Export limit exceeded: 352540 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352540 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3377 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2008-6708 | 1 Avaya | 2 Communication Manager, Sip Enablement Services | 2026-04-23 | N/A |
| Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters." | ||||
| CVE-2007-4661 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872. | ||||
| CVE-2009-3375 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | ||||
| CVE-2008-6699 | 1 Typo3 | 2 Tjs Reslib, Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2009-3667 | 1 Adsdx | 1 Adsdx | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username. | ||||
| CVE-2008-6686 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2009-3461 | 1 Adobe | 1 Acrobat | 2026-04-23 | N/A |
| Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors. | ||||
| CVE-2009-3374 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | ||||
| CVE-2008-6677 | 1 Quickersite | 1 Quickersite | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | ||||
| CVE-2008-6676 | 1 Quickersite | 1 Quickersite | 2026-04-23 | N/A |
| QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message. | ||||
| CVE-2007-4658 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2026-04-23 | N/A |
| The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | ||||
| CVE-2009-3373 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2008-6667 | 1 Marc Melvin | 1 A\+ Php Scripts News Management System | 2026-04-23 | N/A |
| A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1. | ||||
| CVE-2008-6666 | 1 Kronos | 1 Kronos Webta | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial report was incorrect, but the reason for this conclusion is unknown. | ||||
| CVE-2007-4657 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2026-04-23 | N/A |
| Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. | ||||
| CVE-2009-3372 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | ||||
| CVE-2008-6658 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php. | ||||
| CVE-2009-3371 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. | ||||
| CVE-2008-6649 | 1 Ktools | 1 Photostore | 2026-04-23 | N/A |
| SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||