Search Results (26226 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2941 2 Hp, Redhat 2 Linux Imaging And Printing Project, Enterprise Linux 2026-04-23 N/A
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
CVE-2008-6568 1 Yehe 1 Yehe 2026-04-23 N/A
Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1870 2 Adobe, Redhat 4 Air, Flash Player, Flex and 1 more 2026-04-23 N/A
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
CVE-2008-0672 1 Tintin 2 Tintin\+\+, Wintin\+\+ 2026-04-23 N/A
The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.
CVE-2009-3554 1 Redhat 1 Jboss Enterprise Application Platform 2026-04-23 N/A
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.
CVE-2008-1835 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
CVE-2009-0022 1 Samba 1 Samba 2026-04-23 N/A
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.
CVE-2008-3607 1 Noticeware 1 Email Server 2026-04-23 N/A
The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands.
CVE-2008-6790 1 Minddezign 1 Photo Gallery 2026-04-23 N/A
The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.
CVE-2008-6772 1 Peterselie 1 Yourplace 2026-04-23 N/A
login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user.
CVE-2009-4494 1 Aol 1 Aolserver 2026-04-23 N/A
AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
CVE-2008-1805 1 Skype Technologies 1 Skype 2026-04-23 N/A
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.
CVE-2008-2031 1 Vicftps 1 Vicftps 2026-04-23 N/A
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4199 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
CVE-2008-5461 1 Oracle 1 Bea Product Suite 2026-04-23 N/A
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.
CVE-2008-2170 1 Century Software 1 Router 2026-04-23 7.5 High
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-6559 1 Sco 2 Reliantha, Unixware 2026-04-23 N/A
Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters.
CVE-2009-0879 2 Ibm, Microsoft 2 Director, Windows 2026-04-23 N/A
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
CVE-2008-6962 1 Avira 4 Antivir, Antivir Personal, Antivir Professional and 1 more 2026-04-23 N/A
Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.
CVE-2008-6159 1 Hans Oesterholt 1 Cmme 2026-04-23 N/A
Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function.