Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1447 | 1 Broadcom | 1 Brightstor Arcserve Backup | 2025-04-09 | N/A |
| The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076. | ||||
| CVE-2007-1477 | 1 Oscommerce | 1 Php Point Of Sale | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation | ||||
| CVE-2007-1490 | 1 Avaya | 1 Communication Manager | 2025-04-09 | N/A |
| Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). | ||||
| CVE-2007-3606 | 1 Sap | 1 Enjoysap | 2025-04-09 | N/A |
| Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. | ||||
| CVE-2007-4109 | 1 Codewidgets | 1 Online Event Registration Template | 2025-04-09 | N/A |
| SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | ||||
| CVE-2007-4408 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | N/A |
| ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking. | ||||
| CVE-2009-2052 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371. | ||||
| CVE-2009-2090 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors. | ||||
| CVE-2009-2165 | 1 Serendipitynz | 1 Serene Bach | 2025-04-09 | N/A |
| SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | ||||
| CVE-2009-2467 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object. | ||||
| CVE-2009-2974 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property. | ||||
| CVE-2009-3003 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. | ||||
| CVE-2009-3008 | 1 Christophe Thibault | 1 K-meleon | 2025-04-09 | N/A |
| K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker. | ||||
| CVE-2009-3047 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. | ||||
| CVE-2009-3049 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. | ||||
| CVE-2009-3085 | 2 Pidgin, Redhat | 3 Libpurple, Pidgin, Enterprise Linux | 2025-04-09 | N/A |
| The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. | ||||
| CVE-2009-3572 | 1 Openbsd | 1 Openbsd | 2025-04-09 | N/A |
| OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors. | ||||
| CVE-2009-3630 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. | ||||
| CVE-2009-3643 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-09 | N/A |
| Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728. | ||||
| CVE-2009-3654 | 2 316solutions, Drupal | 2 Boost, Drupal | 2025-04-09 | N/A |
| Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. | ||||