Export limit exceeded: 346173 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346173 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6840 | 1 Christof Bruyland | 1 V-webmail | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php, (e) Mail/mimeDecode.php, (f) Console/Getopt.php, (g) System.php, (h) Log.php, and (i) File.php in includes/pear/; the CONFIG[pear_dir] parameter to (j) includes/prepend.php, and (k) includes/cachedConfig.php; and the (2) CONFIG[includes] parameter to (l) prepend.php and (m) email.list.search.php in includes/. NOTE: the CONFIG[pear_dir] parameter to includes/mailaccess/pop3.php is already covered by CVE-2006-2666. | ||||
| CVE-2008-6841 | 2 Gmitc, Joomla | 2 Com Dbquery, Joomla | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. | ||||
| CVE-2008-6842 | 1 Pluck-cms | 1 Pluck | 2026-04-23 | N/A |
| Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter. | ||||
| CVE-2008-6844 | 1 Ez | 1 Ez Publish | 2026-04-23 | N/A |
| The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters. | ||||
| CVE-2008-6845 | 1 Clamav | 1 Clamav | 2026-04-23 | N/A |
| The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file. | ||||
| CVE-2008-6846 | 1 Avast | 1 Avast Antivirus | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file. | ||||
| CVE-2009-0583 | 3 Argyllcms, Ghostscript, Redhat | 3 Argyllcms, Ghostscript, Enterprise Linux | 2026-04-23 | N/A |
| Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. | ||||
| CVE-2008-6847 | 1 Preproject | 1 Pre Asp Job Board | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2008-6850 | 1 Php-fusion | 1 Php-fusion | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-0584 | 3 Argyllcms, Ghostscript, Redhat | 3 Cms, Ghostscript, Enterprise Linux | 2026-04-23 | N/A |
| icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. | ||||
| CVE-2008-6857 | 1 Xigla | 1 Absolute Podcast.net | 2026-04-23 | N/A |
| Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-6859 | 1 Xigla | 1 Absolute Control Panel Xe | 2026-04-23 | N/A |
| Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2009-0585 | 2 Joe Shaw, Redhat | 2 Libsoup, Enterprise Linux | 2026-04-23 | N/A |
| Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. | ||||
| CVE-2008-6860 | 1 Xigla | 1 Absolute Poll Manager Xe | 2026-04-23 | N/A |
| Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2009-1043 | 1 Microsoft | 2 Internet Explorer, Windows 7 | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | ||||
| CVE-2008-6861 | 1 Xigla | 1 Absolute Newsletter | 2026-04-23 | N/A |
| Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-6862 | 1 Xigla | 1 Absolute Content Rotator | 2026-04-23 | N/A |
| Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2008-6863 | 1 Xigla | 1 Absolute Form Processor.net | 2026-04-23 | N/A |
| Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||
| CVE-2009-1047 | 1 Drupal | 2 Drupal, Print | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail. | ||||
| CVE-2008-6864 | 1 Xigla | 1 Absolute Live Support .net | 2026-04-23 | N/A |
| Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | ||||