Export limit exceeded: 363575 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363575 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2882 1 Datingpro 1 Matchmaking 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
CVE-2009-4408 1 Pyforum 1 Pyforum 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode (1) img or (2) url tags, which are not properly handled when a post is viewed.
CVE-2009-2887 1 Phpscriptsnow 1 President Bios 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.
CVE-2009-2888 1 Phpscriptsnow 1 Hangman 2026-04-23 N/A
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
CVE-2009-4409 1 Iij 1 Seil\/b1 2026-04-23 N/A
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.
CVE-2009-2889 1 Phpscriptsnow 1 Hangman 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.
CVE-2009-4410 1 Linux 1 Linux Kernel 2026-04-23 N/A
The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2009-2895 1 Phpsugar 1 Ultimate Regnow Affiliate 2026-04-23 N/A
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2009-4411 1 Xfs 1 Acl 2026-04-23 N/A
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.
CVE-2006-5057 1 Ktools.net 1 Photostore 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php.
CVE-2007-5263 1 Battlefront 1 Dropteam 2026-04-23 N/A
Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via (1) a crafted "0x5c" packet or (2) many 32-bit numbers in a "0x18" packet, or cause a denial of service (crash) via (3) a large "0x4b" packet.
CVE-2009-4412 1 S9y 1 Serendipity 2026-04-23 N/A
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.
CVE-2009-2898 1 Springsource 3 Application Management Suite, Hyperic Hq, Tc Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.
CVE-2009-4413 1 Pps.jussieu 1 Polipo 2026-04-23 N/A
The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.
CVE-2007-5269 2 Libpng, Redhat 2 Libpng, Enterprise Linux 2026-04-23 N/A
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
CVE-2009-4414 1 Phpgroupware 1 Phpgroupware 2026-04-23 N/A
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
CVE-2009-4415 1 Phpgroupware 1 Phpgroupware 2026-04-23 N/A
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
CVE-2006-5087 1 Evobb 1 Evobb 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) track.php or (2) connect.php.
CVE-2008-0504 1 Coppermine-gallery 1 Coppermine Photo Gallery 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
CVE-2009-4416 1 Phpgroupware 1 Phpgroupware 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.