Export limit exceeded: 34884 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18772 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346069 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0459 | 1 Wholehogsoftware | 1 Password Protect | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0467 | 1 Armorlogic | 1 Profense Web Application Firewall | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action. | ||||
| CVE-2009-2631 | 4 Aladdin, Cisco, Sonicwall and 1 more | 5 Safenet Securewire Access Gateway, Adaptive Security Appliance, E-class Ssl Vpn and 2 more | 2026-04-23 | N/A |
| Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design | ||||
| CVE-2009-2504 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2026-04-23 | N/A |
| Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." | ||||
| CVE-2009-2528 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2026-04-23 | N/A |
| GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." | ||||
| CVE-2007-3847 | 4 Apache, Canonical, Fedoraproject and 1 more | 7 Http Server, Ubuntu Linux, Fedora and 4 more | 2026-04-23 | N/A |
| The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. | ||||
| CVE-2007-4491 | 1 Gurur Haber | 1 Gurur Haber | 2026-04-23 | N/A |
| SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-4494 | 1 Ez | 1 Ez Publish | 2026-04-23 | N/A |
| The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks. | ||||
| CVE-2007-4505 | 2 Mambo, Mamboserver | 2 Remository, Mambo | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | ||||
| CVE-2007-4508 | 2 Rebellion, Rival Interactive | 2 Rogue Trooper, Prism | 2026-04-23 | N/A |
| Stack-based buffer overflow in Rebellion Asura engine, as used for the server in Rogue Trooper 1.0 and earlier and Prism 1.1.1.0 and earlier, allows remote attackers to execute arbitrary code via a long string in a 0xf007 packet for the challenge B query. | ||||
| CVE-2007-4850 | 1 Php | 1 Php | 2026-04-23 | N/A |
| curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563. | ||||
| CVE-2007-6216 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs. | ||||
| CVE-2008-1615 | 2 Amd, Redhat | 4 Amd64, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2026-04-23 | N/A |
| Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. | ||||
| CVE-2008-1618 | 1 Watchguard | 1 Firebox Pptp Vpn | 2026-04-23 | N/A |
| The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2008-1635 | 1 Raven Php Scripts | 1 Keep It Simple Guest Book | 2026-04-23 | N/A |
| Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected. | ||||
| CVE-2008-6166 | 2 Jmds, Joomla | 2 Com Kbase, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php. | ||||
| CVE-2008-6167 | 1 Miniportail | 1 Miniportail | 2026-04-23 | N/A |
| Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lng parameter. | ||||
| CVE-2008-6168 | 1 Miniportail | 1 Miniportail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string. | ||||
| CVE-2008-6183 | 1 Myphpindexer | 1 My Php Indexer | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters. | ||||
| CVE-2007-6206 | 6 Canonical, Debian, Linux and 3 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2026-04-23 | N/A |
| The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. | ||||