Export limit exceeded: 25819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25819 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5688 | 1 Mediawiki | 1 Mediawiki | 2026-04-23 | N/A |
| MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception. | ||||
| CVE-2008-3040 | 1 Typo3 | 1 Dam Frontend Extension | 2026-04-23 | N/A |
| Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2008-5322 | 1 Easy-script | 1 Wysi Wiki Wyg | 2026-04-23 | N/A |
| Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function. | ||||
| CVE-2006-7208 | 1 Adam Van Dongen | 2 Com Forum, Phpbb Component | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2008-6558 | 2 Sco, Unixware | 2 Unixware, Reliantha | 2026-04-23 | N/A |
| Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program. | ||||
| CVE-2007-5119 | 1 Jspwiki | 1 Jspwiki | 2026-04-23 | N/A |
| JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sensitive information (full path) via an invalid integer in the version parameter to the default URI under attach/Main/. | ||||
| CVE-2008-5712 | 1 Kde | 1 Konqueror | 2026-04-23 | N/A |
| The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514. | ||||
| CVE-2008-3168 | 1 Empire Server | 1 Empire Server | 2026-04-23 | N/A |
| The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed. | ||||
| CVE-2008-5346 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. | ||||
| CVE-2009-4533 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2026-04-23 | N/A |
| The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. | ||||
| CVE-2008-1453 | 1 Microsoft | 3 Windows-nt, Windows Vista, Windows Xp | 2026-04-23 | N/A |
| The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. | ||||
| CVE-2007-5568 | 1 Cisco | 2 Adaptive Security Appliance Software, Firewall Services Module | 2026-04-23 | N/A |
| Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM) 3.1(5) and earlier, allow remote attackers to cause a denial of service (device reload) via a crafted MGCP packet, aka CSCsi90468 (appliance) and CSCsi00694 (FWSM). | ||||
| CVE-2009-1609 | 1 Battleblog | 1 Battle Blog | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | ||||
| CVE-2008-6752 | 1 Revou | 1 Revou | 2026-04-23 | N/A |
| adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation. | ||||
| CVE-2009-0813 | 1 Imera | 1 Teamlinks | 2026-04-23 | N/A |
| Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters. | ||||
| CVE-2009-4609 | 1 Mortbay | 1 Jetty | 2026-04-23 | N/A |
| The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable. | ||||
| CVE-2008-4180 | 1 Nooms | 1 Nooms | 2026-04-23 | N/A |
| Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the g_dbuser parameter and a password in the g_dbpwd parameter, and possibly a "localhost" g_dbhost parameter value, related to a "Mysql Remote Brute Force Vulnerability." | ||||
| CVE-2009-3753 | 1 Opial | 1 Opial | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php. | ||||
| CVE-2009-0081 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." | ||||
| CVE-2009-3802 | 1 Amirocms | 1 Amiro.cms | 2026-04-23 | N/A |
| Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message. | ||||