Export limit exceeded: 26333 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26333 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0593 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
CVE-2008-0570 1 Drupal 1 Openid 2026-04-23 N/A
The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.
CVE-2008-0534 2 Cisco, Icon-labs 2 Service Control Engine, Iconfidant Ssh 2026-04-23 N/A
The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device restart or daemon outage) via a high rate of login attempts, aka Bug ID CSCsi68582.
CVE-2008-2683 1 Black Ice 1 Barcode Sdk 2026-04-23 N/A
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.
CVE-2008-0527 1 Cisco 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone 2026-04-23 N/A
The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request.
CVE-2008-0506 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
CVE-2007-6606 1 Openbiblio 1 Openbiblio 2026-04-23 N/A
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2009-0790 3 Redhat, Strongswan, Xelerance 3 Enterprise Linux, Strongswan, Openswan 2026-04-23 N/A
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.
CVE-2007-6534 1 Microsoft 1 Publisher 2026-04-23 N/A
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
CVE-2007-6527 1 Rickard Andersson 1 Punbb 2026-04-23 N/A
uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type.
CVE-2007-6494 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.
CVE-2007-6493 1 Imesh.com 1 Imesh 2026-04-23 N/A
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
CVE-2006-5974 1 Fetchmail 1 Fetchmail 2026-04-23 N/A
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.
CVE-2007-6408 1 Ibm 1 Tivoli Provisioning Manager Express 2026-04-23 N/A
IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
CVE-2008-2712 3 Canonical, Redhat, Vim 3 Ubuntu Linux, Enterprise Linux, Vim 2026-04-23 N/A
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
CVE-2007-6372 1 Juniper 1 Junos 2026-04-23 N/A
Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping.
CVE-2007-5762 1 Novell 1 Netware Client 2026-04-23 N/A
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
CVE-2007-5736 1 Seeblick 1 Seeblick 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS.
CVE-2008-7154 1 Docebo 1 Docebo 2026-04-23 N/A
Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message.
CVE-2007-2253 1 Exponent 1 Exponent Cms 2026-04-23 N/A
Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.