Export limit exceeded: 25751 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25751 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4303 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information. | ||||
| CVE-2009-1491 | 2 Mcafee, Microsoft | 2 Groupshield, Exchange Server | 2026-04-23 | N/A |
| McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. | ||||
| CVE-2007-4664 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | N/A |
| Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405. | ||||
| CVE-2009-1446 | 1 Elkagroup | 1 Image Gallery | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0298 | 1 Apple | 2 Mac Os X, Safari | 2026-04-23 | N/A |
| KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | ||||
| CVE-2008-0331 | 1 Funkwerk | 2 System Software, X2300 | 2026-04-23 | N/A |
| Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests. | ||||
| CVE-2007-5283 | 1 Hitachi | 1 Tpbroker Object Transaction Monitor | 2026-04-23 | N/A |
| The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages. | ||||
| CVE-2009-3830 | 1 Microsoft | 1 Sharepoint Server | 2026-04-23 | N/A |
| The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx. | ||||
| CVE-2007-5448 | 1 Madwifi | 1 Madwifi | 2026-04-23 | N/A |
| Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c. | ||||
| CVE-2008-3578 | 1 Hydrairc | 1 Hydrairc | 2026-04-23 | N/A |
| HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI. | ||||
| CVE-2009-1369 | 1 Mozilo | 1 Mozilocms | 2026-04-23 | N/A |
| moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message. | ||||
| CVE-2007-0104 | 2 Kde, Xpdf | 2 Kde, Xpdf | 2026-04-23 | N/A |
| The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | ||||
| CVE-2008-0718 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors. | ||||
| CVE-2007-5444 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | N/A |
| CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files. | ||||
| CVE-2007-6036 | 1 Live555 | 1 Media Server | 2026-04-23 | N/A |
| The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. | ||||
| CVE-2009-3815 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a call to the preg_match function. | ||||
| CVE-2008-3208 | 1 Simpledns | 1 Simple Dns Plus | 2026-04-23 | N/A |
| Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 allows remote attackers to cause a denial of service via multiple DNS reply packets. | ||||
| CVE-2008-6962 | 1 Avira | 4 Antivir, Antivir Personal, Antivir Professional and 1 more | 2026-04-23 | N/A |
| Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer. | ||||
| CVE-2007-4655 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi. | ||||
| CVE-2008-6938 | 1 Holger Zimmermann | 1 Pi3web | 2026-04-23 | N/A |
| Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. | ||||