Export limit exceeded: 26431 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26431 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6405 1 Shttpd 1 Shttpd 2026-04-23 N/A
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
CVE-2008-3660 2 Php, Redhat 2 Php, Enterprise Linux 2026-04-23 N/A
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
CVE-2007-5563 1 Virtuemart 1 Virtuemart 2026-04-23 N/A
Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2007-1136 1 Webmplayer 1 Webmplayer 2026-04-23 N/A
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.
CVE-2008-3657 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2026-04-23 N/A
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
CVE-2008-3651 2 Linux, Redhat 2 Ipsec Tools Racoon Daemon, Enterprise Linux 2026-04-23 N/A
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
CVE-2008-4398 2 Broadcom, Ca 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2026-04-23 N/A
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.
CVE-2008-3644 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
CVE-2007-2322 1 Nero 2 Mediahome, Mediahome Ce 2026-04-23 N/A
NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4218 1 Trend Micro 1 Serverprotect 2026-04-23 N/A
Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.
CVE-2008-3634 1 Apple 3 Itunes, Mac Os X, Mac Os X Server 2026-04-23 N/A
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.
CVE-2007-5556 1 Avaya 1 Voip Handset 2026-04-23 N/A
Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-5638 1 Nortel 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more 2026-04-23 N/A
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.
CVE-2007-1563 1 Opera 1 Opera Browser 2026-04-23 N/A
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2008-6793 1 Dflabs 1 Ptk 2026-04-23 N/A
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
CVE-2008-4907 1 Dovecot 1 Dovecot 2026-04-23 N/A
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
CVE-2008-4493 1 Microsoft 1 Digital Image 2026-04-23 N/A
Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
CVE-2008-3571 1 Xerox 1 Phaser 2026-04-23 N/A
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
CVE-2009-0274 1 Novell 1 Groupwise 2026-04-23 N/A
Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests.
CVE-2008-3550 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.