Export limit exceeded: 363617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26277 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4747 | 1 Sun | 2 Java Access Manager, Java System Ldap Jdk | 2026-04-23 | N/A |
| Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. | ||||
| CVE-2008-4549 | 1 Imageshack | 1 Imageshack Toolbar | 2026-04-23 | N/A |
| The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method. | ||||
| CVE-2008-3493 | 1 Realvnc | 1 Realvnc Windows Client | 2026-04-23 | N/A |
| vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet. | ||||
| CVE-2008-3138 | 3 Redhat, Rpath, Wireshark | 3 Enterprise Linux, Rpath Linux, Wireshark | 2026-04-23 | N/A |
| The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. | ||||
| CVE-2009-0358 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | ||||
| CVE-2007-4450 | 1 Toribash | 1 Toribash | 2026-04-23 | N/A |
| The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-4449 easier. | ||||
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2026-04-23 | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | ||||
| CVE-2008-3127 | 1 Hiox India | 1 Banner Rotator | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | ||||
| CVE-2007-6606 | 1 Openbiblio | 1 Openbiblio | 2026-04-23 | N/A |
| OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2008-6962 | 1 Avira | 4 Antivir, Antivir Personal, Antivir Professional and 1 more | 2026-04-23 | N/A |
| Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer. | ||||
| CVE-2008-0209 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-23 | N/A |
| Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter. | ||||
| CVE-2008-6961 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2026-04-23 | N/A |
| mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties. | ||||
| CVE-2008-4616 | 2 The Spanner, Wordpress | 2 Spambam Plugin, Spambam Plugin | 2026-04-23 | N/A |
| The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key. | ||||
| CVE-2008-4618 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2026-04-23 | N/A |
| The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. | ||||
| CVE-2008-6938 | 1 Holger Zimmermann | 1 Pi3web | 2026-04-23 | N/A |
| Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. | ||||
| CVE-2008-6942 | 1 Scriptsfeed | 1 Realtor Classifieds System | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/. | ||||
| CVE-2008-1062 | 1 Intervideo | 1 Windvd Media Center | 2026-04-23 | N/A |
| InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1280 | 1 Acronis | 2 True Image, True Image Windows Agent | 2026-04-23 | N/A |
| Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. | ||||
| CVE-2008-6943 | 1 Scriptsfeed | 1 Recipes Listing Portal | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/. | ||||
| CVE-2008-1278 | 1 Remotelyanywhere | 1 Remotelyanywhere | 2026-04-23 | N/A |
| The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, which triggers a NULL pointer dereference. NOTE: the service is automatically restarted. | ||||