Export limit exceeded: 364258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364258 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5685 1 Sun 3 Netra, Scapp, Sun Fire 2026-04-23 N/A
Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets.
CVE-2008-5686 1 Ibm 1 Tivoli Provisioning Manager 2026-04-23 N/A
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.
CVE-2007-6730 1 Zyxel 1 P-330w Router 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup.
CVE-2008-5696 1 Novell 1 Netware 2026-04-23 N/A
Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
CVE-2008-6103 1 A4desk 1 A4desk Flash Event Calendar 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter.
CVE-2008-5703 1 Gpsdrive 1 Gpsdrive 2026-04-23 N/A
gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380.
CVE-2008-5704 1 Gpsdrive 1 Gpsdrive 2026-04-23 N/A
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380.
CVE-2008-6104 1 A4desk 1 A4desk Flash Event Calendar 2026-04-23 N/A
SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php.
CVE-2008-6439 1 Abledating 1 Abledating 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2008-5718 1 Netatalk 1 Netatalk 2026-04-23 N/A
The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.
CVE-2008-5720 1 Seasar 1 Mayaa 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions.
CVE-2009-0726 3 Gigcalendar, Joomla, Mambo 3 Com Gigcalendar, Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
CVE-2008-5739 1 Pligg 1 Pligg Cms 2026-04-23 N/A
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
CVE-2008-5743 1 Pdfjam 1 Pdfjam 2026-04-23 N/A
pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2009-0728 2 Maxdev, Postnuke 3 Md-pro, My Egallery, Postnuke 2026-04-23 N/A
SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.
CVE-2007-3512 1 Wakwak 1 Lhaca File Archiver 2026-04-23 N/A
Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375.
CVE-2009-1293 1 Novell 1 Teaming 2026-04-23 N/A
The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
CVE-2007-3514 1 Apple 1 Safari 2026-04-23 N/A
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482.
CVE-2008-5758 1 Phparanoid 1 Phparanoid 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages.
CVE-2008-5760 1 Kerio 1 Kerio Mailserver 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information.