Search Results (363449 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4511 1 Todd Woolums 1 Asp News Management 2026-04-23 N/A
Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
CVE-2008-4510 1 Microsoft 1 Windows Vista 2026-04-23 N/A
Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.
CVE-2008-4507 1 Ibm 1 Lotus Quickr 2026-04-23 N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors.
CVE-2008-4500 1 Solarwinds 1 Serv-u File Server 2026-04-23 N/A
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
CVE-2008-4498 1 Phpautos 1 Phpautos 2026-04-23 N/A
SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-4494 1 Torrenttrader 1 Torrenttrader 2026-04-23 N/A
SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4482 1 Apache 1 Xerces-c\+\+ 2026-04-23 N/A
The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.
CVE-2008-4475 1 Gnu 1 Ibackup 2026-04-23 N/A
ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2009-1960 1 Dokuwiki 1 Dokuwiki 2026-04-23 N/A
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
CVE-2009-0031 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree."
CVE-2008-3944 1 Discountedscripts 1 Acg Ptp 2026-04-23 N/A
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
CVE-2009-2476 2 Redhat, Sun 4 Enterprise Linux, Rhel Extras, Java Se and 1 more 2026-04-23 N/A
The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.
CVE-2008-3943 1 Ezonescripts 1 Living Local 2026-04-23 N/A
SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter.
CVE-2008-3942 1 Ozsari 1 Full Php Emlak Script 2026-04-23 N/A
SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3941 1 Bizdirectory 1 Bizdirectory 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.
CVE-2009-2431 1 Wordpress 1 Wordpress 2026-04-23 N/A
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source.
CVE-2008-5767 1 Gazatem 1 Gnews Publisher 2026-04-23 N/A
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
CVE-2008-5748 1 Bloofox 1 Bloofoxcms 2026-04-23 8.1 High
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
CVE-2008-5291 1 Fuzzylime 1 Fuzzylime Cms 2026-04-23 N/A
Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165.
CVE-2006-5121 1 Postnuke Software Foundation 1 Postnuke 2026-04-23 N/A
SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.