Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2937 2 Postfix, Redhat 2 Postfix, Enterprise Linux 2025-04-09 N/A
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
CVE-2008-3187 1 Opensuse 1 Zypper 2025-04-09 N/A
zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.
CVE-2008-0395 1 Kayako 1 Supportsuite 2025-04-09 N/A
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
CVE-2008-1411 1 Acronis 1 Snap Deploy 2025-04-09 N/A
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
CVE-2008-3178 1 Webxell 1 Webxell Editor 2025-04-09 N/A
Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/.
CVE-2008-3168 1 Empire Server 1 Empire Server 2025-04-09 N/A
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.
CVE-2007-6534 1 Microsoft 1 Publisher 2025-04-09 N/A
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
CVE-2008-3147 1 Wefi 1 Wefi 2025-04-09 N/A
WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which allows local users to obtain sensitive information by reading these files.
CVE-2008-3141 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-09 N/A
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
CVE-2007-6524 1 Opera 1 Opera Browser 2025-04-09 N/A
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.
CVE-2008-1835 1 Clam Anti-virus 1 Clamav 2025-04-09 N/A
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
CVE-2008-0260 1 Minimal Design 1 Minimal Gallery 2025-04-09 N/A
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.
CVE-2007-1155 1 Webspell 1 Webspell 2025-04-09 N/A
Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.
CVE-2008-3094 1 Organic Groups Project 1 Organic Groups 2025-04-09 N/A
The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.
CVE-2006-6653 1 Netbsd 1 Netbsd 2025-04-09 N/A
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").
CVE-2008-2641 2 Adobe, Redhat 3 Acrobat 3d, Acrobat Reader, Rhel Extras 2025-04-09 N/A
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
CVE-2009-0745 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-09 N/A
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.
CVE-2009-0746 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-09 N/A
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.
CVE-2007-6558 1 Totalplayer 1 Totalplayer 2025-04-09 N/A
TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288.
CVE-2008-1451 1 Microsoft 2 Windows 2000, Windows 2003 Server 2025-04-09 N/A
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."