Export limit exceeded: 26245 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26245 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6504 | 2 Apache, Opensymphony | 2 Struts, Xwork | 2026-04-23 | N/A |
| ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character. | ||||
| CVE-2009-0628 | 1 Cisco | 1 Cisco Ios | 2026-04-23 | N/A |
| Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak. | ||||
| CVE-2008-6806 | 1 7-shop | 1 7shop | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/. | ||||
| CVE-2008-4445 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2026-04-23 | N/A |
| The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113. | ||||
| CVE-2008-3539 | 2 Hp, Microsoft | 12 Hpsi Acf2 Connector, Hpsi Active Directory Connector, Hpsi Bidir Dirx Connector and 9 more | 2026-04-23 | N/A |
| Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors. | ||||
| CVE-2008-6063 | 1 Microsoft | 1 Word | 2026-04-23 | N/A |
| Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. | ||||
| CVE-2007-5550 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2007-5691 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer." | ||||
| CVE-2008-4509 | 1 Foss Gallery | 1 Foss Gallery | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory. | ||||
| CVE-2007-0102 | 1 Apple | 1 Preview | 2026-04-23 | N/A |
| The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | ||||
| CVE-2008-6511 | 1 Igniterealtime | 1 Openfire | 2026-04-23 | N/A |
| Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | ||||
| CVE-2008-6754 | 2 Jelsoft, Mephisteus | 2 Vbulletin, The Personal Sticky Threads | 2026-04-23 | N/A |
| The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky. | ||||
| CVE-2008-4493 | 1 Microsoft | 1 Digital Image | 2026-04-23 | N/A |
| Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. | ||||
| CVE-2007-0523 | 1 Nokia | 1 N70 | 2026-04-23 | N/A |
| The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | ||||
| CVE-2008-4318 | 1 Project-observer | 1 Observer | 2026-04-23 | N/A |
| Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php. | ||||
| CVE-2008-1782 | 1 Advanced Software Engineering | 1 Chartdirector | 2026-04-23 | N/A |
| phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter. | ||||
| CVE-2008-0009 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations. | ||||
| CVE-2007-6534 | 1 Microsoft | 1 Publisher | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | ||||
| CVE-2008-2729 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2026-04-23 | N/A |
| arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information. | ||||
| CVE-2008-6521 | 1 Devraj Mukherjee | 1 Openterracotta | 2026-04-23 | N/A |
| index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote attackers to obtain sensitive information via an invalid File parameter, which reveals the installation path in an error message. | ||||