Export limit exceeded: 363317 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363317 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363317 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0467 1 Armorlogic 1 Profense Web Application Firewall 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.
CVE-2009-0805 2 Mihai Bazon, Xoops 2 Pical, Xoops 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php.
CVE-2008-5853 1 Chicomas 1 Chicomas 2026-04-23 N/A
Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI.
CVE-2008-6731 1 China-on-site 1 Flexphplink 2026-04-23 N/A
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
CVE-2009-1684 1 Apple 1 Safari 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
CVE-2008-5855 1 Myphpscripts 1 Login Session 2026-04-23 N/A
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.
CVE-2008-5856 1 Class 1 Class 2026-04-23 N/A
Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter.
CVE-2008-5857 1 Knowledgetree Document Management 1 Knowledgetree Document Management 2026-04-23 N/A
The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of "browse documents" and dashboard requests.
CVE-2008-5858 1 Knowledgetree Document Management 1 Knowledgetree Document Management 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-4281.
CVE-2008-5859 1 Constructr 1 Constructr-cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the show_page parameter.
CVE-2009-0468 1 Armorlogic 1 Profense Web Application Firewall 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.
CVE-2009-0806 1 Opengoo 1 Opengoo 2026-04-23 N/A
Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors.
CVE-2008-5860 1 Constructr 1 Constructr-cms 2026-04-23 N/A
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter.
CVE-2009-0469 1 Futomis Cgi Cafe 1 Fulltext Search Cgi 2026-04-23 N/A
Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors.
CVE-2008-5861 1 Freelyrics 1 Freelyrics 2026-04-23 N/A
Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read arbitrary files via directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5862 1 Webcamxp 1 Webcamxp 2026-04-23 N/A
Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI.
CVE-2009-0470 1 Cisco 1 Ios 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821.
CVE-2008-5863 2 V-gn, Woltlab 2 Userlocator, Burning Board 2026-04-23 N/A
SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action.
CVE-2009-0471 1 Cisco 1 Ios 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.
CVE-2008-5866 1 Proxim 1 Tsunami Mp.11 2411 2026-04-23 N/A
The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables.