Export limit exceeded: 359554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359554 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2108 | 1 Git | 1 Git | 2026-04-23 | N/A |
| git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. | ||||
| CVE-2009-2111 | 1 Jnmsolutions | 1 Db Top Sites | 2026-04-23 | N/A |
| Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter. | ||||
| CVE-2009-2113 | 1 Fretsweb Project | 1 Fretsweb | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php. | ||||
| CVE-2009-2115 | 1 Skybluecanvas | 1 Skybluecanvas | 2026-04-23 | N/A |
| admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message. | ||||
| CVE-2009-2117 | 1 Phportal | 1 Phportal | 2026-04-23 | N/A |
| uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username. | ||||
| CVE-2009-2140 | 1 Go-oo | 1 Go-oo | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238. | ||||
| CVE-2009-2148 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2026-04-23 | N/A |
| SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3808 | 1 Php Arena | 1 Pafiledb | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. | ||||
| CVE-2008-4872 | 1 Itechscripts | 1 Itechbids | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2109 | 1 Fretsweb Project | 1 Fretsweb | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php. | ||||
| CVE-2009-2118 | 1 Irfanview | 1 Irfanview | 2026-04-23 | N/A |
| Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow. | ||||
| CVE-2009-2143 | 2 Firestats, Wordpress | 2 Firestats, Wordpress | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. | ||||
| CVE-2009-2149 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php. | ||||
| CVE-2007-3809 | 1 Prozilla | 1 Prozilla Directory Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | ||||
| CVE-2008-4873 | 1 Sepal | 1 Spboard | 2026-04-23 | N/A |
| board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action. | ||||
| CVE-2009-2119 | 1 F5 | 1 Firepass Ssl Vpn | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter. | ||||
| CVE-2009-2144 | 3 Edgewall, Firestats, Wordpress | 3 Firestats, Firestats, Wordpress | 2026-04-23 | N/A |
| SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-2150 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php. | ||||
| CVE-2007-3810 | 1 It747 | 1 Realtor 747 | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | ||||
| CVE-2008-4874 | 1 Philips Electronics | 1 Voip841 Dect Phone | 2026-04-23 | N/A |
| The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. | ||||