Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1265 1 Linux 1 Linux Kernel 2026-04-23 N/A
Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.
CVE-2009-1267 2 Microsoft, Wireshark 2 Windows, Wireshark 2026-04-23 N/A
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
CVE-2007-3240 1 Wordpress 1 Wordpress 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
CVE-2009-1273 1 Andrew J.korty 1 Pam Ssh 2026-04-23 N/A
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
CVE-2008-3300 1 Alphadmin 1 Alphadmin Cms 2026-04-23 N/A
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3302 1 Tuxplanet 1 Bilboblog 2026-04-23 N/A
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
CVE-2009-1274 1 Xine 1 Xine-lib 2026-04-23 N/A
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
CVE-2008-3307 1 Youtube Blog 1 Youtube Blog 2026-04-23 N/A
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.
CVE-2008-5987 1 Gnome 1 Eog 2026-04-23 N/A
Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
CVE-2009-1286 1 Ibm 1 Lotus Domino 2026-04-23 N/A
The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities.
CVE-2009-1288 1 Ibm 2 Advanced Management Module, Bladecenter 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
CVE-2008-3318 1 Maian 1 Weblog 2026-04-23 N/A
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
CVE-2008-3319 1 Maian 1 Links 2026-04-23 N/A
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
CVE-2009-2089 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file.
CVE-2008-3323 1 Redhat 1 Cygwin 2026-04-23 N/A
setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.
CVE-2008-3328 1 Edgewall Software 1 Trac 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-3336 1 Punbb 1 Punbb 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.
CVE-2008-3337 1 Powerdns 2 Authoritative Server, Powerdns 2026-04-23 N/A
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
CVE-2008-3341 1 Jobbex 1 Jobsite 2026-04-23 N/A
Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex JobSite allow remote attackers to execute arbitrary SQL commands via the (1) jobcountryid and (2) jobstateid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3343 1 Myiosoft 1 Easypublish 2026-04-23 N/A
SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action.