Export limit exceeded: 364863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 14569 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 26342 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26342 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1441 1 Microsoft 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more 2026-04-23 N/A
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
CVE-2008-6943 1 Scriptsfeed 1 Recipes Listing Portal 2026-04-23 N/A
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
CVE-2008-6944 1 Scriptsfeed 1 Auto Classifieds 2026-04-23 N/A
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
CVE-2008-1451 1 Microsoft 2 Windows 2000, Windows 2003 Server 2026-04-23 N/A
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
CVE-2009-1172 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
CVE-2007-4905 1 Auracms 1 Auracms 2026-04-23 N/A
Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/.
CVE-2007-3654 1 Netbsd 1 Netbsd 2026-04-23 N/A
The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.
CVE-2008-1562 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
CVE-2007-3716 1 Sun 2 Jdk, Jre 2026-04-23 N/A
The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.
CVE-2008-1578 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2008-1605 1 Leadtools 1 Multimedia Toolkit 2026-04-23 N/A
The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method.
CVE-2009-0320 1 Microsoft 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more 2026-04-23 N/A
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
CVE-2008-1745 1 Cisco 1 Unified Communications Manager 2026-04-23 N/A
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
CVE-2008-1747 1 Cisco 1 Unified Communications Manager 2026-04-23 N/A
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.
CVE-2008-1748 1 Cisco 1 Unified Communications Manager 2026-04-23 N/A
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.
CVE-2008-1752 1 Achmad Zaenuri 1 Ezradius 2026-04-23 N/A
ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. NOTE: some of these details are obtained from third party information.
CVE-2008-5014 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
CVE-2008-6999 1 Phpauction 1 Phpauction 2026-04-23 N/A
phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2008-3337 1 Powerdns 2 Authoritative Server, Powerdns 2026-04-23 N/A
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
CVE-2009-4546 1 Logoshows 1 Logoshows Bbs 2026-04-23 N/A
globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies.