Search Results (362939 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1139 1 Deslock 1 Deslock 2026-04-23 N/A
DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability.
CVE-2007-3018 1 Activeweb 1 Contentserver 2026-04-23 N/A
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.
CVE-2009-1403 1 Creloaded 1 Cre Loaded 2026-04-23 N/A
SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
CVE-2008-1136 1 Synce 1 Synce 2026-04-23 N/A
The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.
CVE-2008-1135 1 Omegasoft 1 Interneserviceslosungen 2026-04-23 N/A
OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames.
CVE-2007-3009 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2026-04-23 N/A
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
CVE-2007-3008 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2026-04-23 N/A
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
CVE-2007-3003 1 Mywebland 1 Mybloggie 2026-04-23 N/A
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.
CVE-2010-0362 1 Zeus 1 Zeus Web Server 2026-04-23 N/A
Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses.
CVE-2008-2366 2 Openoffice, Redhat 2 Openoffice, Enterprise Linux 2026-04-23 N/A
Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path.
CVE-2008-1132 1 Net Activity Viewer 1 Net Activity Viewer 2026-04-23 N/A
Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action.
CVE-2007-3002 1 Php Jackknife 1 Php Jackknife 2026-04-23 N/A
PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages.
CVE-2009-1330 1 Mini-stream 1 Easy Rm To Mp3 Converter 2026-04-23 N/A
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
CVE-2007-2998 1 Hp 1 Openvms 2026-04-23 N/A
The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code.
CVE-2007-2997 1 Salescart 1 Shopping Cart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.
CVE-2010-0350 2 Arco Van Geest, Typo3 2 Goof Fotoboek, Typo3 2026-04-23 N/A
Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.
CVE-2010-0344 1 Typo3 2 Typo3, Zak Store Management 2026-04-23 N/A
SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-2992 1 Omegasoft 1 Interneserviceslosungen 2026-04-23 N/A
Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields.
CVE-2007-2989 1 Sun 1 Solaris 2026-04-23 N/A
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
CVE-2007-2912 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.