Export limit exceeded: 363053 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26229 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1626 1 Eggblog 1 Eggblog 2026-04-23 N/A
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
CVE-2009-1189 2 Freedesktop, Redhat 2 Dbus, Enterprise Linux 2026-04-23 N/A
The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
CVE-2009-1756 1 Simone Rota 1 Slim Simple Login Manager 2026-04-23 N/A
SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.
CVE-2008-4199 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
CVE-2008-3168 1 Empire Server 1 Empire Server 2026-04-23 N/A
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.
CVE-2008-5705 1 Verlihub-project 1 Verlihub 2026-04-23 N/A
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument.
CVE-2009-1234 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.
CVE-2008-3007 1 Microsoft 2 Office, Office Onenote 2026-04-23 N/A
Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
CVE-2009-1336 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2026-04-23 N/A
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.
CVE-2008-5715 2 Microsoft, Mozilla 2 Windows Vista, Firefox 2026-04-23 N/A
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms.
CVE-2009-1341 2 Debian, Redhat 2 Libdbd-pg-perl, Enterprise Linux 2026-04-23 N/A
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.
CVE-2008-1535 1 Matti Kiviharju 1 Rekry Component 2026-04-23 N/A
SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php.
CVE-2009-4610 1 Mortbay 1 Jetty 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.
CVE-2008-2157 1 Emc Corporation 1 Alphastor 2026-04-23 N/A
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
CVE-2008-2723 1 Menalto 1 Gallery 2026-04-23 N/A
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address."
CVE-2008-7135 1 Icq 1 Icq Toolbar 2026-04-23 N/A
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136.
CVE-2008-1924 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.
CVE-2008-4224 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file.
CVE-2006-6168 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
CVE-2007-5432 1 Scottmanktelow 1 Stride Cms 2026-04-23 N/A
Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php.