Total
12849 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4343 | 1 Chilkat Software | 1 Chilkat Xml Activex Control | 2025-04-09 | N/A |
| The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. | ||||
| CVE-2006-6955 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | ||||
| CVE-2007-0683 | 1 Omegaboard Project | 1 Omegaboard | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2008-4641 | 1 Sentex | 1 Jhead | 2025-04-09 | N/A |
| The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | ||||
| CVE-2008-4681 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2025-04-09 | N/A |
| Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | ||||
| CVE-2008-4049 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2025-04-09 | N/A |
| A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method. | ||||
| CVE-2008-6367 | 1 Socialgroupie | 1 Social Groupie | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/. | ||||
| CVE-2008-3410 | 1 Epic Games | 1 Unreal Tournament 3 | 2025-04-09 | N/A |
| Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c. | ||||
| CVE-2009-2318 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | N/A |
| The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116. | ||||
| CVE-2009-2305 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2025-04-09 | N/A |
| The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences. | ||||
| CVE-2009-2303 | 1 Avatic | 1 Aardvark Topsites Php | 2025-04-09 | N/A |
| index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message. | ||||
| CVE-2008-3287 | 1 Emc Dantz | 1 Retrospect Backup Client | 2025-04-09 | N/A |
| retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference. | ||||
| CVE-2008-5906 | 1 Ktorrent | 1 Ktorrent | 2025-04-09 | N/A |
| Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts. | ||||
| CVE-2008-5904 | 1 Xrdp | 1 Xrdp | 2025-04-09 | N/A |
| The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow. | ||||
| CVE-2006-6852 | 1 Tdiary | 1 Tdiary | 2025-04-09 | N/A |
| Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6684 | 1 Videolan | 1 Vlc | 2025-04-09 | N/A |
| The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | ||||
| CVE-2008-3187 | 1 Opensuse | 1 Zypper | 2025-04-09 | N/A |
| zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key. | ||||
| CVE-2008-5870 | 1 Faststone | 1 Image Viewer | 2025-04-09 | N/A |
| FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942. | ||||
| CVE-2008-5810 | 1 Fujitsu-siemens | 1 Webtransactions | 2025-04-09 | N/A |
| WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs. | ||||
| CVE-2008-2954 | 1 Linux | 1 Direct Connect | 2025-04-09 | N/A |
| client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read. | ||||