Search Results (26297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0434 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.
CVE-2007-6684 1 Videolan 1 Vlc 2026-04-23 N/A
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
CVE-2008-6084 1 .matteoiammarrone 1 Iamma Simple Gallery 2026-04-23 N/A
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
CVE-2009-0606 1 Openhandsetalliance 1 Android Sdk 2026-04-23 N/A
The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820.
CVE-2008-0506 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
CVE-2006-5725 1 Aep Networks 1 Smartgate Ssl Server 2026-04-23 N/A
The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories.
CVE-2008-1745 1 Cisco 1 Unified Communications Manager 2026-04-23 N/A
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
CVE-2007-6418 1 Debian 1 Debian Linux 2026-04-23 N/A
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
CVE-2009-0959 1 Apple 2 Iphone Os, Ipod Touch 2026-04-23 N/A
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."
CVE-2007-5832 1 Ssl-explorer 1 Ssl-explorer 2026-04-23 N/A
Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information.
CVE-2008-0172 3 Boost, Redhat, Ubuntu 3 Boost, Enterprise Linux, Ubuntu Linux 2026-04-23 N/A
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
CVE-2007-4459 1 Cisco 2 Voip Phone Cp-7940, Voip Phone Cp-7960 2026-04-23 N/A
Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.
CVE-2008-0386 2 Gentoo, Mandrakesoft 2 Xdg-utils, Mandrake Linux 2026-04-23 N/A
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
CVE-2007-1349 3 Apache, Canonical, Redhat 12 Mod Perl, Ubuntu Linux, Certificate System and 9 more 2026-04-23 N/A
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
CVE-2007-3998 4 Canonical, Debian, Php and 1 more 5 Ubuntu Linux, Debian Linux, Php and 2 more 2026-04-23 N/A
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
CVE-2008-1441 1 Microsoft 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more 2026-04-23 N/A
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
CVE-2007-2379 2 Jquery, Netapp 2 Jquery, Snapcenter 2026-04-23 N/A
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
CVE-2009-0022 1 Samba 1 Samba 2026-04-23 N/A
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.
CVE-2010-0002 1 Gnu 1 Bash 2026-04-23 N/A
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.
CVE-2007-0103 1 Adobe 1 Acrobat Reader 2026-04-23 N/A
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.