Export limit exceeded: 363407 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363407 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363407 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5286 2 Apple, Redhat 2 Cups, Enterprise Linux 2026-04-23 N/A
Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
CVE-2007-4488 1 Siemens 1 Gigaset Se361 Wlan Router 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF filename, which triggers display of the GIF file in text format and an unspecified denial of service (crash); or (2) the login.tri filename, which triggers a continuous loop of the browser attempting to visit the login page.
CVE-2007-4489 1 Ecentrex 1 Voip Client Module 2026-04-23 N/A
Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit method.
CVE-2007-4490 1 Trend Micro 1 Serverprotect 2026-04-23 N/A
Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO.
CVE-2008-5287 1 Scripts4you 1 Faq Manager 2026-04-23 N/A
SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2007-4491 1 Gurur Haber 1 Gurur Haber 2026-04-23 N/A
SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4492 1 Sun 1 Solaris 2026-04-23 N/A
Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123.
CVE-2008-5288 1 Scripts4you 1 Faq Manager 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter.
CVE-2009-2334 1 Wordpress 2 Wordpress, Wordpress Mu 2026-04-23 N/A
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.
CVE-2007-4493 1 Ez 1 Ez Publish 2026-04-23 N/A
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
CVE-2008-5290 1 Scripts4you 1 Clean Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2009-2335 1 Wordpress 2 Wordpress, Wordpress Mu 2026-04-23 N/A
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
CVE-2007-4494 1 Ez 1 Ez Publish 2026-04-23 N/A
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
CVE-2007-4495 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124.
CVE-2008-5291 1 Fuzzylime 1 Fuzzylime Cms 2026-04-23 N/A
Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165.
CVE-2007-4496 2 Canonical, Vmware 5 Ubuntu Linux, Ace, Player and 2 more 2026-04-23 N/A
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.
CVE-2008-5292 1 Videogirls 1 Videogirls Biz 2026-04-23 N/A
SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2007-4497 2 Canonical, Vmware 5 Ubuntu Linux, Ace, Player and 2 more 2026-04-23 N/A
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors.
CVE-2008-5299 1 Karakas-online 1 Chm2pdf 2026-04-23 N/A
chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.
CVE-2007-4499 1 American Financing 1 Email Image Upload 2026-04-23 N/A
Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.