Main entries ~3681 :
Date Id Summary Products Score Patch Annotated
2009-10-29 CVE-2009-3627 The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character. Html\-Parser N/A
2009-09-22 CVE-2009-3287 lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header. Thin N/A
2009-09-09 CVE-2009-3111 The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. Freeradius N/A
2009-05-11 CVE-2009-1194 Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. Pango N/A
2016-05-02 CVE-2008-7316 mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. Linux_kernel 5.5
2009-08-24 CVE-2008-7050 The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password. Wowraidmanager N/A
2008-12-17 CVE-2008-5619 html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. Webmail N/A
Remaining NVD entries (unprocessed / no code available): ~185028 :
Date Id Summary Products Score Patch
2022-07-05 CVE-2022-34972 So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. N/A N/A
2022-07-05 CVE-2022-31856 Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. N/A N/A
2022-07-05 CVE-2022-32310 An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php. N/A N/A
2022-07-05 CVE-2022-32311 Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php. N/A N/A
2022-07-05 CVE-2022-32413 An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. N/A N/A
2022-07-05 CVE-2022-2321 Login Bruteforce attacks N/A N/A
2022-07-05 CVE-2021-44915 Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. N/A N/A