Search Results (363359 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2301 1 Radware 2 Appwall, Gateway 2026-04-23 N/A
The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/.
CVE-2007-4363 1 Drupal 1 Content Construction Kit 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.
CVE-2008-5179 1 Microsoft 3 Office Communications Server, Office Communicator, Windows Live Messenger 2026-04-23 N/A
Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.
CVE-2007-4364 1 Fedoraproject 1 Commons 2026-04-23 N/A
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector.
CVE-2008-5183 4 Apple, Debian, Opensuse and 1 more 6 Cups, Mac Os X, Mac Os X Server and 3 more 2026-04-23 7.5 High
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.
CVE-2009-2302 1 Avatic 1 Aardvark Topsites Php 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected.
CVE-2007-4365 1 Exv2 1 Content Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965.
CVE-2008-5185 1 Geshi 1 Geshi 2026-04-23 N/A
The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".
CVE-2009-2303 1 Avatic 1 Aardvark Topsites Php 2026-04-23 N/A
index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.
CVE-2007-4366 1 Wengo 1 Wengophone 2026-04-23 N/A
WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
CVE-2007-4367 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
CVE-2009-2304 1 Avatic 1 Aardvark Topsites Php 2026-04-23 N/A
index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.
CVE-2007-4368 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.
CVE-2007-4369 1 Sote 1 Soteesklep 2026-04-23 N/A
Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-5186 1 Geshi 1 Geshi 2026-04-23 N/A
The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path
CVE-2009-2305 1 Armassa 2 Ard-9808, Ard-9808 Software 2026-04-23 N/A
The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.
CVE-2007-4371 1 Hotscripts 1 Neuron Blog 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/.
CVE-2007-4372 2 Microsoft, Netwin 2 Windows 2003 Server, Surgemail 2026-04-23 N/A
Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
CVE-2008-5193 1 Philboard 1 Philboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
CVE-2007-4373 1 Rndlabs 1 Babo Violent 2026-04-23 N/A
The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes.