Export limit exceeded: 348985 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1845 | 1 Mirbsd | 1 Miros | 2026-04-23 | N/A |
| The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option. | ||||
| CVE-2008-2009 | 3 Canonical, Redhat, Xiph.org | 3 Ubuntu Linux, Enterprise Linux, Libvorbis | 2026-04-23 | N/A |
| Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function. | ||||
| CVE-2008-2714 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced." | ||||
| CVE-2008-4198 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page. | ||||
| CVE-2008-4232 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2026-04-23 | N/A |
| Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | ||||
| CVE-2008-4233 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2026-04-23 | N/A |
| Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. | ||||
| CVE-2008-4315 | 2 Openpegasus, Redhat | 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop | 2026-04-23 | N/A |
| tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. | ||||
| CVE-2008-4407 | 1 Debian | 1 Xsabre | 2026-04-23 | N/A |
| XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten. | ||||
| CVE-2006-5745 | 1 Microsoft | 1 Xml Core Services | 2026-04-23 | N/A |
| Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5760 | 1 Phpdynasite | 1 Phpdynasite | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php. | ||||
| CVE-2006-5763 | 1 Free Php Scripts | 2 Free File Hosting, Free Image Hosting | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php. NOTE: the original provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. Vector 1 also affects Free Image Hosting 2.0, which contains the same code. | ||||
| CVE-2006-5768 | 1 Cyberfolio | 1 Cyberfolio | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php. | ||||
| CVE-2006-5783 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service (crash) via a long URL in an A tag. NOTE: this issue has been disputed by several vendors, who could not reproduce the report. In addition, the scope of the impact - system freeze - suggests an issue that is not related to Firefox. Due to this impact, CVE concurs with the dispute | ||||
| CVE-2006-5787 | 1 Iprimal | 1 Iprimal Forums | 2026-04-23 | N/A |
| admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php. | ||||
| CVE-2006-5792 | 1 Xlink Technology | 1 Omni-nfs X Enterprise | 2026-04-23 | N/A |
| Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by vd_xlink2.pm, an "Omni-NFS Enterprise remote exploit." NOTE: this is probably a different vulnerability than CVE-2006-5780. As of 20061107, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2006-5826 | 1 Texas Imperial Software | 1 Wftpd | 2026-04-23 | N/A |
| Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters. | ||||
| CVE-2006-5850 | 1 Essen | 1 Essentia Web Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6567 | 1 Mxbb | 1 Kb Mods | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2006-6575 | 1 Brian Drawert | 1 Yaplap | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGIN_style parameter. | ||||
| CVE-2006-6586 | 1 Vblog | 1 Vblog | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/. | ||||