Export limit exceeded: 359378 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359378 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4428 | 1 Lhaz | 1 Lhaz | 2026-04-23 | N/A |
| Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116. | ||||
| CVE-2009-2005 | 1 Dokeos | 1 Dokeos | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors. | ||||
| CVE-2009-2007 | 1 Dokeos | 1 Dokeos | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php. | ||||
| CVE-2009-2008 | 1 Dokeos | 1 Dokeos | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2. | ||||
| CVE-2009-2009 | 1 Dokeos | 1 Dokeos | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php. | ||||
| CVE-2007-4436 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2026-04-23 | N/A |
| The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity. | ||||
| CVE-2008-2202 | 1 Maianscriptworld | 1 Maian Uploader | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. | ||||
| CVE-2008-3515 | 1 Adobe | 1 Presenter | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516. | ||||
| CVE-2009-2012 | 1 Sun | 1 Opensolaris | 2026-04-23 | N/A |
| Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors. | ||||
| CVE-2009-2015 | 2 Ideal, Joomla | 2 Com Moofaq, Joomla | 2026-04-23 | N/A |
| Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2009-2027 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. | ||||
| CVE-2009-2108 | 1 Git | 1 Git | 2026-04-23 | N/A |
| git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. | ||||
| CVE-2007-4437 | 1 Ampache | 1 Ampache | 2026-04-23 | N/A |
| SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information. | ||||
| CVE-2008-2203 | 1 Maianscriptworld | 1 Maian Search | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | ||||
| CVE-2009-2032 | 1 Pagedowntech | 1 Pdshoppro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308, allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2009-2035 | 1 Drupal | 1 Services Module For Drupal | 2026-04-23 | N/A |
| Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors. | ||||
| CVE-2009-2036 | 1 Geekbill | 1 Open Biller | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2009-2041 | 1 Activecollab | 1 Activecollab | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772. | ||||
| CVE-2009-2043 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE. | ||||
| CVE-2007-4438 | 1 Ampache | 1 Ampache | 2026-04-23 | N/A |
| Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | ||||