Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6121 3 Ethereal Group, Redhat, Wireshark 3 Ethereal, Enterprise Linux, Wireshark 2025-04-09 N/A
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
CVE-2007-5569 1 Cisco 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Pix 500 2025-04-09 N/A
Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120.
CVE-2008-6742 1 Gofoxy 1 Foxy 2025-04-09 N/A
Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value.
CVE-2008-4616 2 The Spanner, Wordpress 2 Spambam Plugin, Spambam Plugin 2025-04-09 N/A
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.
CVE-2009-0959 1 Apple 2 Iphone Os, Ipod Touch 2025-04-09 N/A
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."
CVE-2008-5431 1 5e5 1 Teamtek Universal Ftp Server 2025-04-09 N/A
Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command.
CVE-2009-2256 1 Netgear 1 Dg632 2025-04-09 N/A
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.
CVE-2008-7088 1 Photopost 1 Photopost Vbgallery 2025-04-09 N/A
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.
CVE-2008-3304 1 Tuxplanet 1 Bilboblog 2025-04-09 N/A
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.
CVE-2007-4914 1 Invision Power Services 1 Invision Power Board 2025-04-09 N/A
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.
CVE-2008-2042 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-09 N/A
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.
CVE-2009-2796 1 Apple 1 Iphone Os 2025-04-09 N/A
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
CVE-2007-4970 1 Diamondcs 1 Processguard 2025-04-09 N/A
ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey.
CVE-2008-1578 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2008-6662 2 Avg, Linux 2 Avg Anti-virus, Linux Kernel 2025-04-09 N/A
AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via a malformed UPX compressed file, which triggers memory corruption.
CVE-2007-0035 1 Microsoft 2 Office, Works 2025-04-09 N/A
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
CVE-2008-0082 1 Microsoft 1 Windows Messenger 2025-04-09 N/A
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
CVE-2007-5734 1 Efileman 1 Efileman 2025-04-09 N/A
Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/upload_file." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html.
CVE-2007-4924 3 Ekiga, Openh323 Project, Redhat 3 Ekiga, Openh323, Enterprise Linux 2025-04-09 N/A
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
CVE-2008-4163 1 Isc 1 Bind 2025-04-09 N/A
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.