Export limit exceeded: 346174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346174 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2826 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. | ||||
| CVE-2008-5892 | 1 Icash | 1 Click\&email | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5893 | 1 Icash | 1 Click\&email | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action. | ||||
| CVE-2009-2827 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image. | ||||
| CVE-2009-4128 | 1 Gnu | 1 Grub 2 | 2026-04-23 | N/A |
| GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1. | ||||
| CVE-2008-5894 | 1 Mediatheka | 1 Mediatheka | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2008-5895 | 1 Mediatheka | 1 Mediatheka | 2026-04-23 | N/A |
| SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | ||||
| CVE-2008-5896 | 1 Codeavalanche | 1 Ratemysite | 2026-04-23 | N/A |
| CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2828 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | ||||
| CVE-2009-4129 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain. | ||||
| CVE-2008-5897 | 1 Codeavalanche | 1 Freewallpaper | 2026-04-23 | N/A |
| CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5898 | 1 Codeavalanche | 1 Directory | 2026-04-23 | N/A |
| CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5899 | 1 Codeavalanche | 1 Freeforall | 2026-04-23 | N/A |
| CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5900 | 1 Codeavalanche | 1 Articles | 2026-04-23 | N/A |
| CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2829 | 1 Apple | 1 Mac Os X Server | 2026-04-23 | N/A |
| Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue. | ||||
| CVE-2009-4130 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name. | ||||
| CVE-2008-5901 | 1 Iyziforum | 1 Iyzi Forum | 2026-04-23 | N/A |
| iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5902 | 1 Xrdp | 1 Xrdp | 2026-04-23 | N/A |
| Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2008-5903 | 1 Xrdp | 1 Xrdp | 2026-04-23 | N/A |
| Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member. | ||||
| CVE-2008-5906 | 1 Ktorrent | 1 Ktorrent | 2026-04-23 | N/A |
| Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts. | ||||