Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2008-0961 | CRITICAL | 9.8 | 2008-04-14 | EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | |
| CVE-2008-0599 | CRITICAL | Patched | 9.8 | 2008-05-05 | The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, whi… |
| CVE-2008-2108 | CRITICAL | Patched | 9.8 | 2008-05-07 | The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during… |
| CVE-2008-2374 | CRITICAL | Patched | 9.8 | 2008-07-07 | src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which a… |
| CVE-2007-3652 | CRITICAL | 9.8 | 2008-07-09 | SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOT… | |
| CVE-2008-3604 | CRITICAL | 9.8 | 2008-08-12 | SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |
| CVE-2008-2369 | CRITICAL | Patched | 9.1 | 2008-08-14 | manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitiv… |
| CVE-2008-2433 | CRITICAL | Patched | 9.8 | 2008-08-27 | The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random sessi… |
| CVE-2008-3738 | CRITICAL | Patched | 9.1 | 2008-08-27 | Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors. |
| CVE-2008-3612 | CRITICAL | Patched | 9.8 | 2008-09-11 | The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers t… |
| CVE-2008-4250 | CRITICAL | 9.8 | 2008-10-23 | The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execut… | |
| CVE-2008-5038 | CRITICAL | Patched | 9.8 | 2008-11-12 | Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attacke… |
| CVE-2008-3465 | CRITICAL | 9.8 | 2008-12-10 | Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-depen… | |
| CVE-2008-5784 | CRITICAL | 9.8 | 2008-12-31 | V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |
| CVE-2004-2761 | CRITICAL | 9.8 | 2009-01-05 | The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks o… | |
| CVE-2008-4835 | CRITICAL | 9.8 | 2009-01-14 | SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arb… | |
| CVE-2009-1151 | CRITICAL | Patched | 9.8 | 2009-03-26 | Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a con… |
| CVE-2009-1936 | CRITICAL | Patched | 9.8 | 2009-06-05 | _functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a prote… |
| CVE-2009-2168 | CRITICAL | Patched | 9.8 | 2009-06-22 | cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allo… |
| CVE-2009-2367 | CRITICAL | 9.8 | 2009-07-08 | cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force … | |
| CVE-2009-2382 | CRITICAL | 9.8 | 2009-07-08 | admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN. | |
| CVE-2009-2422 | CRITICAL | Patched | 9.8 | 2009-07-10 | The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest bloc… |
| CVE-2009-2494 | CRITICAL | 9.8 | 2009-08-12 | The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attac… | |
| CVE-2009-1048 | CRITICAL | Patched | 9.8 | 2009-08-14 | The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 all… |
| CVE-2008-7109 | CRITICAL | 9.8 | 2009-08-28 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a m… |