Export limit exceeded: 362349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362349 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0393 | 1 Motorola | 1 Cpei300 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2009-3522 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2026-04-23 | N/A |
| Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. | ||||
| CVE-2008-7118 | 1 Webidsupport | 1 Webid | 2026-04-23 | N/A |
| WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log. | ||||
| CVE-2009-0403 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||
| CVE-2007-3639 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php. | ||||
| CVE-2009-0409 | 1 Mzbservices | 1 Max.blog | 2026-04-23 | N/A |
| SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2008-4077 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2026-04-23 | N/A |
| The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length. | ||||
| CVE-2009-0410 | 1 Novell | 1 Groupwise | 2026-04-23 | N/A |
| Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow. | ||||
| CVE-2008-5306 | 1 Pilot Group | 1 Pg Real Estate Solution | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5307 | 1 Pilot Group | 1 Pg Real Roommate Finder Solution | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3641 | 1 Freebsd | 1 Libarchive | 2026-04-23 | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. | ||||
| CVE-2009-3463 | 1 Adobe | 1 Shockwave Player | 2026-04-23 | N/A |
| Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3642 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference. | ||||
| CVE-2007-3648 | 1 Valarsoft | 1 Webmatic | 2026-04-23 | N/A |
| SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3466 | 1 Adobe | 1 Shockwave Player | 2026-04-23 | N/A |
| Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3649 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method. | ||||
| CVE-2007-3671 | 1 Microsoft | 1 Windows Vista | 2026-04-23 | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. | ||||
| CVE-2007-5923 | 1 Broadcom | 1 Etrust Siteminder | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204. | ||||
| CVE-2007-3613 | 1 Sap | 1 Internet Graphics Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. | ||||
| CVE-2007-2429 | 1 Manageengine | 1 Passwordmanager Pro | 2026-04-23 | N/A |
| ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||