Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0012 2 Microsoft, Netscape 5 Frontpage, Internet Information Server, Personal Web Server and 2 more 2025-04-09 7 High
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
CVE-1999-0011 8 Data General, Ibm, Isc and 5 more 11 Dg Ux, Aix, Bind and 8 more 2025-04-09 5.4 Medium
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
CVE-2017-20166 1 Ecto Project 1 Ecto 2025-04-09 9.8 Critical
Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.
CVE-2022-25890 1 Wifey Project 1 Wifey 2025-04-09 7.4 High
All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.
CVE-2007-2623 1 Fruit2004 1 Remote Display Development Kit 2025-04-09 N/A
Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll.
CVE-2007-2730 3 Checkpoint, Comodo, Microsoft 6 Zonealarm, Comodo Firewall Pro, Comodo Personal Firewall and 3 more 2025-04-09 N/A
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
CVE-2007-2938 2 Honeywell, Microsoft 2 Ademco Atnbaseloader100 Module, Internet Explorer 2025-04-09 N/A
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.
CVE-2006-7097 1 Taskfreak 1 Taskfreak 2025-04-09 N/A
Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors.
CVE-2009-1808 1 Microsoft 1 Windows Xp 2025-04-09 N/A
Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call.
CVE-2007-2950 3 Centennial, Numara, Symantec 3 Discovery, Asset Manager, Discovery 2025-04-09 N/A
Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.
CVE-2007-2743 1 Glossword 1 Glossword 2025-04-09 N/A
PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter.
CVE-2007-2955 1 Symantec 3 Norton Antivirus, Norton Internet Security, Norton System Works 2025-04-09 N/A
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
CVE-2007-4280 1 Asterisk 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more 2025-04-09 N/A
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
CVE-2007-0091 1 Katy Whitton Web Development 1 Newscmslite 2025-04-09 N/A
newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb.
CVE-2007-4282 1 Serendipity 1 Serendipity 2025-04-09 N/A
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
CVE-2009-2238 1 Dmxready 1 Registration Manager 2025-04-09 N/A
Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager.
CVE-2007-4289 1 Sun 1 Java System Portal Server 2025-04-09 N/A
Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.
CVE-2007-4147 1 Interspire 1 Articlelive Nx 2025-04-09 N/A
Multiple unspecified vulnerabilities in Interspire ArticleLive NX before 1.7.1.2 have unknown impact and attack vectors, possibly related to (1) AL_SANITIZE and (2) "Calling the constructor to make sure things are checked, safe mode, etc."
CVE-2007-0096 1 Carbon Communities 1 Carbon Communities 2025-04-09 N/A
CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb.
CVE-2006-6081 1 Telaen 1 Telaen 2025-04-09 N/A
PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter.