Search Results (360766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0916 1 Highwood Design 1 Hwdvideoshare 2026-04-23 N/A
SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php.
CVE-2008-0921 1 Becontent 1 Becontent 2026-04-23 N/A
SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0329 1 Joomla 2 Com Pccookbook, Joomla 2026-04-23 N/A
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
CVE-2009-0330 1 Wss-pro 1 Scms 2026-04-23 N/A
Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
CVE-2007-4446 1 Toribash 1 Toribash 2026-04-23 N/A
Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.
CVE-2007-6681 1 Videolan 1 Vlc 2026-04-23 N/A
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
CVE-2007-6683 1 Videolan 1 Vlc 2026-04-23 N/A
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
CVE-2009-0095 1 Microsoft 1 Visio 2026-04-23 N/A
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
CVE-2009-2629 3 Debian, F5, Fedoraproject 3 Debian Linux, Nginx, Fedora 2026-04-23 N/A
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
CVE-2010-0359 1 Zeus 1 Zeus Web Server 2026-04-23 N/A
Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.
CVE-2007-6300 1 Fusion News 1 Fusion News 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors.
CVE-2008-2292 2 Net-snmp, Redhat 3 Net-snmp, Enterprise Linux, Rhel Eus 2026-04-23 N/A
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
CVE-2008-0231 1 Tuned Studios 7 Classic Theme, Endless, Freeze Theme and 4 more 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.
CVE-2006-6031 1 Gcis 1 Aspcart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp.
CVE-2006-6029 1 Property Pro 1 Property Pro 2026-04-23 N/A
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
CVE-2006-6025 1 Qualcomm 1 Eudora Worldmail 2026-04-23 7.5 High
QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2006-6024 1 Qualcomm 1 Eudora Worldmail 2026-04-23 9.8 Critical
Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. NOTE: Some of these details are obtained from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2006-6019 1 Bloo 1 Bloo 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2006-6016 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
CVE-2006-6014 1 Netbsd 1 Netbsd 2026-04-23 N/A
The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact.