Export limit exceeded: 16407 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6722 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1698 | 2 Apple, Redhat | 4 Iphone Os, Ipod Touch, Safari and 1 more | 2026-04-23 | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | ||||
| CVE-2007-4342 | 1 Phpcentral | 1 Login | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: a third party disputes this vulnerability because of the special nature of the SERVER superglobal array. | ||||
| CVE-2008-6474 | 1 F5 | 1 Tmos | 2026-04-23 | N/A |
| The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection. | ||||
| CVE-2008-0213 | 1 Hp | 1 Virtual Rooms | 2026-04-23 | N/A |
| Unspecified vulnerability in a certain ActiveX control for HP Virtual Rooms (HPVR) 6 and earlier allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2008-6482 | 2 Joomla, Justjoomla | 2 Joomla, Com Treeg | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter. | ||||
| CVE-2008-6446 | 1 Geniuscyber | 1 Maxsite | 2026-04-23 | N/A |
| Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. | ||||
| CVE-2007-5666 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2026-04-23 | N/A |
| Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. | ||||
| CVE-2008-1862 | 1 Exbb | 1 Exbb Italia | 2026-04-23 | N/A |
| ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php. | ||||
| CVE-2008-0433 | 1 Agares Media | 1 Phpautovideo | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. | ||||
| CVE-2008-1773 | 1 Dragoon | 1 Dragoon | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | ||||
| CVE-2008-5577 | 1 Scssboard | 1 Scssboard | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to execute arbitrary PHP code via a URL in the inc_function parameter. | ||||
| CVE-2009-0145 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. | ||||
| CVE-2007-5741 | 1 Plone | 1 Plone | 2026-04-23 | N/A |
| Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | ||||
| CVE-2007-5124 | 1 Aol | 1 Instant Messenger | 2026-04-23 | N/A |
| The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901. | ||||
| CVE-2008-0283 | 1 Domphp | 1 Domphp | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2007-2609 | 1 Gnuedu | 1 Gnu Edu | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php. | ||||
| CVE-2007-5615 | 1 Mortbay Jetty | 1 Jetty | 2026-04-23 | N/A |
| CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2007-5733 | 1 Japanese Php Gallery Hosting | 1 Japanese Php Gallery Hosting | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0289 | 1 Mansion Productions | 1 Member Area System | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year." | ||||
| CVE-2007-5173 | 2 Openid, Phpbb | 2 Openid, Phpbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter. | ||||