Vulnerabilities (CVE)

Filtered by CWE-20
Total 10450 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1451 1 Microsoft 2 Windows 2000, Windows 2003 Server 2025-04-09 7.2 HIGH N/A
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
CVE-2007-5570 1 Cisco 1 Firewall Services Module 2025-04-09 7.8 HIGH N/A
Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844.
CVE-2008-1265 1 Linksys 1 Wrt54g 2025-04-09 7.8 HIGH N/A
The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.
CVE-2008-3957 1 Microsoft 1 Windows Image Acquisition Logger 2025-04-09 9.3 HIGH N/A
The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2318 1 Axesstel 1 Mv 410r 2025-04-09 7.8 HIGH N/A
The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116.
CVE-2007-6534 1 Microsoft 1 Publisher 2025-04-09 6.8 MEDIUM N/A
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
CVE-2009-3545 1 Datawizard 1 Ftpxq Server 2025-04-09 4.0 MEDIUM N/A
DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command.
CVE-2008-3934 1 Wireshark 1 Wireshark 2025-04-09 3.3 LOW N/A
Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
CVE-2009-4546 1 Logoshows 1 Logoshows Bbs 2025-04-09 7.5 HIGH N/A
globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies.
CVE-2008-3838 1 Sun 2 Opensolaris, Solaris 2025-04-09 7.2 HIGH N/A
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.
CVE-2007-4999 1 Pidgin 1 Pidgin 2025-04-09 4.3 MEDIUM N/A
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.
CVE-2009-2320 1 Axesstel 1 Mv 410r 2025-04-09 7.5 HIGH N/A
The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript.
CVE-2008-1898 1 Microsoft 2 Office, Works 2025-04-09 9.3 HIGH N/A
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
CVE-2008-4618 1 Linux 1 Linux Kernel 2025-04-09 7.8 HIGH N/A
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.
CVE-2009-2715 1 Sun 1 Virtualbox 2025-04-09 4.9 MEDIUM N/A
Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.
CVE-2007-5738 1 Ghlab 1 Korean Ghboard 2025-04-09 6.8 MEDIUM N/A
The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html.
CVE-2009-0519 1 Adobe 4 Air, Flash Player, Flash Player For Linux and 1 more 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
CVE-2008-3763 1 Turnkeywebtools 1 Php Live Helper 2025-04-09 6.8 MEDIUM N/A
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.
CVE-2008-2742 1 Achievo 1 Achievo 2025-04-09 7.5 HIGH N/A
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
CVE-2008-4366 1 Camera Life 1 Camera Life 2025-04-09 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload.