Export limit exceeded: 346175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346175 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4604 | 2 Fernando Soares, Joomla | 2 Com Mamboleto, Joomla | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2009-3316 | 2 Jforjoomla, Joomla | 2 Com Jreservation, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php. | ||||
| CVE-2007-4498 | 1 Grandstream | 1 Sip Phone | 2026-04-23 | N/A |
| The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message. | ||||
| CVE-2007-4499 | 1 American Financing | 1 Email Image Upload | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3317 | 1 Thecodeweasel | 1 Opensiteadmin | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648. | ||||
| CVE-2009-4605 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | ||||
| CVE-2007-4500 | 1 Sshkeychain | 1 Sshkeychain | 2026-04-23 | N/A |
| Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 beta, and possibly later versions, allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2007-4501 | 1 Sshkeychain | 1 Sshkeychain | 2026-04-23 | N/A |
| Unspecified vulnerability in PassphraseRequester in SSHKeychain before 0.8.2 beta allows attackers to obtain sensitive information (passwords) via unknown vectors, related to "poor protection." | ||||
| CVE-2009-3318 | 2 Breedveld, Joomla | 2 Com Album, Joomla | 2026-04-23 | N/A |
| Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. | ||||
| CVE-2007-4505 | 2 Mambo, Mamboserver | 2 Remository, Mambo | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | ||||
| CVE-2009-3319 | 1 Dimofinf | 1 Dawaween | 2026-04-23 | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018. | ||||
| CVE-2009-3320 | 1 Zenas | 1 Paolink | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2007-6224 | 2 Microsoft, Realnetworks | 3 Windows Vista, Windows Xp, Realplayer | 2026-04-23 | N/A |
| The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method. | ||||
| CVE-2009-3321 | 1 Saphplesson | 1 Saphplesson | 2026-04-23 | N/A |
| SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header. | ||||
| CVE-2009-4521 | 1 Eclipse | 1 Birt | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter. | ||||
| CVE-2009-3099 | 2 Hp, Microsoft | 2 Operations Manager, Windows Server 2003 | 2026-04-23 | N/A |
| Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-3100 | 2 Sun, X.org | 3 Opensolaris, Solaris, X11 | 2026-04-23 | N/A |
| xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. | ||||
| CVE-2009-4522 | 1 Bloofox | 1 Bloofoxcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3101 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches. | ||||
| CVE-2009-3103 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2026-04-23 | N/A |
| Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. | ||||