Search Results (26281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6197 1 Bea 1 Aqualogic Interaction 2026-04-23 N/A
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.
CVE-2008-0097 1 Georgia Softworks 1 Ssh2 Server 2026-04-23 N/A
Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message.
CVE-2007-4430 1 Cisco 5 Cbos, Cli, Ids and 2 more 2026-04-23 N/A
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.
CVE-2008-0136 1 Snitz Communications 1 Snitz Forums 2000 2026-04-23 N/A
Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.
CVE-2008-2326 2 Apple, Microsoft 6 Bonjour, Windows-nt, Windows 2000 and 3 more 2026-04-23 N/A
mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.
CVE-2008-0784 1 Cacti 1 Cacti 2026-04-23 N/A
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
CVE-2008-2683 1 Black Ice 1 Barcode Sdk 2026-04-23 N/A
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.
CVE-2008-0892 1 Redhat 2 Directory Server, Fedora Directory Server 2026-04-23 N/A
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
CVE-2007-6502 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.
CVE-2008-2681 1 Realm Project 1 Realm Cms 2026-04-23 N/A
Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message.
CVE-2008-3208 1 Simpledns 1 Simple Dns Plus 2026-04-23 N/A
Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 allows remote attackers to cause a denial of service via multiple DNS reply packets.
CVE-2007-4450 1 Toribash 1 Toribash 2026-04-23 N/A
The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-4449 easier.
CVE-2007-0521 1 Sony Ericsson 2 K700i, W810i 2026-04-23 N/A
The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
CVE-2007-6278 1 Flac 1 Libflac 2026-04-23 N/A
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
CVE-2009-3830 1 Microsoft 1 Sharepoint Server 2026-04-23 N/A
The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
CVE-2008-3187 1 Opensuse 1 Zypper 2026-04-23 N/A
zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.
CVE-2005-4881 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions.
CVE-2008-2256 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2007-1441 1 Rim 3 Blackberry, Blackberry 8100, Blackberry Browser 2026-04-23 N/A
The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (Pearl) before 4.2.1 allows remote attackers to cause a denial of service (temporary functionality loss) via a long href attribute in a link in a WML page.
CVE-2008-2648 1 Mebiblio 1 Mebiblio 2026-04-23 N/A
Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory.