Total
13598 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0099 | 1 Microsoft | 1 Exchange Server | 2026-04-23 | N/A |
| The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | ||||
| CVE-2008-6742 | 1 Gofoxy | 1 Foxy | 2026-04-23 | N/A |
| Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value. | ||||
| CVE-2008-6676 | 1 Quickersite | 1 Quickersite | 2026-04-23 | N/A |
| QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message. | ||||
| CVE-2008-6568 | 1 Yehe | 1 Yehe | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6547 | 1 Formencode | 1 Formencode | 2026-04-23 | N/A |
| schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors. | ||||
| CVE-2008-0830 | 1 Apple | 1 Iphoto | 2026-04-23 | N/A |
| The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043. | ||||
| CVE-2008-5693 | 1 Ipswitch | 1 Ws Ftp | 2026-04-23 | N/A |
| Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | ||||
| CVE-2008-3210 | 1 Resiprocate | 1 Resiprocate | 2026-04-23 | N/A |
| rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows remote attackers to cause a denial of service (daemon crash) via a SIP (1) INVITE or (2) OPTIONS message with a long domain name in a request URI, which triggers an assert error. | ||||
| CVE-2008-4444 | 1 Cisco | 2 Unified Ip Phone 7940g, Unified Ip Phone 7960g | 2026-04-23 | N/A |
| Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers. | ||||
| CVE-2007-6314 | 1 Real Time Logic | 2 Barracudadrive Web Server, Barracudadrive Web Server Home Server | 2026-04-23 | N/A |
| BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL. | ||||
| CVE-2007-6326 | 1 Sergey Lyubka | 1 Simple Httpd | 2026-04-23 | N/A |
| Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. | ||||
| CVE-2008-3286 | 1 Sierra | 1 Swat 4 | 2026-04-23 | N/A |
| SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string. | ||||
| CVE-2008-3287 | 1 Emc Dantz | 1 Retrospect Backup Client | 2026-04-23 | N/A |
| retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference. | ||||
| CVE-2007-4755 | 1 Cor Entertainment | 1 Alien Arena 2007 | 2026-04-23 | N/A |
| Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries. | ||||
| CVE-2009-1436 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file. | ||||
| CVE-2009-1446 | 1 Elkagroup | 1 Image Gallery | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4488 | 1 Varnish.projects.linpro | 1 Varnish | 2026-04-23 | 9.8 Critical |
| Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely. | ||||
| CVE-2006-5974 | 1 Fetchmail | 1 Fetchmail | 2026-04-23 | N/A |
| fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions. | ||||
| CVE-2007-3799 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2026-04-23 | N/A |
| The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. | ||||
| CVE-2008-4388 | 1 Symantec | 1 Appstream Client | 2026-04-23 | N/A |
| The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods. | ||||