Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2305 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
CVE-2007-4498 1 Grandstream 1 Sip Phone 2026-04-23 N/A
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message.
CVE-2009-2288 1 Nagios 1 Nagios 2026-04-23 N/A
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
CVE-2009-2289 1 Arcadetradescript 1 Arcade Trade Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade Script 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the q parameter in a gamelist action.
CVE-2009-2293 1 Tutorial-share 1 Tutorial Share 2026-04-23 N/A
Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter.
CVE-2009-2302 1 Avatic 1 Aardvark Topsites Php 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected.
CVE-2009-2322 1 Axesstel 1 Mv 410r 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2323 1 Axesstel 1 Mv 410r 2026-04-23 N/A
The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script.
CVE-2009-2330 1 Cms.tut.su 1 Cms Chainuk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
CVE-2009-2331 1 Cms.tut.su 1 Cms Chainuk 2026-04-23 N/A
Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php.
CVE-2009-2332 1 Cms.tut.su 1 Cms Chainuk 2026-04-23 N/A
CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message.
CVE-2009-2333 1 Cms.tut.su 1 Cms Chainuk 2026-04-23 N/A
Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php.
CVE-2007-1472 1 T-systems Solutions For Research Gmbh 1 Groupit 2026-04-23 N/A
Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath parameter to (1) content.php, (2) userprofile.php, (3) password.php, (4) dispatch.php, and (5) deliver.php in html/, and possibly (6) load.inc.php and related files.
CVE-2009-2358 1 Yasinkaplan 1 Tekradius 2026-04-23 N/A
TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file.
CVE-2008-0787 1 Mybulletinboard 1 Mybulletinboard 2026-04-23 N/A
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
CVE-2008-3476 1 Microsoft 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more 2026-04-23 N/A
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."
CVE-2008-5309 1 Netart Media 1 Real Estate Portal 2026-04-23 N/A
SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 allows remote attackers to execute arbitrary SQL commands via the ad_id parameter in the re_send_email module to index.php.
CVE-2008-5937 1 Zkesoft 1 Ayeview 2026-04-23 N/A
AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.
CVE-2009-3348 1 Datavore 1 Gyro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.
CVE-2008-6363 1 Capilano 1 Designworks 2026-04-23 N/A
Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0.7 allows remote attackers to execute arbitrary code via a crafted .cct file. NOTE: some of these details are obtained from third party information.