Search Results (361890 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5451 2 Jdedwards, Oracle 2 Enterpriseone, Peoplesoft Enterprise 2026-04-23 N/A
Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2009-0357 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
CVE-2008-5458 1 Oracle 2 E-business Suite, E-business Suite 12 2026-04-23 N/A
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 and CU2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
CVE-2009-0360 1 Eyrie 1 Pam-krb5 2026-04-23 N/A
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
CVE-2007-6548 1 Runcms 1 Runcms 2026-04-23 N/A
Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/.
CVE-2007-6552 1 Auracms 1 Auracms 2026-04-23 N/A
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
CVE-2008-5460 1 Oracle 1 Bea Product Suite 2026-04-23 N/A
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.
CVE-2007-6553 1 George Lewe 1 Teamcal Pro 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.
CVE-2008-5461 1 Oracle 1 Bea Product Suite 2026-04-23 N/A
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.
CVE-2007-6558 1 Totalplayer 1 Totalplayer 2026-04-23 N/A
TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288.
CVE-2007-6561 1 Pdflib 1 Pdflib 2026-04-23 N/A
Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors.
CVE-2008-5463 1 Oracle 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise 2026-04-23 N/A
Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
CVE-2007-6562 1 Tcpreen 1 Tcpreen 2026-04-23 N/A
Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp.
CVE-2008-5487 1 Turnkeyforms 1 Text Link Sales 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2007-6566 1 Xzero Scripts 1 Xzero Community Classifieds 2026-04-23 N/A
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
CVE-2008-5490 1 Phpstore 1 Yahoo Answers 2026-04-23 N/A
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6567 1 Xzero Scripts 1 Xzero Community Classifieds 2026-04-23 N/A
Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.
CVE-2007-6568 1 Xzero Scripts 1 Xzero Community Classifieds 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
CVE-2008-5493 1 Phpstore 2 Wholesale, Wholesales 2026-04-23 N/A
SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6570 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.