Total
10771 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1824 | 1 Arcabit | 4 Arcavir 2009 Antivirus Protection, Arcavir 2009 Home Protection, Arcavir 2009 Internet Security and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
| The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs. | |||||
| CVE-2008-6058 | 1 Syslserve | 1 Syslserve | 2025-04-09 | 5.0 MEDIUM | N/A |
| Syslserve 1.058 and earlier, and probably 1.059, allows remote attackers to cause a denial of service (hang) via a crafted UDP Syslog packet. | |||||
| CVE-2009-2138 | 1 Tbdev | 1 Tbdev.net | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI. | |||||
| CVE-2007-0216 | 1 Microsoft | 2 Office, Works | 2025-04-09 | 9.3 HIGH | N/A |
| wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." | |||||
| CVE-2007-6218 | 1 Ossigeno | 1 Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234. | |||||
| CVE-2007-5448 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 4.3 MEDIUM | N/A |
| Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c. | |||||
| CVE-2009-1045 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | 5.0 MEDIUM | N/A |
| requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. | |||||
| CVE-2008-4932 | 1 Comingchina | 1 U-mail Webmail Server | 2025-04-09 | 9.0 HIGH | N/A |
| webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root. | |||||
| CVE-2007-4887 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
| The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. | |||||
| CVE-2007-6178 | 1 Easy Hosting Control Panel | 1 Easy Hosting Control Panel | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | |||||
| CVE-2008-1702 | 1 E107 | 2 E107, My Gallery | 2025-04-09 | 4.3 MEDIUM | N/A |
| Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1336 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function. | |||||
| CVE-2009-2304 | 1 Avatic | 1 Aardvark Topsites Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message. | |||||
| CVE-2009-2992 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 4.3 MEDIUM | N/A |
| An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2008-5362 | 1 Adobe | 2 Air, Flash Player | 2025-04-09 | 4.3 MEDIUM | N/A |
| The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file. | |||||
| CVE-2008-6976 | 1 Mikrotik | 1 Routeros | 2025-04-09 | 6.4 MEDIUM | N/A |
| MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request. | |||||
| CVE-2007-4780 | 1 Joomla | 1 Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
| Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | |||||
| CVE-2006-6581 | 1 Vernet Loic | 1 Php Debug | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter. | |||||
| CVE-2007-3731 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function. | |||||
| CVE-2008-4493 | 1 Microsoft | 1 Digital Image | 2025-04-09 | 6.8 MEDIUM | N/A |
| Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. | |||||