Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4005 | 1 Mike Dubman | 1 Windows Rsh Daemon | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006.
|
|||||
| CVE-2007-4707 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.
|
|||||
| CVE-2007-1088 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.
|
|||||
| CVE-2007-6189 | 1 Bitdefender | 1 Online Anti-virus Scanner | 2025-04-09 | 9.3 HIGH | N/A |
|
A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.
|
|||||
| CVE-2009-4462 | 1 Intellicom | 3 Netbiter Webscada Ws100, Netbiter Webscada Ws200, Netbiterconfig | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.
|
|||||
| CVE-2009-1260 | 1 Ezbsystems | 1 Ultraiso | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
|
|||||
| CVE-2007-1993 | 1 Hp | 1 Hp-ux | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."
|
|||||
| CVE-2009-1606 | 1 Dafolo | 1 Dafolocontrol | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3037 | 1 Microsoft | 1 Windows Media Player | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins."
|
|||||
| CVE-2007-2010 | 1 Bftpd | 1 Bftpd | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.
|
|||||
| CVE-2009-1490 | 1 Sendmail | 1 Sendmail | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
|
|||||
| CVE-2007-4759 | 1 Hitachi | 3 Ucosminexus Application Server Enterprise, Ucosminexus Application Server Standard, Ucosminexus Service Platform | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors.
|
|||||
| CVE-2009-1605 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2025-04-09 | 9.3 HIGH | 5.4 MEDIUM |
|
Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-3838 | 1 Pmail | 1 Pegasus Mail | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.
|
|||||
| CVE-2008-0748 | 1 Sony | 2 Axruploadserver Activex Control, Imagestation | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4195 | 1 Adobe | 1 Illustrator | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-7166 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364.
|
|||||
| CVE-2009-0119 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file.
|
|||||
| CVE-2009-0241 | 1 Ganglia | 1 Ganglia | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.
|
|||||
| CVE-2008-1964 | 1 Xinehq | 1 Xine Lib | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the demux_nsf_send_headers function in src/demuxers/demux_nsf.c in xine-lib allows remote attackers to have an unknown impact via a long copyright field in an NSF header in an NES Sound file, a different issue than CVE-2008-1878. NOTE: a third party claims that the copyright field always has a safe length
|
|||||
| CVE-2008-1878 | 1 Xine | 1 Xine-lib | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
|
|||||
| CVE-2008-1328 | 2 Broadcom, Computer Associates | 3 Desktop Management Suite, Arcserve Backup Laptops And Desktops, Desktop Management Suite | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."
|
|||||
| CVE-2009-1815 | 1 Sonicspot | 1 Audioactive Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
|
|||||
| CVE-2008-0660 | 2 Aurigma, Facebook | 3 Image Uploader Activex Control, Facebook, Photouploader | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
|
|||||
| CVE-2008-7031 | 1 Foxitsoftware | 1 Wac Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
|
|||||
| CVE-2008-1276 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands.
|
|||||
| CVE-2007-1660 | 1 Pcre | 1 Pcre | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
|
|||||
| CVE-2007-5037 | 1 Inotify | 1 Inotify-tools | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the inotifytools_snprintf function in src/inotifytools.c in the inotify-tools library before 3.11 allows context-dependent attackers to execute arbitrary code via a long filename.
|
|||||
| CVE-2008-4306 | 1 Ubuntu | 1 Linux | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.
|
|||||
| CVE-2009-4225 | 1 Ca | 1 Etrust Pestpatrole Ppctl.dll Activex | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method.
|
|||||
| CVE-2007-6457 | 1 Netwin | 1 Surgemail | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
|
|||||
| CVE-2009-0226 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
|
|||||
| CVE-2007-5587 | 2 Macrovision, Microsoft | 3 Safedisc, Windows 2003 Server, Windows Xp | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
|
|||||
| CVE-2007-6438 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
|
|||||
| CVE-2008-0238 | 1 Xine | 1 Xine-lib | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-3810 | 1 Acoustica | 1 Mp3 Audio Mixer | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
|
|||||
| CVE-2007-5758 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable.
|
|||||
| CVE-2007-3481 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain
|
|||||
| CVE-2009-1028 | 1 Edisys | 1 Ezip Wizard | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
|
|||||
| CVE-2009-2298 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI request to webappmon.exe. NOTE: this may overlap CVE-2009-1420.
|
|||||