Export limit exceeded: 29917 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350272 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0538 | 1 Symantec | 1 Pcanywhere | 2026-04-23 | N/A |
| Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file). | ||||
| CVE-2007-2603 | 1 Audio Cd Tools | 1 Audio Cd Ripper Ocx | 2026-04-23 | N/A |
| Unspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors. | ||||
| CVE-2009-4554 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag. | ||||
| CVE-2009-0542 | 1 Proftpd Project | 1 Proftpd | 2026-04-23 | N/A |
| SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql. | ||||
| CVE-2009-4562 | 1 Zenphoto | 1 Zenphoto | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter. | ||||
| CVE-2007-2606 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | N/A |
| Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE. | ||||
| CVE-2009-0546 | 1 Newsgator | 1 Feeddemon | 2026-04-23 | N/A |
| Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file. | ||||
| CVE-2009-0547 | 2 Evolution, Redhat | 2 Evolution, Enterprise Linux | 2026-04-23 | N/A |
| Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. | ||||
| CVE-2009-0548 | 1 Eset | 1 Remote Administrator | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0549 | 1 Microsoft | 6 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Excel and 3 more | 2026-04-23 | N/A |
| Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability." | ||||
| CVE-2007-2612 | 1 Wikkawiki | 1 Wikkawiki | 2026-04-23 | N/A |
| SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation." | ||||
| CVE-2007-2613 | 1 Wikkawiki | 1 Wikkawiki | 2026-04-23 | N/A |
| WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable. | ||||
| CVE-2009-4563 | 1 Zenphoto | 1 Zenphoto | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action. | ||||
| CVE-2007-2614 | 1 Phphtmllib | 1 Phphtmllib | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. | ||||
| CVE-2007-2615 | 1 Crie Sue | 1 Phplojafacil | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php. | ||||
| CVE-2009-4566 | 1 Zenphoto | 1 Zenphoto | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2623 | 1 Fruit2004 | 1 Remote Display Development Kit | 2026-04-23 | N/A |
| Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll. | ||||
| CVE-2007-2630 | 1 Activecampaign | 1 1-2-all Broadcast Email | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html. | ||||
| CVE-2009-4572 | 1 Phpshop | 1 Phpshop | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI. | ||||
| CVE-2007-2636 | 1 Jason Frisvold | 1 Phptodo | 2026-04-23 | N/A |
| Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/. NOTE: some of these details are obtained from third party information. | ||||