Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1063 1 Brother Soft 1 Exescope 2026-04-23 N/A
Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file.
CVE-2008-2351 1 Webmanager-pro 1 Cms Webmanager-pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters.
CVE-2008-2353 1 Gnugallery 1 Gnugallery 2026-04-23 N/A
Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
CVE-2009-0969 1 Phpfox 1 Phpfox 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action.
CVE-2008-2354 1 Testmaker 1 Testmaker 2026-04-23 N/A
Unspecified vulnerability in the data export function in testMaker before 3.0p10 allows test authors to obtain access to export data via unknown vectors.
CVE-2008-2358 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.
CVE-2008-2361 2 Redhat, Xorg 2 Enterprise Linux, X11 2026-04-23 N/A
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.
CVE-2008-2363 1 Pan 1 Pan 2026-04-23 N/A
The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow.
CVE-2009-1228 1 Arcadwy 1 Arcadwy Arcade Script Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter).
CVE-2008-5746 1 Sun 2 Snmp Management Agent, Solaris 2026-04-23 N/A
Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.
CVE-2008-5764 1 2500mhz 1 Worksimple 2026-04-23 N/A
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
CVE-2009-1229 1 Arcadwy 1 Arcadwy Arcade Script 2026-04-23 N/A
SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.
CVE-2008-5770 1 Phpweather 1 Phpweather 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-0972 1 Oracle 1 Database Server 2026-04-23 N/A
Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2009-1230 1 Podcast Generator 1 Podcast Generator 2026-04-23 N/A
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
CVE-2008-5771 1 Phpweather 1 Phpweather 2026-04-23 N/A
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
CVE-2008-2366 2 Openoffice, Redhat 2 Openoffice, Enterprise Linux 2026-04-23 N/A
Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path.
CVE-2008-5776 1 Apertoblog 1 Apertoblog 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-5894 1 Mediatheka 1 Mediatheka 2026-04-23 N/A
Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-5999 1 Drupal 2 Ajax Checklist, Drupal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.