Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4462 1 Po4a 1 Po4a 2026-04-23 N/A
lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.
CVE-2007-4463 2 Fransois Gannier, Ghisler 2 Fileinfo Plugin, Total Commander 2026-04-23 N/A
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
CVE-2009-2165 1 Serendipitynz 1 Serene Bach 2026-04-23 N/A
SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
CVE-2009-2174 1 Gupnp 1 Gupnp 2026-04-23 N/A
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
CVE-2009-2840 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.
CVE-2006-5385 1 Spamoborona 1 Spamoborona 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5395 1 Microsoft 1 Class Package Export Tool 2026-04-23 N/A
Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-4591 1 Vmware 1 Workstation 2026-04-23 N/A
vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode.
CVE-2009-2946 2 Debian, Devscripts Devel Team 2 Linux, Devscripts 2026-04-23 N/A
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.
CVE-2007-4624 1 Abledesign 1 Dynamic Picture Frame 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-4630 1 Xigla 1 Absolute Poll Manager Xe 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2009-2974 1 Google 1 Chrome 2026-04-23 N/A
Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property.
CVE-2006-5423 1 Lou Portail 1 Lou Portail 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-4638 1 Blizzard Entertainment 1 Starcraft Brood War 2026-04-23 N/A
Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed map, which triggers an out-of-bounds read during a minimap preview.
CVE-2009-3006 1 Maxthon 1 Maxthon Browser 2026-04-23 N/A
Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
CVE-2009-3047 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
CVE-2009-3049 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.
CVE-2009-4378 2 Microsoft, Wireshark 2 Windows, Wireshark 2026-04-23 N/A
The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
CVE-2006-5801 1 Owfs 1 Owfs 2026-04-23 N/A
The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell.
CVE-2007-5143 2 F-secure, Microsoft 2 F-secure Anti-virus, Windows 2003 Server 2026-04-23 N/A
F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus.