Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4218 1 Jiros 1 Jbsx 2026-04-23 N/A
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4217 2 Itamar Elharar, Joomla 2 Com Musicgallery, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4234 1 Micronet 1 Network Access Controller Sp1910 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2009-4237 1 Teamst 1 Testlink 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter to lib/results/resultsMoreBuilds_buildReport.php; or the (8) expected_results, (9) name, (10) steps, or (11) summary parameter in a find action to lib/testcases/searchData.php, related to lib/functions/database.class.php.
CVE-2009-4252 1 Clixint 1 Image Hosting Script Dpi 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3602 1 Nlnetlabs 1 Unbound 2026-04-23 N/A
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
CVE-2008-3388 1 Easy-script 1 Def Blog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
CVE-2008-0815 2 Egitimhost, Joomla 2 Com Mezun, Com Mezun 2026-04-23 N/A
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
CVE-2009-3598 1 Ecardmax.com 1 Formxp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
CVE-2009-3591 1 Ben Webb 1 Dopewars 2026-04-23 N/A
Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.
CVE-2007-2574 1 Archangelmgt 1 Weblog 2026-04-23 N/A
Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter.
CVE-2008-0869 2 Bea, Bea Systems 3 Weblogic Server, Weblogic Workshop, Weblogic 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
CVE-2008-1761 1 Opera 1 Opera 2026-04-23 N/A
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.
CVE-2008-6484 1 Mole-group 1 Taxi Calc Dist Script 2026-04-23 N/A
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
CVE-2008-6487 1 Digiappz 1 Digiaffiliate 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields.
CVE-2008-6488 1 Softcomplex 1 Php Image Gallery 2026-04-23 N/A
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.
CVE-2009-4250 2 Cutephp, Korn19 2 Cutenews, Utf-8 Cutenews 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled.
CVE-2006-7228 2 Pcre, Redhat 2 Pcre, Enterprise Linux 2026-04-23 N/A
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
CVE-2007-1094 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.
CVE-2007-1099 1 Dropbear Ssh Project 1 Dropbear Ssh 2026-04-23 N/A
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.