Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5194 | 1 Rpath | 1 Rmake | 2026-04-23 | N/A |
| The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges. | ||||
| CVE-2007-5207 | 1 Debian | 1 Guilt | 2026-04-23 | N/A |
| guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file. | ||||
| CVE-2009-2319 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2007-5977 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. | ||||
| CVE-2007-5985 | 1 Bti-tracker | 1 Bti-tracker | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php. | ||||
| CVE-2007-6003 | 1 Thomson | 1 Speedtouch | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3751 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2026-04-23 | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-5211 | 1 Arbor Networks | 1 Peakflow Sp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving GET or POST requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3761 | 1 Vmware | 1 Vmware Workstation | 2026-04-23 | N/A |
| hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request. | ||||
| CVE-2007-5213 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. | ||||
| CVE-2008-3762 | 1 Turnkeywebtools | 1 Php Live Helper | 2026-04-23 | N/A |
| SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php. | ||||
| CVE-2008-3766 | 1 Realtime Internet Band Rehearsal | 1 Low Latency Internet Connection Tool | 2026-04-23 | N/A |
| Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages. | ||||
| CVE-2008-1294 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. | ||||
| CVE-2009-2345 | 1 Clansphere | 1 Clansphere | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components. | ||||
| CVE-2008-3786 | 1 Picturespro | 1 Picturespro Photo Cart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action. | ||||
| CVE-2008-6580 | 1 Funscripts | 1 Red Reservations | 2026-04-23 | N/A |
| The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. | ||||
| CVE-2008-6582 | 1 Miniweb2 | 1 Miniweb | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | ||||
| CVE-2008-3241 | 1 Ultrastats | 1 Ultrastats | 2026-04-23 | N/A |
| SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-4298 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers. | ||||
| CVE-2009-4448 | 1 Mybb | 1 Mybb | 2026-04-23 | N/A |
| inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors. | ||||