Search Results (363416 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2200 1 Maianscriptworld 1 Maian Weblog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.
CVE-2007-4625 1 Polipo 1 Polipo 2026-04-23 N/A
Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request.
CVE-2008-2201 1 Maianscriptworld 1 Maian Recipe 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters.
CVE-2007-4628 1 Phpns 1 Phpns 2026-04-23 N/A
SQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2203 1 Maianscriptworld 1 Maian Search 2026-04-23 N/A
SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.
CVE-2008-2679 1 Realm Project 1 Realm Cms 2026-04-23 N/A
SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI.
CVE-2006-6334 1 Citrix 1 Presentation Server Client 2026-04-23 N/A
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.
CVE-2007-4632 1 Cisco 1 Ios 2026-04-23 N/A
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.
CVE-2008-4070 2 Mozilla, Redhat 3 Seamonkey, Thunderbird, Enterprise Linux 2026-04-23 N/A
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."
CVE-2008-2206 1 Maianscriptworld 1 Maian Music 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php.
CVE-2008-5504 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.
CVE-2008-2208 1 Maianscriptworld 1 Maian Greeting 2026-04-23 N/A
SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.
CVE-2008-7192 1 Woltlab 1 Burning Board 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete private messages via the pmID parameter in a delete action in a PM page, a different vulnerability than CVE-2008-0472.
CVE-2008-2209 1 Maianscriptworld 1 Maian Greeting 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Greeting 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script and (2) msg_script2 parameters.
CVE-2008-3396 1 Epic Games 1 Unreal Tournament 2004 2026-04-23 N/A
Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.
CVE-2008-5506 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
CVE-2007-4644 1 Doomsday 1 Doomsday 2026-04-23 N/A
Format string vulnerability in the Cl_GetPackets function in cl_main.c in the client in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote Doomsday servers to execute arbitrary code via format string specifiers in a PSV_CONSOLE_TEXT message.
CVE-2008-2210 1 Maianscriptworld 1 Maian Support 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php.
CVE-2008-2211 1 Maianscriptworld 1 Maian Guestbook 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters.
CVE-2007-4646 1 Hexamail 1 Hexamail Server 2026-04-23 N/A
Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.