Search Results (362812 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0838 1 Sun 2 Opensolaris, Sunos 2026-04-23 N/A
The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.
CVE-2007-2934 1 Windy Road 1 Vistered Little 2026-04-23 N/A
Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.
CVE-2008-2680 1 Realm Project 1 Realm Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters.
CVE-2007-2936 1 Frequency Clock 1 Frequency Clock 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.
CVE-2008-2682 1 Realm Project 1 Realm Cms 2026-04-23 N/A
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
CVE-2009-0866 1 Phnews 1 Phnews 2026-04-23 N/A
pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php.
CVE-2007-2937 1 Troforum 1 Troforum 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
CVE-2008-1119 1 Centreon 1 Centreon 2026-04-23 N/A
Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
CVE-2009-0873 1 Sun 3 Opensolaris, Solaris, Sunos 2026-04-23 N/A
The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."
CVE-2007-2939 1 Mazens Php Chat 1 Mazens Php Chat 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.
CVE-2008-1120 1 Icq 1 Mirabilis Icq 2026-04-23 N/A
Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.
CVE-2008-1121 1 Eazyportal 1 Eazyportal 2026-04-23 N/A
SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie.
CVE-2007-2943 1 Webavis 1 Webavis 2026-04-23 N/A
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVE-2008-4104 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
CVE-2009-0923 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server.
CVE-2008-6539 1 Holger Schurig 1 Destar 2026-04-23 N/A
Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter.
CVE-2007-2951 1 Kvirc 1 Irc Client 2026-04-23 N/A
The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.
CVE-2009-0936 1 Tor 1 Tor 2026-04-23 N/A
Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes."
CVE-2007-2960 1 Scallywag.org 1 Scallywag 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2961 1 Filecloset 1 Filecloset 2026-04-23 N/A
Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors.