Main entries ~3681 :
Date Id Summary Products Score Patch Annotated
2009-08-24 CVE-2008-7050 The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password. Wowraidmanager N/A
2008-12-17 CVE-2008-5619 html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. Webmail N/A
2008-11-21 CVE-2008-5189 CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. Rails, Ruby_on_rails N/A
2017-04-24 CVE-2007-6761 drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. Linux_kernel 7.8
2017-10-29 CVE-2006-5331 The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction. Linux_kernel 5.5
2010-08-19 CVE-2010-2809 The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. Uzbl N/A
2010-12-06 CVE-2010-2761 The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. Cgi\-Simple, Cgi\.pm N/A
Remaining NVD entries (unprocessed / no code available): ~239233 :
Date Id Summary Products Score Patch
2024-03-28 CVE-2021-31156 Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data. N/A N/A
2024-03-28 CVE-2023-50969 Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468. N/A N/A
2024-03-28 CVE-2023-33528 halo v1.6.0 is vulnerable to Cross Site Scripting (XSS). N/A N/A
2024-03-28 CVE-2024-24407 SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component. N/A N/A
2024-03-28 CVE-2024-28456 Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form. N/A N/A
2024-03-28 CVE-2024-28714 SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter. N/A N/A
2024-03-28 CVE-2024-29489 Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. N/A N/A