Search Results (363691 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1328 2 Broadcom, Computer Associates 3 Desktop Management Suite, Arcserve Backup Laptops And Desktops, Desktop Management Suite 2026-04-23 N/A
Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."
CVE-2008-2398 1 Appserv Open Project 1 Appserv 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
CVE-2008-1326 1 Gallarific 1 Gallarific 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2397 1 Dotcms 1 Dotcms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1324 1 Leinir 1 Travelsized Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters. NOTE: this might be the same issue as CVE-2008-1325.
CVE-2007-3750 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2026-04-23 N/A
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
CVE-2008-1321 1 Asg-sentry 1 Asg-sentry 2026-04-23 N/A
The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands.
CVE-2007-3748 1 Apple 3 Ichat, Mac Os X, Mac Os X Server 2026-04-23 N/A
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
CVE-2008-1319 1 Versant 1 Versant Object Database 2026-04-23 N/A
Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field.
CVE-2007-3747 1 Apple 3 Ichat, Mac Os X, Mac Os X Server 2026-04-23 N/A
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet.
CVE-2007-3745 1 Apple 3 Core Audio Technologies, Mac Os X, Mac Os X Server 2026-04-23 N/A
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code.
CVE-2007-3744 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
CVE-2007-3672 1 Dotclear 1 Dotclear 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.
CVE-2008-1289 1 Asterisk 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more 2026-04-23 N/A
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
CVE-2007-3673 1 Symantec 6 Client Security, Norton Antispam, Norton Antivirus and 3 more 2026-04-23 N/A
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
CVE-2007-3676 1 Ibm 1 Db2 2026-04-23 N/A
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.
CVE-2008-1290 3 Gentoo, Redhat, Viewvc 3 Linux, Fedora, Viewvc 2026-04-23 N/A
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
CVE-2007-3682 1 Openld 1 Openld 2026-04-23 N/A
SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1291 3 Gentoo, Redhat, Viewvc 3 Linux, Fedora, Viewvc 2026-04-23 N/A
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
CVE-2008-2786 1 Mozilla 1 Firefox 2026-04-23 N/A
Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.