Search Results (26297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0555 1 Apache-ssl 1 Apache-ssl 2026-04-23 N/A
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
CVE-2008-6814 2 Jan De Graaff, Mambo 2 Com Simpleboard, Mambo 2026-04-23 N/A
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
CVE-2008-4593 1 Apple 1 Iphone 2026-04-23 N/A
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416.
CVE-2008-3323 1 Redhat 1 Cygwin 2026-04-23 N/A
setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.
CVE-2008-6806 1 7-shop 1 7shop 2026-04-23 N/A
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.
CVE-2008-6793 1 Dflabs 1 Ptk 2026-04-23 N/A
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
CVE-2008-4560 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205.
CVE-2008-0473 1 Web Wiz 1 Rich Text Editor 2026-04-23 N/A
RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors.
CVE-2008-6791 1 Klever 1 Pumpkin 2026-04-23 N/A
PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field.
CVE-2008-3147 1 Wefi 1 Wefi 2026-04-23 N/A
WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which allows local users to obtain sensitive information by reading these files.
CVE-2008-6790 1 Minddezign 1 Photo Gallery 2026-04-23 N/A
The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.
CVE-2008-4559 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.
CVE-2008-6772 1 Peterselie 1 Yourplace 2026-04-23 N/A
login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user.
CVE-2007-6221 1 Tumusika Evolution 1 Tumusika Evolution 2026-04-23 N/A
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0367 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
CVE-2007-6095 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-04-23 N/A
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users.
CVE-2007-4841 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-04-23 N/A
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
CVE-2008-6754 2 Jelsoft, Mephisteus 2 Vbulletin, The Personal Sticky Threads 2026-04-23 N/A
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.
CVE-2008-4549 1 Imageshack 1 Imageshack Toolbar 2026-04-23 N/A
The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method.
CVE-2008-6752 1 Revou 1 Revou 2026-04-23 N/A
adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.