Search Results (355 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0696 2 Isc, Redhat 2 Bind, Enterprise Linux 2026-04-23 N/A
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.
CVE-2009-2357 1 Yasinkaplan 1 Tekradius 2026-04-23 N/A
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.
CVE-2008-3177 1 Sophos 5 Email Appliance, Es1000, Es4000 and 2 more 2026-04-23 N/A
Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments.
CVE-2007-6409 1 Gadu-gadu 1 Gadu-gadu Instant Messenger 2026-04-23 N/A
The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic.
CVE-2009-4402 1 Sql-ledger 1 Sql-ledger 2026-04-23 N/A
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.
CVE-2006-7236 3 Debian, Invisible-island, Ubuntu 3 Debian Linux, Xterm, Linux 2026-04-23 N/A
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
CVE-2007-5071 1 Alexander Palmo 1 Simple Php Blog 2026-04-23 N/A
Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.
CVE-2009-3376 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
CVE-2008-1507 1 Peel 1 Peel 2026-04-23 N/A
PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account with password admin, and (2) a default contact@peel.fr account with password cinema, which allows remote attackers to gain administrative access.
CVE-2007-5420 1 3com 1 3crwe554g72t 2026-04-23 N/A
The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details.
CVE-2007-6210 1 Zabbix 1 Zabbix Agentd 2026-04-23 N/A
zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
CVE-2009-1295 2 Apport, Ubuntu 2 Apport, Ubuntu 2026-04-23 N/A
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
CVE-2009-3956 5 Adobe, Apple, Microsoft and 2 more 6 Acrobat, Acrobat Reader, Mac Os X and 3 more 2026-04-23 N/A
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
CVE-2009-4071 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2008-1662 1 Hp 2 Hp-ux, System Administration Manager 2026-04-23 N/A
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."
CVE-2008-2060 1 Cisco 1 Intrusion Prevention System 2026-04-23 N/A
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames."
CVE-2008-1524 1 Zyxel 3 Prestige 660, Prestige 661, Zynos 2026-04-23 N/A
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page.
CVE-2007-3898 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Server 2003 2026-04-23 N/A
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
CVE-2008-2121 1 Sun 1 Sunos 2026-04-23 N/A
The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack.
CVE-2008-5710 1 Avaya 1 Communication Manager 2026-04-23 N/A
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.