Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0186 | 1 F5 | 1 Firepass 4100 | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550. | ||||
| CVE-2007-0187 | 1 F5 | 1 Firepass | 2025-04-09 | N/A |
| F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. | ||||
| CVE-2007-0188 | 1 F5 | 1 Firepass | 2025-04-09 | N/A |
| F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. | ||||
| CVE-2007-0193 | 1 Fon | 1 La Fonera | 2025-04-09 | N/A |
| FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication. | ||||
| CVE-2007-4381 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | ||||
| CVE-2007-0195 | 1 F5 | 1 Firepass | 2025-04-09 | N/A |
| my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. | ||||
| CVE-2007-4386 | 1 Getmyownarcade | 1 Getmyownarcade | 2025-04-09 | N/A |
| SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter. | ||||
| CVE-2007-0201 | 1 Tis | 1 Internet Firewall Toolkit | 2025-04-09 | N/A |
| Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest). | ||||
| CVE-2007-4387 | 1 2wire | 2 1701hg Router, 2071 Router | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. | ||||
| CVE-2007-0204 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4389 | 1 2wire | 3 1701hg Router, 1800hw Router, 2071 Router | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters. | ||||
| CVE-2007-0211 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." | ||||
| CVE-2007-0395 | 1 Comvironment | 1 Comvironment | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | ||||
| CVE-2007-0397 | 1 Cisco | 2 Adaptive Security Appliance Device Manager, Security Monitoring Analysis And Response System | 2025-04-09 | N/A |
| The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. | ||||
| CVE-2007-0398 | 1 Arnotic | 1 A-forum | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field. | ||||
| CVE-2007-0400 | 1 Easebay Resources | 1 Login Manager | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2007-0401 | 1 Easebay Resources | 1 Login Manager | 2025-04-09 | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter. | ||||
| CVE-2006-6490 | 2 Supportsoft, Symantec | 6 Scriptrunner, Smartissue, Automated Support Assistant and 3 more | 2025-04-09 | N/A |
| Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message. | ||||
| CVE-2006-6485 | 1 Shopsite | 1 Shopsite | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the prevlocation parameter in shopper/sc/registration.cgi and other unspecified vectors. | ||||
| CVE-2007-0404 | 1 Django Project | 1 Django | 2025-04-09 | N/A |
| bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file. | ||||