Total
11464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2852 | 2 Ryan.mcgeary, Wordpress | 2 Wp-syntax, Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
| WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function. | |||||
| CVE-2007-4761 | 1 Matteo | 1 Barbo91 | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4344 | 1 Acdsee | 3 Photo Editor, Photo Manager, Pro Photo Manager | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow. | |||||
| CVE-2009-2305 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2025-04-09 | 7.8 HIGH | N/A |
| The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences. | |||||
| CVE-2009-3271 | 1 Apple | 2 Iphone Os, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | |||||
| CVE-2008-3660 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. | |||||
| CVE-2007-4570 | 1 Redhat | 2 Enterprise Linux, Mcstrans | 2025-04-09 | 1.9 LOW | N/A |
| Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. | |||||
| CVE-2008-6752 | 1 Revou | 1 Revou | 2025-04-09 | 7.5 HIGH | N/A |
| adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation. | |||||
| CVE-2007-1277 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
| WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php. | |||||
| CVE-2009-1914 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialized pointers and the request_resource function. | |||||
| CVE-2008-3286 | 1 Sierra | 1 Swat 4 | 2025-04-09 | 5.0 MEDIUM | N/A |
| SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string. | |||||
| CVE-2007-0802 | 2 Mozilla, Opera | 2 Firefox, Opera Browser | 2025-04-09 | 6.4 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. | |||||
| CVE-2007-1995 | 1 Quagga | 1 Quagga | 2025-04-09 | 6.3 MEDIUM | N/A |
| bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | |||||
| CVE-2009-1336 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function. | |||||
| CVE-2007-4430 | 1 Cisco | 5 Cbos, Cli, Ids and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access. | |||||
| CVE-2008-0209 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter. | |||||
| CVE-2006-5938 | 1 Grisoft | 1 Avg Antivirus | 2025-04-09 | 10.0 HIGH | N/A |
| Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file. | |||||
| CVE-2009-0172 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | |||||
| CVE-2008-6490 | 1 Flysforum | 1 Flaber | 2025-04-09 | 7.5 HIGH | N/A |
| function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php. | |||||
| CVE-2009-0582 | 1 Gnome | 1 Evolution-data-server | 2025-04-09 | 5.8 MEDIUM | N/A |
| The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. | |||||