Export limit exceeded: 346173 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346173 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6431 | 1 Adobe | 2 Connect Enterprise Server, Flash Media Server 2 | 2026-04-23 | N/A |
| Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to "take control of the affected system" via unspecified vectors, a different issue than CVE-2007-6148 and CVE-2007-6149. | ||||
| CVE-2009-3984 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||||
| CVE-2009-3633 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. | ||||
| CVE-2009-3985 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||||
| CVE-2009-3634 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2009-3994 | 1 Denton Woods | 1 Devil | 2026-04-23 | N/A |
| Stack-based buffer overflow in the GetUID function in src-IL/src/il_dicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted DICOM file. | ||||
| CVE-2007-6452 | 1 Google | 1 Web Toolkit | 2026-04-23 | N/A |
| Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | ||||
| CVE-2007-6458 | 1 My123tkshop | 1 E-commerce-suite | 2026-04-23 | N/A |
| SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | ||||
| CVE-2008-2845 | 1 Mybizz-classifieds | 1 Mybizz-classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2009-3635 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential. | ||||
| CVE-2009-3996 | 3 Nullsoft, Raphael Assenat, Redhat | 3 Winamp, Libmikmod, Enterprise Linux | 2026-04-23 | N/A |
| Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file. | ||||
| CVE-2007-6460 | 1 Anon Proxy Server | 1 Anon Proxy Server | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459. | ||||
| CVE-2007-6469 | 1 Phprpg | 1 Phprpg | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3875 | 4 Linux, Microsoft, Redhat and 1 more | 10 Linux Kernel, Windows, Enterprise Linux and 7 more | 2026-04-23 | N/A |
| The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. | ||||
| CVE-2009-3531 | 1 Universe | 1 Universe Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-3877 | 4 Linux, Microsoft, Redhat and 1 more | 10 Linux Kernel, Windows, Enterprise Linux and 7 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||||
| CVE-2007-5806 | 1 Ilias | 1 Ilias | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes. | ||||
| CVE-2007-5807 | 1 Ssreader | 1 Ultra Star Reader | 2026-04-23 | N/A |
| Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5856 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | ||||
| CVE-2009-3532 | 2 Logrover, Microsoft | 2 Logrover, Windows | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information. | ||||