Export limit exceeded: 360138 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360138 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3801 | 1 Opendocman | 1 Opendocman | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3802 | 1 Amirocms | 1 Amiro.cms | 2026-04-23 | N/A |
| Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message. | ||||
| CVE-2009-3547 | 8 Canonical, Fedoraproject, Linux and 5 more | 17 Ubuntu Linux, Fedora, Linux Kernel and 14 more | 2026-04-23 | 7.0 High |
| Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | ||||
| CVE-2009-3549 | 2 Sun, Wireshark | 2 Sparc, Wireshark | 2026-04-23 | N/A |
| packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. | ||||
| CVE-2009-3550 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3551 | 1 Wireshark | 1 Wireshark | 2026-04-23 | N/A |
| Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4620 | 2 Broadcom, Ca | 4 Anti-virus For The Enterprise, Brightstor Arcserve Backup, Brightstor Arcserve Backup and 1 more | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests. | ||||
| CVE-2007-4623 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command. | ||||
| CVE-2008-2962 | 1 Myblog | 1 Myblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php. | ||||
| CVE-2007-4624 | 1 Abledesign | 1 Dynamic Picture Frame | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4626 | 1 Polipo | 1 Polipo | 2026-04-23 | N/A |
| Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb. | ||||
| CVE-2007-4627 | 1 Algera | 1 Abc Estore | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2008-3727 | 1 Microworld Technologies | 1 Mailscan | 2026-04-23 | N/A |
| Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||||
| CVE-2007-4628 | 1 Phpns | 1 Phpns | 2026-04-23 | N/A |
| SQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-4629 | 1 University Of Minnesota | 1 Mapserver | 2026-04-23 | N/A |
| Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name. | ||||
| CVE-2007-4630 | 1 Xigla | 1 Absolute Poll Manager Xe | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2007-4631 | 1 Qgit | 1 Qgit | 2026-04-23 | N/A |
| The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames. | ||||
| CVE-2008-3729 | 1 Microworld Technologies | 1 Mailscan | 2026-04-23 | N/A |
| Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. | ||||
| CVE-2007-4632 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. | ||||
| CVE-2007-4633 | 1 Cisco | 2 Call Manager, Unified Communications Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. | ||||