Export limit exceeded: 25410 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25410 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3650 | 1 Mywebland | 1 Mybloggie | 2026-04-23 | 5.3 Medium |
| myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages. | ||||
| CVE-2007-6165 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. | ||||
| CVE-2007-1362 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies." | ||||
| CVE-2008-3493 | 1 Realvnc | 1 Realvnc Windows Client | 2026-04-23 | N/A |
| vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet. | ||||
| CVE-2008-1557 | 1 Bolinos | 1 Bolinos | 2026-04-23 | N/A |
| BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function. | ||||
| CVE-2006-6999 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter. | ||||
| CVE-2008-7037 | 2 Itn, Microsoft | 2 Itn News Gadget, Windows Vista | 2026-04-23 | N/A |
| The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response. | ||||
| CVE-2008-3492 | 1 Americasarmy | 1 America\'s Army | 2026-04-23 | N/A |
| America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS. | ||||
| CVE-2007-6043 | 1 Microsoft | 1 Windows 2000 | 2026-04-23 | N/A |
| The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. | ||||
| CVE-2007-5195 | 1 Suse | 1 Suse Linux | 2026-04-23 | N/A |
| Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196. | ||||
| CVE-2008-1506 | 1 Peel | 1 Peel | 2026-04-23 | N/A |
| PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2008-6279 | 1 Rakhisoftware | 1 Rakhisoftware Shopping Cart | 2026-04-23 | N/A |
| RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message. | ||||
| CVE-2007-6093 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2026-04-23 | N/A |
| The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected." | ||||
| CVE-2008-2686 | 1 Flux Cms | 1 Flux Cms | 2026-04-23 | N/A |
| webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename. | ||||
| CVE-2006-5990 | 1 Vmware | 1 Virtualcenter | 2026-04-23 | N/A |
| VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack. | ||||
| CVE-2006-6956 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | ||||
| CVE-2008-3651 | 2 Linux, Redhat | 2 Ipsec Tools Racoon Daemon, Enterprise Linux | 2026-04-23 | N/A |
| Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. | ||||
| CVE-2008-6367 | 1 Socialgroupie | 1 Social Groupie | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/. | ||||
| CVE-2008-1523 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2026-04-23 | N/A |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain ISP and Dynamic DNS credentials by sending a direct request for (1) WAN.html, (2) wzPPPOE.html, and (3) rpDyDNS.html, and then reading the HTML source. | ||||
| CVE-2009-1234 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected. | ||||