Vulnerabilities (CVE)

Filtered by CWE-20
Total 10302 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1741 1 Cisco 1 Unified Presence 2025-04-09 7.8 HIGH N/A
The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533.
CVE-2008-4812 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-09 9.3 HIGH N/A
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.
CVE-2008-7205 1 Virtuemart 1 Virtuemart 2025-04-09 4.3 MEDIUM N/A
Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file.
CVE-2007-4783 1 Php 1 Php 2025-04-09 5.0 MEDIUM N/A
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVE-2008-4616 2 The Spanner, Wordpress 2 Spambam Plugin, Spambam Plugin 2025-04-09 5.0 MEDIUM N/A
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.
CVE-2008-6772 1 Peterselie 1 Yourplace 2025-04-09 7.5 HIGH N/A
login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user.
CVE-2008-3584 1 Netbsd 1 Netbsd 2025-04-09 9.3 HIGH N/A
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet.
CVE-2006-7160 1 Agnitum 1 Outpost Firewall 2025-04-09 4.9 MEDIUM N/A
The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.
CVE-2008-0386 2 Gentoo, Mandrakesoft 2 Xdg-utils, Mandrake Linux 2025-04-09 6.8 MEDIUM N/A
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
CVE-2009-4495 1 Yaws 1 Yaws 2025-04-09 5.0 MEDIUM N/A
Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
CVE-2007-5128 2 Boesch-it, Php 2 Simpnews, Php 2025-04-09 5.0 MEDIUM N/A
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.
CVE-2008-1216 1 Ibm 1 Lotus Quickr Server 2025-04-09 6.8 MEDIUM N/A
IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element.
CVE-2008-3243 1 F-prot 2 F-prot Antivirus, Scanning Engine 2025-04-09 4.3 MEDIUM N/A
Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash.
CVE-2008-1898 1 Microsoft 2 Office, Works 2025-04-09 9.3 HIGH N/A
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
CVE-2009-3640 1 Linux 1 Linux Kernel 2025-04-09 4.9 MEDIUM N/A
The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function.
CVE-2008-6702 1 Stalker-game 1 S.t.a.l.k.e.r.\ 2025-04-09 5.0 MEDIUM N/A
S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception.
CVE-2008-5524 2 Microsoft, Quickheal 2 Internet Explorer, Cat Quickheal 2025-04-09 9.3 HIGH N/A
CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2008-1366 1 Trend Micro 1 Officescan Corporate Edition 2025-04-09 5.0 MEDIUM N/A
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference.
CVE-2008-7136 1 Icq 1 Icq Toolbar 2025-04-09 4.3 MEDIUM N/A
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135.
CVE-2008-2170 1 Century Software 1 Router 2025-04-09 7.1 HIGH 7.5 HIGH
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.