Export limit exceeded: 359373 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359373 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4455 | 1 Asterisk | 3 Asterisk, Asterisk Appliance Developer Kit, Asterisknow | 2026-04-23 | N/A |
| The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. | ||||
| CVE-2009-2124 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. | ||||
| CVE-2009-2125 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs. | ||||
| CVE-2009-2126 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field. | ||||
| CVE-2009-2127 | 1 Elvinbts | 1 Elvinbts | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2007-4456 | 2 Mambo, Parkview Consultants | 2 Mambo, Simplefaq | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo. | ||||
| CVE-2008-2205 | 1 Maianscriptworld | 1 Maian Music | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. | ||||
| CVE-2009-2134 | 1 Pivot | 1 Pivot | 2026-04-23 | N/A |
| pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message. | ||||
| CVE-2009-2135 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions. | ||||
| CVE-2009-2139 | 1 Sun | 1 Openoffice.org | 2026-04-23 | N/A |
| Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238. | ||||
| CVE-2009-2141 | 1 Tbdev | 1 Tbdev.net | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php. | ||||
| CVE-2007-4462 | 1 Po4a | 1 Po4a | 2026-04-23 | N/A |
| lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file. | ||||
| CVE-2007-4463 | 2 Fransois Gannier, Ghisler | 2 Fileinfo Plugin, Total Commander | 2026-04-23 | N/A |
| The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file. | ||||
| CVE-2008-2206 | 1 Maianscriptworld | 1 Maian Music | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php. | ||||
| CVE-2009-2158 | 1 Torrenttrader Project | 1 Torrenttrader | 2026-04-23 | 7.5 High |
| account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. | ||||
| CVE-2009-2162 | 2 Ishii, Xoops | 2 Pukiwikimod, Xoops | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2164 | 1 Kjtechforce | 1 Mailman | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php. | ||||
| CVE-2009-2165 | 1 Serendipitynz | 1 Serene Bach | 2026-04-23 | N/A |
| SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | ||||
| CVE-2009-2173 | 1 Gameis | 1 Carom3d | 2026-04-23 | N/A |
| The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012. | ||||
| CVE-2009-2174 | 1 Gupnp | 1 Gupnp | 2026-04-23 | N/A |
| GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message. | ||||