Vulnerabilities (CVE)

Filtered by CWE-20
Total 10302 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-5966 1 Globsy 1 Globsy 2025-04-09 7.5 HIGH N/A
globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.
CVE-2007-2408 1 Apple 1 Safari 2025-04-09 6.8 MEDIUM N/A
WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page.
CVE-2008-2326 2 Apple, Microsoft 6 Bonjour, Windows-nt, Windows 2000 and 3 more 2025-04-09 5.0 MEDIUM N/A
mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.
CVE-2008-5522 2 Avg, Microsoft 2 Antivirus, Internet Explorer 2025-04-09 9.3 HIGH N/A
AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2007-5283 1 Hitachi 1 Tpbroker Object Transaction Monitor 2025-04-09 5.0 MEDIUM N/A
The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages.
CVE-2008-2748 1 Skulltag Team 1 Skulltag 2025-04-09 5.0 MEDIUM N/A
Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times."
CVE-2008-5963 1 Gravity-gtd 1 Gravity-gtd 2025-04-09 10.0 HIGH N/A
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.
CVE-2008-0373 1 Php 1 F1 Maxs File Uploader 2025-04-09 7.5 HIGH N/A
Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.
CVE-2009-1824 1 Arcabit 4 Arcavir 2009 Antivirus Protection, Arcavir 2009 Home Protection, Arcavir 2009 Internet Security and 1 more 2025-04-09 7.2 HIGH N/A
The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs.
CVE-2008-6058 1 Syslserve 1 Syslserve 2025-04-09 5.0 MEDIUM N/A
Syslserve 1.058 and earlier, and probably 1.059, allows remote attackers to cause a denial of service (hang) via a crafted UDP Syslog packet.
CVE-2009-2138 1 Tbdev 1 Tbdev.net 2025-04-09 4.3 MEDIUM N/A
Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI.
CVE-2007-0216 1 Microsoft 2 Office, Works 2025-04-09 9.3 HIGH N/A
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
CVE-2007-6218 1 Ossigeno 1 Cms 2025-04-09 5.0 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234.
CVE-2007-5448 1 Madwifi 1 Madwifi 2025-04-09 4.3 MEDIUM N/A
Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c.
CVE-2009-1045 1 Videolan 1 Vlc Media Player 2025-04-09 5.0 MEDIUM N/A
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
CVE-2008-4932 1 Comingchina 1 U-mail Webmail Server 2025-04-09 9.0 HIGH N/A
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.
CVE-2007-4887 1 Php 1 Php 2025-04-09 4.3 MEDIUM N/A
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
CVE-2007-6178 1 Easy Hosting Control Panel 1 Easy Hosting Control Panel 2025-04-09 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/.
CVE-2008-1702 1 E107 2 E107, My Gallery 2025-04-09 4.3 MEDIUM N/A
Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-1336 1 Linux 1 Linux Kernel 2025-04-09 4.9 MEDIUM N/A
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.