Export limit exceeded: 363819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363819 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3522 | 2 Jasper Project, Redhat | 3 Jasper, Enterprise Virtualization, Rhev Manager | 2026-04-23 | N/A |
| Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. | ||||
| CVE-2008-3536 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3537. | ||||
| CVE-2008-3538 | 2 Hp, Microsoft | 2 Enterprise Discovery, Windows | 2026-04-23 | N/A |
| Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery. | ||||
| CVE-2008-3565 | 1 Mrbs | 1 Mrbs | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4755 | 1 Pozscripts | 1 Classified Auctions Script | 2026-04-23 | N/A |
| SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-3574 | 1 Pluck | 1 Pluck | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php. | ||||
| CVE-2008-3583 | 1 Intellitamper | 1 Intellitamper | 2026-04-23 | N/A |
| Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected. | ||||
| CVE-2008-4764 | 2 Extplorer, Joomla | 2 Com Extplorer, Joomla\! | 2026-04-23 | N/A |
| Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. | ||||
| CVE-2008-3589 | 1 Mozilo | 1 Mozilocms | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter. | ||||
| CVE-2008-3592 | 1 21degrees | 1 Symphony | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/. | ||||
| CVE-2007-0020 | 1 Panic Transmit | 1 Panic Transmit | 2026-04-23 | N/A |
| Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL. | ||||
| CVE-2006-5828 | 1 Deltascripts | 1 Php Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | ||||
| CVE-2006-5853 | 1 Immediacy | 1 Immediacy .net Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie. | ||||
| CVE-2008-3596 | 1 Harmoni | 1 Harmoni | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator. | ||||
| CVE-2007-1112 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2026-04-23 | N/A |
| Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. | ||||
| CVE-2007-4808 | 1 Tlm Cms | 1 Tlm Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1. | ||||
| CVE-2007-4809 | 1 Online Fantasy Football League | 1 Offl | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php. | ||||
| CVE-2007-4812 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method. | ||||
| CVE-2007-4818 | 1 Txx Cms | 1 Txx Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4) mail/mailbox.php in modules/. | ||||
| CVE-2008-3600 | 1 Menalto | 1 Gallery | 2026-04-23 | N/A |
| Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action. | ||||