Export limit exceeded: 346170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0222 | 1 Wordpress | 1 Filemanager | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2008-0223 | 1 Justsystem | 3 Ichitaro, Ichitaro Lite2, Ichitaro Viewer | 2026-04-23 | N/A |
| Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file. | ||||
| CVE-2008-0224 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. | ||||
| CVE-2008-0225 | 1 Xine | 1 Xine-lib | 2026-04-23 | N/A |
| Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0226 | 6 Apple, Canonical, Debian and 3 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2026-04-23 | N/A |
| Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. | ||||
| CVE-2008-0230 | 1 Osdate | 1 Osdate | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter. | ||||
| CVE-2009-3780 | 2 Ashok Modi, Drupal | 2 Abuse, Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-6690 | 1 Menalto | 1 Gallery | 2026-04-23 | N/A |
| The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. | ||||
| CVE-2007-6689 | 1 Menalto | 1 Gallery | 2026-04-23 | N/A |
| Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module. | ||||
| CVE-2007-6688 | 1 Menalto | 1 Gallery | 2026-04-23 | N/A |
| Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." | ||||
| CVE-2007-6687 | 1 Menalto | 1 Gallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module. | ||||
| CVE-2009-3718 | 1 Davethewebguy | 1 Battle Blog | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter. | ||||
| CVE-2008-2859 | 1 Netwin | 1 Surgemail | 2026-04-23 | N/A |
| Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command." | ||||
| CVE-2007-6681 | 1 Videolan | 1 Vlc | 2026-04-23 | N/A |
| Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. | ||||
| CVE-2007-6680 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy. | ||||
| CVE-2007-6679 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected. | ||||
| CVE-2007-6677 | 1 Peters Software | 1 Random Anti-spam Image | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form. | ||||
| CVE-2009-3717 | 1 Lucvil | 1 Patplayer | 2026-04-23 | N/A |
| Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file. | ||||
| CVE-2007-6684 | 1 Videolan | 1 Vlc | 2026-04-23 | N/A |
| The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | ||||
| CVE-2009-3636 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||