Export limit exceeded: 364861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364861 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1509 1 Myiosoft 1 Ajaxportal 2026-04-23 N/A
SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2009-1510 1 Koschtit 1 Koschtit Image Gallery 2026-04-23 N/A
Multiple directory traversal vulnerabilities in KoschtIT Image Gallery 1.82 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the file parameter to (1) ki_makepic.php and (2) ki_nojsdisplayimage.php in ki_base/.
CVE-2006-5473 1 Softerra 1 Php Developer Library 2026-04-23 N/A
PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: this issue is disputed by CVE as of 20061023, since there is no Description.php file included in the product, and the existing "Description" file contains documentation, not functioning code
CVE-2007-0864 1 Lushiwarplaner 1 Lushiwarplaner 2026-04-23 N/A
SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter.
CVE-2007-3752 1 Apple 1 Itunes 2026-04-23 N/A
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
CVE-2009-3592 1 Qtmsoft 1 X-cart 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823.
CVE-2009-3560 4 Apache, Libexpat Project, Redhat and 1 more 6 Http Server, Libexpat, Enterprise Linux and 3 more 2026-04-23 N/A
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
CVE-2008-4314 1 Samba 1 Samba 2026-04-23 N/A
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
CVE-2008-3896 1 Gnu 1 Grub Legacy 2026-04-23 N/A
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
CVE-2008-3789 1 Samba 1 Samba 2026-04-23 N/A
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
CVE-2009-2595 1 Censura 1 Censura 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action.
CVE-2009-1943 1 Safenet-inc 2 Softremote, Softremote1.4 2026-04-23 N/A
Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514.
CVE-2007-4842 1 Enriva Development 1 Magellan Explorer 2026-04-23 N/A
Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2009-0680 1 Netgear 1 Ssl312 2026-04-23 N/A
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
CVE-2008-2096 1 Backlinkspider 1 Backlink Spider 2026-04-23 N/A
SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php.
CVE-2008-0408 1 Hfs 1 Http File Server 2026-04-23 N/A
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
CVE-2007-1295 1 Aj Forum 1 Aj Forum 2026-04-23 N/A
SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
CVE-2007-1296 1 Aj Square 1 Aj Classifieds 2026-04-23 N/A
SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
CVE-2007-2328 1 Phpmytgp 1 Phpmytgp 2026-04-23 N/A
PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter.
CVE-2007-2332 1 Nortel 8 Vpn Router 1010, Vpn Router 1050, Vpn Router 1100 and 5 more 2026-04-23 N/A
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.