Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1216 1 Ibm 1 Lotus Quickr Server 2025-04-09 N/A
IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element.
CVE-2007-3711 1 3com 1 Tippingpoint Ips Tos 2025-04-09 N/A
Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.
CVE-2007-2931 1 Microsoft 2 Msn Messenger, Windows Live Messenger 2025-04-09 N/A
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
CVE-2007-5554 1 Oracle 1 Database Server 2025-04-09 N/A
Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-3008 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2025-04-09 N/A
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
CVE-2008-6528 1 Tmaxsoft 1 Jeus 2025-04-09 N/A
NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream.
CVE-2007-5379 1 David Hansson 1 Ruby On Rails 2025-04-09 N/A
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.
CVE-2007-2253 1 Exponent 1 Exponent Cms 2025-04-09 N/A
Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.
CVE-2007-4612 1 Dale Mooney 1 Contact Form 2025-04-09 N/A
CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.
CVE-2008-6538 1 Holger Schurig 1 Destar 2025-04-09 N/A
DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser.
CVE-2008-4283 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2009-1536 1 Microsoft 3 .net Framework, Windows Server 2008, Windows Vista 2025-04-09 N/A
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
CVE-2008-4999 1 Nortel 1 Unistim Ip Phone 2025-04-09 N/A
Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue.
CVE-2008-0105 1 Microsoft 2 Office, Works 2025-04-09 N/A
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
CVE-2007-5432 1 Scottmanktelow 1 Stride Cms 2025-04-09 N/A
Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php.
CVE-2007-5339 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-09 N/A
Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.
CVE-2007-4567 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-04-09 N/A
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
CVE-2008-4919 1 Visagesoft 1 Expert Pdf Viewer Activex 2025-04-09 N/A
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method.
CVE-2008-4910 1 Sun 1 Java Web Start 2025-04-09 N/A
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.
CVE-2008-1585 1 Apple 1 Quicktime 2025-04-09 N/A
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.