Search Results (26284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5695 1 Wordpress 2 Wordpress, Wordpress Mu 2026-04-23 N/A
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
CVE-2007-4971 1 Isecsoft 1 Prosecurity 2026-04-23 N/A
ProSecurity 1.40 Beta 2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenSection, and (5) NtSetSystemTime.
CVE-2008-5693 1 Ipswitch 1 Ws Ftp 2026-04-23 N/A
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.
CVE-2008-5688 1 Mediawiki 1 Mediawiki 2026-04-23 N/A
MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.
CVE-2007-4970 1 Diamondcs 1 Processguard 2026-04-23 N/A
ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey.
CVE-2008-5683 1 Opera 1 Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
CVE-2008-5678 1 Fdgroup 1 Olib7 Webview 2026-04-23 N/A
Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files.
CVE-2007-4969 1 Sysinternals 1 Process Monitor 2026-04-23 N/A
Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey.
CVE-2008-5677 1 Kwalbum 1 Kwalbum 2026-04-23 N/A
Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.
CVE-2008-5674 1 Darkwet 1 Webcam Xp 2026-04-23 N/A
Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.
CVE-2007-4968 1 Privacyware 1 Privatefirewall 2026-04-23 N/A
Privatefirewall 5.0.14.2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for (1) NtOpenProcess and (2) NtOpenThread.
CVE-2008-5669 1 Textpattern 1 Textpattern 2026-04-23 N/A
index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.
CVE-2008-5663 1 Kusaba 1 Kusaba 2026-04-23 N/A
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.
CVE-2007-4967 1 Online Armor 1 Personal Firewall 2026-04-23 N/A
Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread.
CVE-2008-5657 1 Quassel 1 Quassel Core 2026-04-23 N/A
CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message.
CVE-2008-5581 1 Mini-pub 1 Mini-pub 2026-04-23 N/A
PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.
CVE-2007-4964 1 Winimage 1 Winimage 2026-04-23 N/A
WinImage 8.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via an invalid BPB_BytsPerSec field in the header of a .IMG file.
CVE-2008-5580 1 Mini-pub 1 Mini-pub 2026-04-23 N/A
mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument.
CVE-2008-5014 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
CVE-2007-4927 1 Axis 1 207w Network Camera 2026-04-23 N/A
axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.