Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5670 | 1 Textpattern | 1 Textpattern | 2026-04-23 | N/A |
| Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | ||||
| CVE-2008-5671 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2008-5676 | 1 Breach | 1 Modsecurity | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching." | ||||
| CVE-2009-3822 | 2 Fijiwebdesign, Joomla | 2 Com Ajaxchat, Joomla\! | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. | ||||
| CVE-2009-1558 | 1 Cisco | 1 Wvc54gca | 2026-04-23 | N/A |
| Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. | ||||
| CVE-2009-3823 | 1 Ac4p | 1 Mobilelib Gold | 2026-04-23 | N/A |
| Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter. | ||||
| CVE-2009-3824 | 1 Michael J Greenwood | 1 Php Content Manager | 2026-04-23 | N/A |
| Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter. | ||||
| CVE-2006-3455 | 1 Symantec | 2 Client Security, Norton Antivirus | 2026-04-23 | N/A |
| The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. | ||||
| CVE-2009-3825 | 1 Thomas Graber | 1 Gencms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php. | ||||
| CVE-2009-3829 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability." | ||||
| CVE-2008-5700 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2026-04-23 | N/A |
| libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program. | ||||
| CVE-2009-3834 | 2 Joomla, Webguerilla | 2 Joomla, Com Photoblog | 2026-04-23 | N/A |
| SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php. | ||||
| CVE-2009-3909 | 2 Gimp, Redhat | 2 Gimp, Enterprise Linux | 2026-04-23 | N/A |
| Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. | ||||
| CVE-2008-5734 | 1 Icewarp | 1 Merak Mail Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message. | ||||
| CVE-2009-3852 | 1 Ibm | 1 Runtimes For Java Technology | 2026-04-23 | N/A |
| Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17." | ||||
| CVE-2009-3861 | 1 Safenet-inc | 1 Softremote | 2026-04-23 | N/A |
| Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd). | ||||
| CVE-2008-5797 | 1 Typo3 | 2 Advcalendar Extension, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-5801 | 1 Typo3 | 1 Dictionary Extension | 2026-04-23 | N/A |
| Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2009-3865 | 2 Redhat, Sun | 4 Network Satellite, Rhel Extras, Jdk and 1 more | 2026-04-23 | N/A |
| The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. | ||||
| CVE-2008-5808 | 2 Six Apart, Sixapart | 2 Movable Type, Movable Type | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management." | ||||