Search Results (363690 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2361 1 Osticket 1 Osticket 2026-04-23 N/A
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
CVE-2007-4312 1 Php Blue Dragon 1 Php Blue Dragon Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action.
CVE-2007-4311 1 Linux 1 Linux Kernel 2026-04-23 N/A
The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator.
CVE-2007-4310 1 Sun 1 Sunos 2026-04-23 N/A
The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503.
CVE-2010-0278 1 Microsoft 3 Windows 7, Windows Live Messenger, Windows Vista 2026-04-23 N/A
A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
CVE-2009-2292 1 Appleple 1 A-news 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-5151 1 Abottoms 1 Mayavi 2026-04-23 N/A
test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file.
CVE-2007-4309 1 Ibm 1 Lotus Notes 2026-04-23 N/A
IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696.
CVE-2010-0277 3 Adium, Pidgin, Redhat 3 Adium, Pidgin, Enterprise Linux 2026-04-23 N/A
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.
CVE-2007-3930 2 Microsoft, Wiki 2 Internet Explorer, Dokuwiki 2026-04-23 N/A
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
CVE-2008-4954 1 Fumitoshi Ukai 1 Fml 2026-04-23 N/A
mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file.
CVE-2009-2221 1 Php.s3 1 Php-i-board 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3959 1 Ipswitch 2 Imserver, Ipswitch Collaboration Suite 2026-04-23 N/A
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions.
CVE-2008-4955 1 Duncan Webb 1 Freevo 2026-04-23 N/A
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code.
CVE-2009-2222 1 Php.s3 1 Php-i-board 2026-04-23 N/A
Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail.
CVE-2007-3975 1 Elite Forum 1 Elite Forum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412.
CVE-2008-4956 1 Firewallbuilder 1 Fwbuilder 2026-04-23 N/A
fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file.
CVE-2009-2223 1 Teozkr 1 Lightopencms 2026-04-23 N/A
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.
CVE-2007-3978 1 Bwired 1 Bwired 2026-04-23 N/A
Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-4957 1 Gccxml 1 Gccxml 2026-04-23 N/A
find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.