Export limit exceeded: 359778 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359778 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0885 | 1 Mediacommands | 1 Media Commands | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file. | ||||
| CVE-2008-6093 | 1 Noname-cms | 1 Noname Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Noname CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) file_id parameter in a detailansicht action and the (2) kategorie parameter in a kategorien action. | ||||
| CVE-2008-6092 | 1 Phpscripts | 1 Ranking-script | 2026-04-23 | N/A |
| phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie. | ||||
| CVE-2008-5867 | 1 Yerba | 1 Yerba | 2026-04-23 | N/A |
| Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in the base64-encoded SID parameter to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5869 | 1 Proxim | 1 Tsunami Mp.11 2411 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID. | ||||
| CVE-2008-5870 | 1 Faststone | 1 Image Viewer | 2026-04-23 | N/A |
| FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942. | ||||
| CVE-2008-5874 | 2 Joomla, Joomlahbs | 4 Joomla, Com 5starhotels, Com Allhotels and 1 more | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5876 | 1 Irrlicht | 1 Irrlicht | 2026-04-23 | N/A |
| Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors in the B3D loader. | ||||
| CVE-2008-5880 | 1 Gobbl | 1 Gobbl Cms | 2026-04-23 | N/A |
| admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok". | ||||
| CVE-2008-5881 | 1 Playsms | 1 Playsms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to plugin/themes/default/init.php. | ||||
| CVE-2008-5882 | 2 Avaya, Citrix | 4 Ag250, Broadcast Server, Application Gateway For Avaya and 1 more | 2026-04-23 | N/A |
| SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. | ||||
| CVE-2008-5883 | 1 Mini-pub | 1 Mini-pub | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter. | ||||
| CVE-2008-5889 | 1 Icash | 1 Click\&rank | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2008-0680 | 1 Microtik | 1 Routeros | 2026-04-23 | N/A |
| SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request. | ||||
| CVE-2009-0148 | 2 Cscope, Redhat | 2 Cscope, Enterprise Linux | 2026-04-23 | N/A |
| Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541. | ||||
| CVE-2008-5397 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. | ||||
| CVE-2009-0166 | 5 Apple, Foolabs, Glyphandcog and 2 more | 5 Cups, Xpdf, Xpdfreader and 2 more | 2026-04-23 | N/A |
| The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. | ||||
| CVE-2006-6283 | 1 Vikingboard | 1 Vikingboard | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bulletin board post. | ||||
| CVE-2008-5892 | 1 Icash | 1 Click\&email | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5895 | 1 Mediatheka | 1 Mediatheka | 2026-04-23 | N/A |
| SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | ||||