Export limit exceeded: 364860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364860 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2867 1 E-topbiz 1 Viral Dx 1 2026-04-23 N/A
SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
CVE-2008-2869 1 E-topbiz 1 Link Ads 1 2026-04-23 N/A
SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
CVE-2008-2872 1 Aspindir 1 Shibby Shop 2026-04-23 N/A
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
CVE-2008-2874 1 Softbizscripts 1 Softbiz Jokes And Funny Pics Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.
CVE-2008-2875 1 Webdevindo-cms 1 Webdevindo-cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter.
CVE-2008-2883 1 Jamroom 1 Jamroom 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-3443 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
CVE-2008-3680 1 Flagship Industries 1 Ventrilo 2026-04-23 N/A
The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784.
CVE-2008-6718 1 Uochm 1 Justbookit 2026-04-23 N/A
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.
CVE-2008-6719 1 Uochm 1 Justlistit 2026-04-23 N/A
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.
CVE-2009-1244 1 Vmware 7 Ace, Esx, Esxi and 4 more 2026-04-23 N/A
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.
CVE-2009-1287 1 Cisco 1 Subscriber Edge Services Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information.
CVE-2009-3264 1 Google 1 Chrome 2026-04-23 N/A
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document.
CVE-2006-6397 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-23 N/A
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability
CVE-2006-7176 2 Redhat, Sendmail 2 Enterprise Linux, Sendmail 2026-04-23 N/A
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
CVE-2007-0704 1 Somery 1 Somery 2026-04-23 N/A
PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation.
CVE-2007-1695 1 Phpbb Group 1 Phpbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly
CVE-2007-1696 1 Active Web Softwares 1 Active Newsletter 2026-04-23 N/A
SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter.
CVE-2007-1703 1 Joomla 1 Rwcards Component 2026-04-23 N/A
SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2007-1704 1 Joomla 1 Car Manager 2026-04-23 N/A
SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.