Total
12838 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0555 | 1 Apache-ssl | 1 Apache-ssl | 2025-04-09 | N/A |
| The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. | ||||
| CVE-2008-0527 | 1 Cisco | 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone | 2025-04-09 | N/A |
| The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request. | ||||
| CVE-2008-0526 | 1 Cisco | 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone | 2025-04-09 | N/A |
| Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. | ||||
| CVE-2009-4490 | 1 Acme | 1 Mini Httpd | 2025-04-09 | N/A |
| mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | ||||
| CVE-2008-1279 | 1 Acronis | 1 True Image | 2025-04-09 | N/A |
| Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. | ||||
| CVE-2008-6559 | 1 Sco | 2 Reliantha, Unixware | 2025-04-09 | N/A |
| Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters. | ||||
| CVE-2008-0506 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | N/A |
| include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. | ||||
| CVE-2008-6558 | 2 Sco, Unixware | 2 Unixware, Reliantha | 2025-04-09 | N/A |
| Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program. | ||||
| CVE-2008-0457 | 1 Symantec | 1 Backupexec System Recovery | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. | ||||
| CVE-2008-6490 | 1 Flysforum | 1 Flaber | 2025-04-09 | N/A |
| function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php. | ||||
| CVE-2008-5906 | 1 Ktorrent | 1 Ktorrent | 2025-04-09 | N/A |
| Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts. | ||||
| CVE-2008-4500 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-09 | N/A |
| Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1". | ||||
| CVE-2008-0331 | 1 Funkwerk | 2 System Software, X2300 | 2025-04-09 | N/A |
| Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests. | ||||
| CVE-2008-5904 | 1 Xrdp | 1 Xrdp | 2025-04-09 | N/A |
| The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow. | ||||
| CVE-2008-1862 | 1 Exbb | 1 Exbb Italia | 2025-04-09 | N/A |
| ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php. | ||||
| CVE-2008-0244 | 1 Sap | 1 Maxdb | 2025-04-09 | N/A |
| SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. | ||||
| CVE-2008-1785 | 1 Prozilla | 1 Top 100 | 2025-04-09 | N/A |
| delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. | ||||
| CVE-2009-0777 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | ||||
| CVE-2008-0116 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2025-04-09 | N/A |
| Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." | ||||
| CVE-2008-0071 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2025-04-09 | N/A |
| The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. | ||||