Search Results (26297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4817 2 Adobe, Redhat 4 Acrobat, Acrobat Reader, Download Manager and 1 more 2026-04-23 N/A
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.
CVE-2008-4820 2 Adobe, Microsoft 2 Flash Player, Windows 2026-04-23 N/A
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.
CVE-2008-4821 3 Adobe, Mozilla, Redhat 5 Flash Player, Camino, Firefox and 2 more 2026-04-23 N/A
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
CVE-2008-5220 1 Wportfolio 1 Wportfolio 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
CVE-2008-5730 1 Netcat 1 Netcat 2026-04-23 N/A
Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file.
CVE-2008-5732 1 Kafooeyblog 1 Kafooeyblog 2026-04-23 N/A
Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
CVE-2008-5826 1 Nokia 1 6131 Nfc 2026-04-23 N/A
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.
CVE-2008-5828 1 Microsoft 1 Windows Live Messenger 2026-04-23 N/A
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
CVE-2008-5870 1 Faststone 1 Image Viewer 2026-04-23 N/A
FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.
CVE-2008-5887 1 Tincan 1 Phplist 2026-04-23 N/A
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."
CVE-2008-5936 1 Mini-pub 1 Mini-pub 2026-04-23 N/A
front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.
CVE-2008-5937 1 Zkesoft 1 Ayeview 2026-04-23 N/A
AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.
CVE-2008-5963 1 Gravity-gtd 1 Gravity-gtd 2026-04-23 N/A
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.
CVE-2008-5966 1 Globsy 1 Globsy 2026-04-23 N/A
globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.
CVE-2009-0022 1 Samba 1 Samba 2026-04-23 N/A
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.
CVE-2009-0027 1 Redhat 1 Jboss Enterprise Application Platform 2026-04-23 N/A
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.
CVE-2009-0033 2 Apache, Redhat 7 Tomcat, Certificate System, Enterprise Linux and 4 more 2026-04-23 N/A
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
CVE-2009-0050 1 Entrouvert 1 Lasso 2026-04-23 N/A
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2009-0057 1 Cisco 1 Unified Communications Manager 2026-04-23 N/A
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."
CVE-2009-0059 1 Cisco 5 4400 Wireless Lan Controller, Catalyst 3750 Series Integrated Wireless Lan Controller, Catalyst 6500 Series Integrated Wireless Lan Controller and 2 more 2026-04-23 N/A
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html.