Vulnerabilities (CVE)

Filtered by CWE-20
Total 10022 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1030 1 Apple 2 Mac Os X, Mac Os X Server 2024-02-04 10.0 HIGH N/A
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.
CVE-2008-4910 1 Sun 1 Java Web Start 2024-02-04 10.0 HIGH N/A
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.
CVE-2008-5663 1 Kusaba 1 Kusaba 2024-02-04 9.0 HIGH N/A
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.
CVE-2008-1495 1 Peel 1 Peel 2024-02-04 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf.
CVE-2008-4041 1 Softalk Mail Server 1 Softalk Mail Server 2024-02-04 4.0 MEDIUM N/A
The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters.
CVE-2008-4930 1 Mybb 1 Mybb 2024-02-04 5.0 MEDIUM N/A
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks.
CVE-2008-3127 1 Hiox India 1 Banner Rotator 2024-02-04 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2009-0748 1 Linux 1 Linux Kernel 2024-02-04 4.9 MEDIUM N/A
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem.
CVE-2009-2852 2 Ryan.mcgeary, Wordpress 2 Wp-syntax, Wordpress 2024-02-04 6.8 MEDIUM N/A
WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.
CVE-2008-4106 1 Wordpress 1 Wordpress 2024-02-04 5.1 MEDIUM N/A
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.
CVE-2009-3102 1 Zmanda 1 Zrm For My Sql 2024-02-04 10.0 HIGH N/A
The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.
CVE-2008-6882 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2024-02-04 7.5 HIGH N/A
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.
CVE-2008-3337 1 Powerdns 2 Authoritative Server, Powerdns 2024-02-04 6.4 MEDIUM N/A
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
CVE-2008-2372 1 Linux 1 Linux Kernel 2024-02-04 4.9 MEDIUM N/A
The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."
CVE-2008-6528 1 Tmaxsoft 1 Jeus 2024-02-04 5.0 MEDIUM N/A
NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream.
CVE-2009-0790 2 Strongswan, Xelerance 2 Strongswan, Openswan 2024-02-04 5.0 MEDIUM N/A
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.
CVE-2008-6751 1 Revou 2 Revou, Tclone 2024-02-04 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in settings/my_photo.
CVE-2008-5431 1 5e5 1 Teamtek Universal Ftp Server 2024-02-04 5.0 MEDIUM N/A
Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command.
CVE-2009-3753 1 Opial 1 Opial 2024-02-04 7.5 HIGH N/A
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php.
CVE-2008-3904 1 Lxde 2 Gpicview, Lightweight X11 Desktop Environment 2024-02-04 7.5 HIGH N/A
src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.