Export limit exceeded: 346155 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346155 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2844 | 1 Linux | 2 Kernel, Linux Kernel | 2026-04-23 | N/A |
| cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability. | ||||
| CVE-2008-5933 | 1 Cmsisweb | 1 Cms Isweb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5934 | 1 Cmsisweb | 1 Cms Isweb | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter. | ||||
| CVE-2008-5935 | 1 Factosystem | 1 Factosystem Weblog | 2026-04-23 | N/A |
| Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5936 | 1 Mini-pub | 1 Mini-pub | 2026-04-23 | N/A |
| front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter. | ||||
| CVE-2008-5937 | 1 Zkesoft | 1 Ayeview | 2026-04-23 | N/A |
| AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values. | ||||
| CVE-2008-5938 | 1 Modxcms | 1 Modxcms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter. | ||||
| CVE-2008-5939 | 1 Modxcms | 1 Modxcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure. | ||||
| CVE-2008-5948 | 1 Bncwi | 1 Bncwi | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter. | ||||
| CVE-2008-5949 | 1 Tiddlywiki | 1 Cctiddly | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php. | ||||
| CVE-2009-2846 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. | ||||
| CVE-2008-5953 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2026-04-23 | N/A |
| Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI. | ||||
| CVE-2008-5956 | 1 Phpstreet | 1 Webboard | 2026-04-23 | N/A |
| Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc. | ||||
| CVE-2008-5959 | 1 Active Web Softwares | 1 Active Test | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5961 | 1 Tribiq | 1 Tribiq Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5964 | 1 Impresscms | 1 Impresscms | 2026-04-23 | N/A |
| Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-5982 | 1 Bmc | 1 Patrol Agent | 2026-04-23 | N/A |
| Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message. | ||||
| CVE-2008-5983 | 4 Canonical, Fedoraproject, Python and 1 more | 4 Ubuntu Linux, Fedora, Python and 1 more | 2026-04-23 | N/A |
| Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. | ||||
| CVE-2009-2847 | 2 Linux, Redhat | 6 Kernel, Linux, Linux Kernel and 3 more | 2026-04-23 | N/A |
| The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function. | ||||
| CVE-2008-5990 | 1 Eduforge | 1 Emergecolab | 2026-04-23 | N/A |
| Directory traversal vulnerability in connect/init.inc in emergecolab 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sitecode parameter to connect/index.php. | ||||