Export limit exceeded: 10190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346050 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5755 | 1 Intellitamper | 1 Intellitamper | 2026-04-23 | N/A |
| Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494. | ||||
| CVE-2007-3286 | 1 Avaya | 1 Ip Soft Phone | 2026-04-23 | N/A |
| Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2008-5756 | 1 Bpsoft | 1 Hex Workshop | 2026-04-23 | N/A |
| Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file. | ||||
| CVE-2008-5759 | 1 Flatnux | 1 Flatnux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0933 | 1 Dotclear | 1 Dotclear | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in Dotclear before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3294 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf. | ||||
| CVE-2008-5761 | 1 Flatnux | 1 Flatnux | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element. | ||||
| CVE-2009-0936 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes." | ||||
| CVE-2009-0937 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors. | ||||
| CVE-2009-0938 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." | ||||
| CVE-2008-5767 | 1 Gazatem | 1 Gnews Publisher | 2026-04-23 | N/A |
| SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter. | ||||
| CVE-2009-0939 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0. | ||||
| CVE-2008-5770 | 1 Phpweather | 1 Phpweather | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2008-5771 | 1 Phpweather | 1 Phpweather | 2026-04-23 | N/A |
| Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | ||||
| CVE-2008-5772 | 1 Aspsiteware | 1 Realtylistings | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp. | ||||
| CVE-2009-0942 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | ||||
| CVE-2008-5775 | 1 Apertoblog | 1 Apertoblog | 2026-04-23 | N/A |
| SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-0953 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | ||||
| CVE-2007-3320 | 1 Avaya | 1 4602sw Ip Phone | 2026-04-23 | N/A |
| The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact. | ||||
| CVE-2009-0954 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types. | ||||