Export limit exceeded: 361192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361192 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4362 | 1 Deslock | 1 Deslock | 2026-04-23 | N/A |
| The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0. | ||||
| CVE-2009-3386 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug. | ||||
| CVE-2008-4361 | 1 Powerportal | 1 Powerportal | 2026-04-23 | N/A |
| Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI. | ||||
| CVE-2009-3439 | 1 Alienvault | 1 Ossim | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu. | ||||
| CVE-2009-0826 | 1 Freedville | 1 Bloghelper | 2026-04-23 | N/A |
| BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | ||||
| CVE-2008-4352 | 1 Phpsmartcom | 1 Phpsmartcom | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php. | ||||
| CVE-2009-0825 | 1 Torben Sorensen | 1 Tinx\/cms | 2026-04-23 | N/A |
| SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-4344 | 1 6rbscript | 1 6rbscript | 2026-04-23 | N/A |
| SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | ||||
| CVE-2009-0741 | 1 Craftsilicon | 1 Banking\@home | 2026-04-23 | N/A |
| SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter. | ||||
| CVE-2009-0743 | 1 Cisco | 1 Unified Meetingplace | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. | ||||
| CVE-2009-0746 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. | ||||
| CVE-2009-0747 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem. | ||||
| CVE-2009-3346 | 1 Sap | 1 Crystal Reports Server | 2026-04-23 | N/A |
| Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-0752 | 1 Sixapart | 1 Movable Type | 2026-04-23 | N/A |
| Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism. | ||||
| CVE-2007-5315 | 1 Softpedia | 1 Livealbum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter. | ||||
| CVE-2009-0754 | 3 Apache, Php, Redhat | 3 Apache, Php, Enterprise Linux | 2026-04-23 | N/A |
| PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. | ||||
| CVE-2008-4264 | 1 Microsoft | 6 20007 Office System, Office, Office Compatibility Pack For Word Excel Ppt 2007 and 3 more | 2026-04-23 | N/A |
| Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." | ||||
| CVE-2009-0755 | 1 Poppler | 1 Poppler | 2026-04-23 | N/A |
| The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. | ||||
| CVE-2009-3348 | 1 Datavore | 1 Gyro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component. | ||||
| CVE-2009-0756 | 1 Poppler | 1 Poppler | 2026-04-23 | N/A |
| The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. | ||||