Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2555 1 Google 2 Chrome, V8 2026-04-23 N/A
Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
CVE-2006-4517 1 Novell 1 Imanager 2026-04-23 N/A
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.
CVE-2006-5635 1 Web Wiz Forums 1 Web Wiz Forums 2026-04-23 N/A
SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter.
CVE-2006-5638 1 Phpmyring 1 Phpmyring 2026-04-23 N/A
Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters.
CVE-2006-5640 1 Techno Dreams 1 Techno Dreams Guest Book 2026-04-23 N/A
SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2007-0771 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c.
CVE-2007-0914 1 Sun 1 Solaris 2026-04-23 N/A
Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.
CVE-2009-2560 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9.
CVE-2009-2561 1 Wireshark 1 Wireshark 2026-04-23 N/A
Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.
CVE-2007-4780 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.
CVE-2008-0540 1 Trixbox 1 Trixbox 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
CVE-2008-0776 1 Itechscripts 1 Itechbids 2026-04-23 N/A
SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
CVE-2008-0794 1 Affiliate Market 1 Affiliate Market 2026-04-23 N/A
Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2008-0798 1 Artmedic Webdesign 1 Artmedic Weblog 2026-04-23 N/A
Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date parameter to artmedic_print.php.
CVE-2009-2564 3 Adobe, Corel, Nos Microsystems 3 Acrobat Reader, Getplus Download Manager, Getplus Download Manager 2026-04-23 N/A
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.
CVE-2008-0802 2 Joomla, Mediaslide 2 Com Mediaslide, Com Mediaslide 2026-04-23 N/A
SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action.
CVE-2008-0803 1 Lookstrike 1 Lan Manager 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\class\Table.php; (2) db_admins.php, (3) db_alert.php, (4) db_double.php, (5) db_games.php, (6) db_matches.php, (7) db_match_teams.php, (8) db_news.php, (9) db_platform.php, (10) db_players.php, (11) db_server_group.php, (12) db_server_ip.php, (13) db_teams.php, (14) db_team_players.php, (15) db_tournaments.php, (16) db_tournament_teams.php, and (17) db_trees.php in modules\class\db\; and (18) Match.php, (19) MatchTeam.php, (20) Rule.php, (21) RuleBuilder.php, (22) RulePool.php, (23) RuleSingle.php, (24) RuleTree.php, (25) Tournament.php, (26) TournamentTeam.php, (27) Tree.php, and (28) TreeSingle.php in modules\class\tournament\. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
CVE-2009-2566 1 Tfm 1 Mmplayer 2026-04-23 N/A
Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
CVE-2008-0805 1 Reality 1 Medias Phpizabi 2026-04-23 N/A
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
CVE-2008-0813 1 Xpweb 1 Xpweb 2026-04-23 N/A
Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.