Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4129 1 Mozilla 1 Firefox 2026-04-23 N/A
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.
CVE-2008-5336 1 Bdigital Web Solutions 1 Webstudio Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
CVE-2009-4130 1 Mozilla 1 Firefox 2026-04-23 N/A
Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.
CVE-2008-7180 1 Rittwick Banerjee 1 Telephone Directory 2008 2026-04-23 N/A
del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.
CVE-2009-2047 1 Cisco 6 Crs, Customer Response Applications, Ip Qm and 3 more 2026-04-23 N/A
Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.
CVE-2009-2487 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.
CVE-2009-4137 1 Matomo 1 Matomo 2026-04-23 N/A
The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the __destruct function in the Piwik_Config class; php://filter URIs; the __destruct functions in Zend Framework, as demonstrated by the Zend_Log destructor; the shutdown functions in Zend Framework, as demonstrated by the Zend_Log_Writer_Mail class; the render function in the Piwik_View class; Smarty templates; and the _eval function in Smarty.
CVE-2010-0359 1 Zeus 1 Zeus Web Server 2026-04-23 N/A
Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.
CVE-2009-4144 2 Gnome, Redhat 2 Networkmanager, Enterprise Linux 2026-04-23 N/A
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
CVE-2006-5400 1 Cyberbrau 1 Cyberbrau 2026-04-23 N/A
PHP remote file inclusion vulnerability in forum/track.php in CyberBrau 0.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-0301 1 Fdweb 1 Espace Membre 2026-04-23 N/A
PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-0310 1 Bmc 1 Remedy Action Request System 2026-04-23 N/A
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
CVE-2007-0329 1 Joonas Viljanen 1 Jv2 Folder Gallery 2026-04-23 N/A
download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.
CVE-2009-4173 2 Cutephp, Korn19 2 Cutenews, Utf-8 Cutenews 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.
CVE-2009-4182 1 Hp 1 Web Jetadmin 2026-04-23 N/A
Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server.
CVE-2007-0817 1 Adobe 1 Coldfusion 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
CVE-2007-3347 1 D-link 2 Dph-540, Dph-541 2026-04-23 N/A
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
CVE-2008-3203 1 Auracms 1 Auracms 2026-04-23 N/A
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
CVE-2009-1331 1 Microsoft 1 Windows Media Player 2026-04-23 N/A
Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid.
CVE-2009-4214 1 Rubyonrails 2 Rails, Ruby On Rails 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.