Search Results (362065 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0672 1 Tintin 2 Tintin\+\+, Wintin\+\+ 2026-04-23 N/A
The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.
CVE-2008-0673 1 Tintin 2 Tintin\+\+, Wintin\+\+ 2026-04-23 N/A
TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory.
CVE-2008-0702 1 South River Technologies 1 Titan Ftp Server 2026-04-23 N/A
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
CVE-2008-0720 1 Webmin 2 Usermin, Webmin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information.
CVE-2008-0726 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.
CVE-2008-2414 1 Aguestbook 1 An Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.
CVE-2008-6442 1 Sina 1 Dloader 2026-04-23 N/A
Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6768 1 Shopsystem-forum 1 K\&s Shopsoftware 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.
CVE-2008-6769 1 Peterselie 1 Yourplace 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
CVE-2008-6773 1 Peterselie 1 Yourplace 2026-04-23 N/A
Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the (1) fav1_url, (2) fav1_name, (3) fav2_url, (4) fav2_name, (5) fav3_url, (6) fav3_name, (7) fav4_url, (8) fav4_name, (9) fav5_url, or (10) fav5_name parameters.
CVE-2009-0849 3 Linux, Microsoft, Novastor 3 Linux Kernel, Windows, Novanet 2026-04-23 N/A
Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information.
CVE-2009-0851 1 Stewart Howe 1 Celerbb 2026-04-23 N/A
Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.
CVE-2009-0852 1 Stewart Howe 1 Celerbb 2026-04-23 N/A
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.
CVE-2009-1428 1 Symantec 4 Antivirus, Endpoint Protection, Norton 360 and 1 more 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."
CVE-2009-1431 1 Symantec 5 Antivirus, Antivirus Central Quarantine Server, Client Security and 2 more 2026-04-23 N/A
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.
CVE-2009-1483 1 Studiolounge 1 Address Book 2026-04-23 N/A
Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/.
CVE-2009-1486 1 Ninjadesigns 1 Flatchat 2026-04-23 N/A
Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter.
CVE-2009-1882 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2026-04-23 N/A
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2006-5670 1 Free Php Scripts 1 Free Image Hosting 2026-04-23 N/A
PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.
CVE-2006-6219 1 Dev4u 1 Dev4u Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in dev4u CMS allow remote attackers to inject arbitrary web script or HTML via the (1) user_name, (2) passwort, and (3) go_target parameters.