Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26282 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6511 1 Igniterealtime 1 Openfire 2026-04-23 N/A
Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
CVE-2009-2420 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703.
CVE-2009-2421 1 Apple 1 Safari 2026-04-23 N/A
The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol.
CVE-2009-2425 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.
CVE-2009-2431 1 Wordpress 1 Wordpress 2026-04-23 N/A
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source.
CVE-2008-4295 2 Htc, Microsoft 3 Mda, Wiza, Windows Mobile 2026-04-23 N/A
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
CVE-2009-2533 1 Realnetworks 2 Helix Server, Helix Server Mobile 2026-04-23 N/A
rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers.
CVE-2006-6735 1 Obie Website 1 Mini Web Shop 2026-04-23 N/A
modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal.
CVE-2009-3452 1 Radactive 1 I-load 2026-04-23 N/A
WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname.
CVE-2009-2765 1 Dd-wrt 1 Dd-wrt 2026-04-23 N/A
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.
CVE-2008-4136 1 Michael Roth Software 1 Pftp 2026-04-23 N/A
Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames.
CVE-2008-4133 1 D-link 1 Dir-100 2026-04-23 N/A
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.
CVE-2008-6943 1 Scriptsfeed 1 Recipes Listing Portal 2026-04-23 N/A
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
CVE-2009-3271 1 Apple 2 Iphone Os, Safari 2026-04-23 N/A
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
CVE-2008-3810 1 Cisco 1 Ios 2026-04-23 N/A
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811.
CVE-2008-6976 1 Mikrotik 1 Routeros 2026-04-23 N/A
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
CVE-2008-6978 1 Fullrevolution 1 Aspwebalbum 2026-04-23 N/A
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.
CVE-2009-3078 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.
CVE-2009-3250 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
CVE-2007-0683 1 Omegaboard Project 1 Omegaboard 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.