Export limit exceeded: 26294 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26294 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5226 1 Dircproxy 1 Dircproxy 2026-04-23 N/A
irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi.
CVE-2008-3304 1 Tuxplanet 1 Bilboblog 2026-04-23 N/A
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.
CVE-2009-0465 1 Synactis 1 All In The Box.ocx 2026-04-23 N/A
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.
CVE-2009-1371 1 Clamav 1 Clamav 2026-04-23 N/A
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.
CVE-2008-1785 1 Prozilla 1 Top 100 2026-04-23 N/A
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
CVE-2007-5264 1 Battlefront 1 Dropteam 2026-04-23 N/A
Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information.
CVE-2007-4664 1 Firebirdsql 1 Firebird 2026-04-23 N/A
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
CVE-2008-7069 1 Paul Arbogast 1 Accms 2026-04-23 N/A
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
CVE-2008-4105 1 Joomla 1 Joomla 2026-04-23 N/A
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
CVE-2008-3094 1 Organic Groups Project 1 Organic Groups 2026-04-23 N/A
The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.
CVE-2009-0418 1 Hp 1 Hp-ux 2026-04-23 N/A
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
CVE-2008-4681 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
CVE-2008-6171 1 Drupal 1 Drupal 2026-04-23 N/A
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
CVE-2007-1478 1 Mcgallery 1 Mcgallery 2026-04-23 N/A
download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter.
CVE-2008-6159 1 Hans Oesterholt 1 Cmme 2026-04-23 N/A
Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function.
CVE-2007-5339 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.
CVE-2008-7088 1 Photopost 1 Photopost Vbgallery 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.
CVE-2007-3650 1 Mywebland 1 Mybloggie 2026-04-23 5.3 Medium
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
CVE-2007-5130 1 Boesch-it 1 Simpgb 2026-04-23 N/A
SimpGB 1.46.02 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php or (2) a direct request to admin/trailer.php, which reveals the path in various error messages.
CVE-2007-0102 1 Apple 1 Preview 2026-04-23 N/A
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.