Total
11775 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0277 | 1 Drupal | 1 Fileshare Module | 2025-04-09 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-4031 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support. | |||||
| CVE-2008-4767 | 2 Php-nuke, Phpnuke | 2 Downloadsplus Module, Php-nuke | 2025-04-09 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality. | |||||
| CVE-2009-2513 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
| The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." | |||||
| CVE-2009-0164 | 1 Apple | 1 Cups | 2025-04-09 | 6.4 MEDIUM | N/A |
| The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. | |||||
| CVE-2007-5893 | 1 Alhem | 1 C\+\+ Sockets Library | 2025-04-09 | 5.0 MEDIUM | N/A |
| HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party information. | |||||
| CVE-2007-6060 | 1 Ahnlab | 1 V3 Internet Security | 2025-04-09 | 9.3 HIGH | N/A |
| AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename. | |||||
| CVE-2008-6511 | 1 Igniterealtime | 1 Openfire | 2025-04-09 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | |||||
| CVE-2008-3396 | 1 Epic Games | 1 Unreal Tournament 2004 | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets. | |||||
| CVE-2008-6058 | 1 Syslserve | 1 Syslserve | 2025-04-09 | 5.0 MEDIUM | N/A |
| Syslserve 1.058 and earlier, and probably 1.059, allows remote attackers to cause a denial of service (hang) via a crafted UDP Syslog packet. | |||||
| CVE-2008-2748 | 1 Skulltag Team | 1 Skulltag | 2025-04-09 | 5.0 MEDIUM | N/A |
| Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times." | |||||
| CVE-2008-1545 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
| The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. | |||||
| CVE-2008-3187 | 1 Opensuse | 1 Zypper | 2025-04-09 | 5.0 MEDIUM | N/A |
| zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key. | |||||
| CVE-2007-6278 | 1 Flac | 1 Libflac | 2025-04-09 | 9.3 HIGH | N/A |
| Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. | |||||
| CVE-2006-7070 | 1 Etomite | 1 Etomite | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function. | |||||
| CVE-2008-6882 | 2 Joomla, Joompolitan | 2 Joomla, Com Livechat | 2025-04-09 | 7.5 HIGH | N/A |
| Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. | |||||
| CVE-2008-5581 | 1 Mini-pub | 1 Mini-pub | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter. | |||||
| CVE-2008-5870 | 1 Faststone | 1 Image Viewer | 2025-04-09 | 4.3 MEDIUM | N/A |
| FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942. | |||||
| CVE-2008-3410 | 1 Epic Games | 1 Unreal Tournament 3 | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c. | |||||
| CVE-2008-1158 | 1 Cisco | 2 Unified Presence, Unified Presence Server | 2025-04-09 | 7.8 HIGH | N/A |
| The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164. | |||||