Vulnerabilities (CVE)

Filtered by CWE-20
Total 10301 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6171 1 Drupal 1 Drupal 2025-04-09 9.3 HIGH N/A
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
CVE-2007-4561 1 Realnetworks 1 Helix Dna Server 2025-04-09 10.0 HIGH N/A
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.
CVE-2008-6662 2 Avg, Linux 2 Avg Anti-virus, Linux Kernel 2025-04-09 4.3 MEDIUM N/A
AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via a malformed UPX compressed file, which triggers memory corruption.
CVE-2008-3410 1 Epic Games 1 Unreal Tournament 3 2025-04-09 5.0 MEDIUM N/A
Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c.
CVE-2008-6731 1 China-on-site 1 Flexphplink 2025-04-09 9.3 HIGH N/A
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
CVE-2007-4570 1 Redhat 2 Enterprise Linux, Mcstrans 2025-04-09 1.9 LOW N/A
Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels.
CVE-2007-4516 1 Symantec Veritas 1 Storage Foundation 2025-04-09 4.3 MEDIUM N/A
The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets.
CVE-2009-0172 1 Ibm 1 Db2 Universal Database 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.
CVE-2009-4031 1 Linux 1 Linux Kernel 2025-04-09 7.8 HIGH N/A
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.
CVE-2007-3391 1 Wireshark 1 Wireshark 2025-04-09 7.8 HIGH N/A
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.
CVE-2009-1773 1 Activecollab 1 Activecollab 2025-04-09 5.0 MEDIUM N/A
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message.
CVE-2009-1536 1 Microsoft 3 .net Framework, Windows Server 2008, Windows Vista 2025-04-09 2.6 LOW N/A
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
CVE-2008-3947 1 Hp 1 Openvms 2025-04-09 7.2 HIGH N/A
DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.
CVE-2009-2320 1 Axesstel 1 Mv 410r 2025-04-09 7.5 HIGH N/A
The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript.
CVE-2008-3697 1 Vmware 2 Server, Vmware Server 2025-04-09 5.0 MEDIUM N/A
An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request.
CVE-2008-2171 1 Alaxala 1 Ax Router 2025-04-09 7.1 HIGH N/A
Unspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2007-0523 1 Nokia 1 N70 2025-04-09 3.3 LOW N/A
The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
CVE-2007-1793 1 Symantec 8 Antivirus, Client Security, Norton 360 and 5 more 2025-04-09 4.9 MEDIUM N/A
SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.
CVE-2007-2509 1 Php 1 Php 2025-04-09 2.6 LOW N/A
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
CVE-2009-4372 1 Alienvault 1 Open Source Security Information Management 2025-04-09 7.5 HIGH N/A
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.