Export limit exceeded: 356092 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356092 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1064 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2007-1553 | 1 Guestbara | 1 Guestbara | 2026-04-23 | N/A |
| admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters. | ||||
| CVE-2008-1062 | 1 Intervideo | 1 Windvd Media Center | 2026-04-23 | N/A |
| InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1546 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2026-04-23 | N/A |
| Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. | ||||
| CVE-2009-1171 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file. | ||||
| CVE-2008-1055 | 1 Netwin | 2 Surgemail, Webmail | 2026-04-23 | N/A |
| Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. | ||||
| CVE-2008-1053 | 1 Phpnuke | 1 Kose Yazilari Module | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php. | ||||
| CVE-2008-1049 | 1 Positive Software | 2 H-sphere, Sitestudio | 2026-04-23 | N/A |
| Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors. | ||||
| CVE-2007-1537 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2026-04-23 | N/A |
| \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. | ||||
| CVE-2008-1047 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-1529 | 1 Microsoft | 1 Windows Vista | 2026-04-23 | N/A |
| The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. | ||||
| CVE-2007-1524 | 1 Zomplog | 1 Zomplog | 2026-04-23 | N/A |
| Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/. | ||||
| CVE-2007-1516 | 1 Cicoandcico | 1 Ccmail | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter. | ||||
| CVE-2008-1041 | 1 Matts Whois | 1 Matts Whois | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter. | ||||
| CVE-2008-1039 | 1 Porar | 1 Webboard | 2026-04-23 | N/A |
| SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter. | ||||
| CVE-2007-1505 | 1 Fujitsu | 2 Fence, Systemwalker Desktop Encryption | 2026-04-23 | N/A |
| Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types. | ||||
| CVE-2008-1037 | 1 Packeteer | 2 Packetshaper, Policycenter | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page. | ||||
| CVE-2008-1036 | 2 Apple, Redhat | 3 Mac Os X, Mac Os X Server, Enterprise Linux | 2026-04-23 | N/A |
| The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2007-1500 | 1 Gentoo | 1 Linux | 2026-04-23 | N/A |
| The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | ||||
| CVE-2008-1019 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. | ||||