Total
10777 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4744 | 1 Anyinventory | 1 Anyinventory | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter. | |||||
| CVE-2009-0582 | 1 Gnome | 1 Evolution-data-server | 2025-04-09 | 5.8 MEDIUM | N/A |
| The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. | |||||
| CVE-2007-6573 | 1 Qksoft | 1 Qk Smtp Server 3 | 2025-04-09 | 7.8 HIGH | N/A |
| QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551. | |||||
| CVE-2008-2926 | 2 Broadcom, Ca | 5 Internet Security Suite, Host Based Intrusion Prevention System, Internet Security Suite 2008 and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
| The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request. | |||||
| CVE-2008-5220 | 1 Wportfolio | 1 Wportfolio | 2025-04-09 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/. | |||||
| CVE-2008-1278 | 1 Remotelyanywhere | 1 Remotelyanywhere | 2025-04-09 | 5.0 MEDIUM | N/A |
| The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, which triggers a NULL pointer dereference. NOTE: the service is automatically restarted. | |||||
| CVE-2008-5677 | 1 Kwalbum | 1 Kwalbum | 2025-04-09 | 7.1 HIGH | N/A |
| Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1647 | 1 Chilkat Software | 1 Chilkathttp Activex | 2025-04-09 | 9.3 HIGH | N/A |
| The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6176 | 1 Amensa-soft | 1 K\+b-bestellsystem | 2025-04-09 | 10.0 HIGH | N/A |
| kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. | |||||
| CVE-2006-7208 | 1 Adam Van Dongen | 2 Com Forum, Phpbb Component | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2008-0570 | 1 Drupal | 1 Openid | 2025-04-09 | 5.0 MEDIUM | N/A |
| The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers. | |||||
| CVE-2009-4321 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 5.0 MEDIUM | N/A |
| extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3904 | 1 Lxde | 2 Gpicview, Lightweight X11 Desktop Environment | 2025-04-09 | 7.5 HIGH | N/A |
| src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2009-1914 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialized pointers and the request_resource function. | |||||
| CVE-2007-3715 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2025-04-09 | 9.3 HIGH | N/A |
| Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716. | |||||
| CVE-2008-2750 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. | |||||
| CVE-2009-0050 | 1 Entrouvert | 1 Lasso | 2025-04-09 | 4.3 MEDIUM | N/A |
| Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-1691 | 1 Seattle Lab Software | 1 Slmail Pro | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6684 | 1 Yourfreeworld | 1 Apartment Search Script | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in Member_Admin/logo/. | |||||
| CVE-2008-6497 | 1 Tp | 1 Neostrada Livebox Adsl Router | 2025-04-09 | 7.8 HIGH | N/A |
| The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI. | |||||