Export limit exceeded: 347145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7136 | 1 Icq | 1 Icq Toolbar | 2026-04-23 | N/A |
| toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135. | ||||
| CVE-2008-7137 | 1 Eye.fi | 1 Eye-fi Manager | 2026-04-23 | N/A |
| WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors. | ||||
| CVE-2008-7138 | 1 Eye.fi | 1 Eye-fi Manager | 2026-04-23 | N/A |
| The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce. | ||||
| CVE-2008-7154 | 1 Docebo | 1 Docebo | 2026-04-23 | N/A |
| Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message. | ||||
| CVE-2008-7155 | 1 Phprisk | 1 Netrisk | 2026-04-23 | N/A |
| NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. | ||||
| CVE-2008-7170 | 1 Gameservers | 1 Gsc | 2026-04-23 | N/A |
| GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet. | ||||
| CVE-2008-7171 | 1 Yanick Bourbeau | 1 Lightweight News Portal | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php. | ||||
| CVE-2008-7189 | 1 Bastian Blumentritt | 1 Local Media Browser | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attack vectors related to "Security holes." | ||||
| CVE-2008-7190 | 1 Adium | 1 Adium | 2026-04-23 | N/A |
| Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS). | ||||
| CVE-2008-7238 | 1 Oracle | 1 E-business Suite | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07). | ||||
| CVE-2007-4178 | 1 Amg Soft | 1 Webdirector | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter. | ||||
| CVE-2007-4179 | 1 Hp | 2 Address And Routing Parameter Area\(arpa\) Transport, Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from CVE-2007-0916, but this is not certain due to lack of vendor details. | ||||
| CVE-2009-0034 | 3 Gratisoft, Redhat, Vmware | 3 Sudo, Enterprise Linux, Esx | 2026-04-23 | 7.8 High |
| parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | ||||
| CVE-2009-0096 | 1 Microsoft | 1 Visio | 2026-04-23 | N/A |
| Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." | ||||
| CVE-2007-4180 | 1 Pluck | 1 Pluck | 2026-04-23 | N/A |
| Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files | ||||
| CVE-2009-0130 | 1 Erlang | 1 Erlang | 2026-04-23 | 7.5 High |
| lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid. | ||||
| CVE-2009-0136 | 1 Amarok | 1 Amarok | 2026-04-23 | N/A |
| Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure. | ||||
| CVE-2009-0178 | 1 Ibm | 1 Hardware Management Console | 2026-04-23 | N/A |
| Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors. | ||||
| CVE-2007-4181 | 1 Pluck | 1 Pluck | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request | ||||
| CVE-2009-0245 | 1 Usagi | 1 Mynets | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629. | ||||