Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2349 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. | ||||
| CVE-2007-2350 | 1 Freepbx | 1 Freepbx | 2026-04-23 | N/A |
| admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. | ||||
| CVE-2007-2351 | 1 Hp | 2 Hp-ux, Power Manager Remote Agent | 2026-04-23 | N/A |
| Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-2369 | 2 Php, Webspell | 2 Php, Webspell | 2026-04-23 | N/A |
| Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | ||||
| CVE-2007-2370 | 1 Xoops | 1 John Mordo Jobs Module | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. | ||||
| CVE-2007-2372 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2026-04-23 | N/A |
| admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/. | ||||
| CVE-2007-2373 | 1 Wf-links | 1 Wf-links | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2007-2375 | 1 Symantec | 1 Enterprise Security Manager | 2026-04-23 | N/A |
| The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol. | ||||
| CVE-2007-2376 | 1 Dojo Toolkit | 1 Dojo Toolkit | 2026-04-23 | N/A |
| The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | ||||
| CVE-2007-2377 | 1 Getahead | 1 Direct Web Remoting | 2026-04-23 | N/A |
| The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | ||||
| CVE-2007-2393 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. | ||||
| CVE-2007-2380 | 1 Microsoft | 1 Atlas Framework | 2026-04-23 | N/A |
| The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | ||||
| CVE-2007-2381 | 1 Mochikit | 1 Mochikit Framework | 2026-04-23 | N/A |
| The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | ||||
| CVE-2007-2382 | 1 Mad4milk | 1 Moo.fx | 2026-04-23 | N/A |
| The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | ||||
| CVE-2007-2384 | 1 Script.aculo.us | 1 Script.aculo.us | 2026-04-23 | N/A |
| The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | ||||
| CVE-2007-2386 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | ||||
| CVE-2007-2387 | 1 Apple | 1 Xserve Lights-out Management | 2026-04-23 | N/A |
| Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool. | ||||
| CVE-2007-2389 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, All Windows | 2026-04-23 | N/A |
| Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. | ||||
| CVE-2007-2390 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | ||||
| CVE-2007-2392 | 1 Apple | 2 Mac Os X, Quicktime | 2026-04-23 | N/A |
| Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. | ||||