Search Results (366310 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3289 1 Storcentric 1 Retrospect Backup Client 2026-04-23 7.5 High
EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.
CVE-2008-2244 1 Microsoft 1 Office Word 2026-04-23 N/A
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
CVE-2007-1750 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more 2026-04-23 N/A
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
CVE-2008-3328 1 Edgewall Software 1 Trac 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2007-1824 1 Php 1 Php 2026-04-23 N/A
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
CVE-2008-4955 1 Duncan Webb 1 Freevo 2026-04-23 N/A
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code.
CVE-2008-3919 1 Justsystems 1 Ichitaro 2026-04-23 N/A
Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.
CVE-2008-5227 1 Phpcow 1 Phpcow 2026-04-23 N/A
Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008.
CVE-2008-3357 3 Actian, Hp, Linux 3 Ingres, Hp-ux, Linux Kernel 2026-04-23 N/A
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."
CVE-2008-3392 1 Webwizguide 1 Web Wiz Forum 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.
CVE-2007-4759 1 Hitachi 3 Ucosminexus Application Server Enterprise, Ucosminexus Application Server Standard, Ucosminexus Service Platform 2026-04-23 N/A
Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors.
CVE-2007-3833 1 Cerulean Studios 1 Trillian 2026-04-23 N/A
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2007-4255 1 Php 1 Php 2026-04-23 N/A
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
CVE-2007-4658 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
CVE-2007-4676 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2026-04-23 N/A
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
CVE-2007-4741 1 Claroline 1 Claroline 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0359 1 Uberghey 1 Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
CVE-2007-0369 1 Phpbp 1 Phpbp 2026-04-23 N/A
SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.
CVE-2007-0767 1 Phorum 1 Phorum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0370 1 Phpbp 1 Phpbp 2026-04-23 N/A
Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers.