Export limit exceeded: 363061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363061 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4227 1 Xfig 1 Xfig 2026-04-23 N/A
Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information.
CVE-2008-5281 1 South River Technologies 1 Titan Ftp Server 2026-04-23 N/A
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.
CVE-2007-5381 1 Cisco 1 Ios 2026-04-23 N/A
Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515.
CVE-2009-4230 1 Ruven Pillay 1 Iipimage Server 2026-04-23 N/A
Multiple stack-based buffer overflows in src/Task.cc in the FastCGI program in IIPImage Server before 0.9.8 might allow remote attackers to execute arbitrary code via vectors associated with crafted arguments to the (1) RGN::run, (2) JTLS::run, or (3) SHD::run function. NOTE: some of these details are obtained from third party information.
CVE-2008-5283 1 Ghh 1 Google Hack Honeypot File Upload Manager 2026-04-23 N/A
Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action.
CVE-2009-4231 1 Basic-cms 1 Sweetrice 2026-04-23 N/A
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
CVE-2008-5290 1 Scripts4you 1 Clean Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2009-4239 1 Ibm 1 Infosphere Information Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3163 1 Silcnet 2 Silc Client, Silc Toolkit 2026-04-23 N/A
Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users.
CVE-2008-5303 2 Perl, Redhat 3 File\, Perl, Enterprise Linux 2026-04-23 N/A
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
CVE-2008-5304 1 Twiki 1 Twiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
CVE-2009-4250 2 Cutephp, Korn19 2 Cutenews, Utf-8 Cutenews 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled.
CVE-2008-5305 1 Twiki 1 Twiki 2026-04-23 N/A
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
CVE-2009-4252 1 Clixint 1 Image Hosting Script Dpi 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5307 1 Pilot Group 1 Pg Real Roommate Finder Solution 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4262 1 Haroldbakker 1 Hb-ns 2026-04-23 N/A
Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php.
CVE-2008-5315 2 Apple, Microsoft 2 Iphone Configuration Web Utility, Windows 2026-04-23 N/A
Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2009-4263 1 Ptcpay 1 Gen3 2026-04-23 N/A
SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2009-4264 2 Aroundme, Barnraiser 2 Aroundme, Aroundme 2026-04-23 N/A
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.
CVE-2009-4265 1 Pointdev 1 Ideal Administration 2009 2026-04-23 N/A
Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file.