Export limit exceeded: 25410 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25410 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2655 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-23 | N/A |
| mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. | ||||
| CVE-2007-0208 | 1 Microsoft | 4 Office, Word, Word Viewer and 1 more | 2026-04-23 | N/A |
| Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. | ||||
| CVE-2008-2988 | 1 Benjacms | 1 Benja Cms | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/. | ||||
| CVE-2009-3287 | 1 Macournoyer | 1 Thin | 2026-04-23 | N/A |
| lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header. | ||||
| CVE-2007-1563 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | ||||
| CVE-2007-1693 | 1 Yate | 1 Yet Another Telephony Engine | 2026-04-23 | N/A |
| The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter. | ||||
| CVE-2007-1793 | 1 Symantec | 8 Antivirus, Client Security, Norton 360 and 5 more | 2026-04-23 | N/A |
| SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected. | ||||
| CVE-2007-5035 | 1 Openengine | 1 Openengine | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the this_module_path parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement | ||||
| CVE-2007-5036 | 1 Airdefense | 1 Airsensor | 2026-04-23 | N/A |
| Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service (HTTPS service outage) via a crafted query string in an HTTPS request to (1) adLog.cgi, (2) post.cgi, or (3) ad.cgi, related to the "files filter." | ||||
| CVE-2007-2509 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2026-04-23 | N/A |
| CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. | ||||
| CVE-2007-5039 | 1 Ghostsecurity | 1 Ghost Security Suite | 2026-04-23 | N/A |
| Ghost Security Suite beta 1.110 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtQueryValueKey, (4) NtSetSystemInformation, and (5) NtSetValueKey kernel SSDT hooks. | ||||
| CVE-2009-3457 | 1 Cisco | 2 Ace Web Application Firewall, Ace Xml Gateway | 2026-04-23 | N/A |
| Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. | ||||
| CVE-2009-3452 | 1 Radactive | 1 I-load | 2026-04-23 | N/A |
| WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname. | ||||
| CVE-2007-3998 | 4 Canonical, Debian, Php and 1 more | 5 Ubuntu Linux, Debian Linux, Php and 2 more | 2026-04-23 | N/A |
| The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. | ||||
| CVE-2008-2957 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2026-04-23 | N/A |
| The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | ||||
| CVE-2008-2933 | 2 Mozilla, Redhat | 3 Firefox, Enterprise Linux, Rhel Eus | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. | ||||
| CVE-2009-4031 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Virtualization | 2026-04-23 | N/A |
| The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support. | ||||
| CVE-2007-4761 | 1 Matteo | 1 Barbo91 | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3010 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Media Player and 2 more | 2026-04-23 | N/A |
| Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." | ||||
| CVE-2008-3676 | 1 Hmailserver | 1 Hmailserver | 2026-04-23 | N/A |
| Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands. | ||||