Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5298 1 Karakas-online 1 Chm2pdf 2026-04-23 N/A
chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time.
CVE-2009-1590 1 Cgi Rescue 1 Form2mail 2026-04-23 N/A
Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form.
CVE-2009-3199 1 Uebimiau 1 Uebimiau 2026-04-23 N/A
Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf.
CVE-2008-5300 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2026-04-23 N/A
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
CVE-2008-5301 1 Dovecot 1 Dovecot 2026-04-23 N/A
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
CVE-2009-1591 1 Cgi Rescue 1 Cgi Web Mailer 2026-04-23 N/A
CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form.
CVE-2009-2096 1 David Degner 1 Phpcollegeexchange 2026-04-23 N/A
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.
CVE-2008-5312 1 Mailscanner 1 Mailscanner 2026-04-23 N/A
mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5) rav-autoupdate.new scripts in /etc/MailScanner/autoupdate/, a different vulnerability than CVE-2008-5140.
CVE-2008-5313 1 Mailscanner 1 Mailscanner 2026-04-23 N/A
mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/; the (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) rav-wrapper scripts in /etc/MailScanner/wrapper/; the (9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm, and (13) SA.pm scripts in /usr/share/MailScanner/MailScanner/; (14) /usr/sbin/MailScanner; and (15) scripts that load the /etc/MailScanner/mailscanner.conf.with.mcp configuration file.
CVE-2008-5314 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
CVE-2008-5317 2 Littlecms, Redhat 3 Lcms, Little Cms Color Engine, Enterprise Linux 2026-04-23 N/A
Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.
CVE-2009-2102 2 Com Jumi, Joomla 2 Com Jumi, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.
CVE-2008-5318 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653.
CVE-2009-2103 2 Steve Grundell, Typo3 2 Frontend Mp3 Player, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3207 2 Drewish, Drupal 2 Imagecache, Drupal 2026-04-23 N/A
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename.
CVE-2008-5326 2 Ibm, Microsoft 2 Rational Clearquest, Windows 2026-04-23 N/A
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks.
CVE-2008-5328 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process.
CVE-2008-5329 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file.
CVE-2009-2104 2 Typo3, Udo Von Eynern 2 Typo3, Modern Guest Book Commenting System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-5335 1 Php-fusion 1 Php-fusion 2026-04-23 N/A
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.