Export limit exceeded: 363086 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363086 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0198 1 Wp-contactform Project 1 Wp-contactform 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
CVE-2008-1229 1 Jspwiki 1 Jspwiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.
CVE-2008-1272 1 Bmscripts 1 Bm Classifieds 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.
CVE-2008-3206 1 Iamilkay 1 Yuhhu Pubs Black Cat 2026-04-23 N/A
SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black Cat allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2008-3561 1 Powergap 1 Shopsystem 2026-04-23 N/A
SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.
CVE-2009-1685 1 Apple 1 Safari 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.
CVE-2008-5724 1 Eset 1 Smart Security 2026-04-23 N/A
The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory.
CVE-2008-5726 1 Stormboards Aaronnemisis 1 Stormboards 2026-04-23 N/A
SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1934 1 Sun 2 Java System Web Server, One Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
CVE-2009-4026 1 Linux 1 Linux Kernel 2026-04-23 N/A
The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch."
CVE-2007-2890 1 Cpcommerce 1 Cpcommerce 2026-04-23 N/A
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.
CVE-2008-6839 1 Tgs-cms 1 Tgs Content Management 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2050 1 Cisco 1 Unified Communications Manager 2026-04-23 N/A
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.
CVE-2009-2053 1 Cisco 1 Unified Communications Manager 2026-04-23 N/A
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.
CVE-2009-2917 1 Imtoo 1 Mpeg Encoder 2026-04-23 N/A
Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file.
CVE-2009-2927 1 Digitalspinners 1 Ds Cms 2026-04-23 N/A
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.
CVE-2009-2961 1 Kolmck 1 Kol Player 2026-04-23 N/A
Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file.
CVE-2009-3171 1 Anantasoft 1 Gazelle Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php.
CVE-2009-3180 1 Anantasoft 1 Gazelle Cms 2026-04-23 N/A
Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php.
CVE-2009-3428 1 Otbcode 1 Easy Music Player 2026-04-23 N/A
Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file.