Export limit exceeded: 26342 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26342 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4343 1 Chilkat Software 1 Chilkat Xml Activex Control 2026-04-23 N/A
The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
CVE-2007-6476 1 Gf 3xplorer 1 Gf 3xplorer 2026-04-23 N/A
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
CVE-2007-0979 1 Lifetype 1 Lifetype 2026-04-23 N/A
Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL."
CVE-2008-3676 1 Hmailserver 1 Hmailserver 2026-04-23 N/A
Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.
CVE-2007-1563 1 Opera 1 Opera Browser 2026-04-23 N/A
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-1564 2 Kde, Redhat 2 Konqueror, Enterprise Linux 2026-04-23 N/A
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2008-5705 1 Verlihub-project 1 Verlihub 2026-04-23 N/A
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument.
CVE-2008-2574 1 Flashblog 1 Flashblog 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/.
CVE-2008-5715 2 Microsoft, Mozilla 2 Windows Vista, Firefox 2026-04-23 N/A
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms.
CVE-2007-1803 1 Maildwarf 1 Maildwarf 2026-04-23 N/A
Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses.
CVE-2007-2748 1 Php 1 Php 2026-04-23 N/A
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
CVE-2008-4444 1 Cisco 2 Unified Ip Phone 7940g, Unified Ip Phone 7960g 2026-04-23 N/A
Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers.
CVE-2008-1330 1 Novell 1 Groupwise 2026-04-23 N/A
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.
CVE-2009-1061 2 Adobe, Redhat 2 Acrobat Reader, Rhel Extras 2026-04-23 N/A
Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.
CVE-2008-0105 1 Microsoft 2 Office, Works 2026-04-23 N/A
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
CVE-2008-1166 1 Flyspray 1 Flyspray 2026-04-23 N/A
Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
CVE-2007-3912 1 Debian 1 Debian-goodies 2026-04-23 N/A
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
CVE-2007-3913 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-1769 1 Ocsinventory-ng 1 Ocs Inventory Ng 2026-04-23 N/A
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
CVE-2009-1076 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.