 | 1 Egroupware | 1 Egroupware | 2025-04-09 | N/A |
| Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors. | ||||
| CVE-2007-3159 | 1 Miniweb Http Server | 1 Miniweb Http Server | 2025-04-09 | N/A |
| http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. | ||||
| CVE-2007-3161 | 1 Visicom Media | 1 Ace-ftp | 2025-04-09 | N/A |
| Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response. | ||||
| CVE-2007-3162 | 1 Westbyte | 1 Internet Download Accelerator | 2025-04-09 | N/A |
| Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument. | ||||
| CVE-2007-3449 | 1 Gorani Network | 1 6alblog | 2025-04-09 | N/A |
| SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | ||||