Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3925 | 1 Ipswitch | 2 Imail Server, Ipswitch Collaboration Suite | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
|
|||||
| CVE-2007-5892 | 1 Ssreader | 1 Ultra Star Reader | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the pdg2.dll ActiveX control in SSReader 4.0 and earlier allow remote attackers to execute arbitrary code via a long argument to the Register method. NOTE: some details were obtained from third party sources.
|
|||||
| CVE-2008-0296 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
|
|||||
| CVE-2008-3971 | 1 Gmanedit2 | 1 Gmanedit | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries.
|
|||||
| CVE-2009-0227 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
|
|||||
| CVE-2009-3244 | 1 Adobe | 1 Shockwave Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
|
|||||
| CVE-2009-1788 | 2 Mega-nerd, Nullsoft | 2 Libsndfile, Winamp | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
|
|||||
| CVE-2008-0016 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
|
|||||
| CVE-2009-3364 | 1 Ftpshell | 1 Ftpshell | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
|
|||||
| CVE-2007-5897 | 1 Oracle | 1 Database Server | 2025-04-09 | 8.5 HIGH | N/A |
|
Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure.
|
|||||
| CVE-2009-0957 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
|
|||||
| CVE-2008-4132 | 1 Componentone | 1 Vsflexgrid | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne VSFlexGrid 7.0.1.151 and 8.0.20072.239 allows remote attackers to execute arbitrary code via a long first argument to the Archive method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6654 | 1 Macrovision | 1 Update Service | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660.
|
|||||
| CVE-2008-5387 | 1 Ibm | 1 Aix | 2025-04-09 | 6.2 MEDIUM | N/A |
|
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.
|
|||||
| CVE-2009-0183 | 1 Free Download Manager | 1 Free Download Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.
|
|||||
| CVE-2008-5101 | 1 Optipng | 1 Optipng | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."
|
|||||
| CVE-2008-4589 | 1 Lenovo | 1 Resuce And Recovery | 2025-04-09 | 7.2 HIGH | N/A |
|
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.
|
|||||
| CVE-2006-5478 | 1 Novell | 1 Edirectory | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
|
|||||
| CVE-2009-4480 | 1 Azeotech | 1 Daqfactory | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2007-3369 | 1 Polycom | 1 Soundpoint Ip 601 | 2025-04-09 | 7.8 HIGH | N/A |
|
Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header.
|
|||||
| CVE-2007-1735 | 1 Corel | 1 Wordperfect | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.
|
|||||
| CVE-2006-6749 | 1 Openser | 1 Openser | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.
|
|||||
| CVE-2008-1210 | 1 Pnotepad | 1 Programmers Notepad | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the ctags parsing code in Programmer's Notepad before 2.0.8.718 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted .c file, when the victim selects the Jump To dialog. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6262 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | 6.8 MEDIUM | N/A |
|
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
|
|||||
| CVE-2007-5590 | 1 Miranda-im | 1 Miranda | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple buffer overflows in Miranda before 0.7.1 allow remote attackers to execute arbitrary code via unspecified vectors involving (1) IRC options, (2) Jabber forms, and unspecified aspects of the (3) ICQ and (4) Yahoo! instant messaging functionality. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1320 | 1 Asg | 1 Asg-sentry | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161.
|
|||||
| CVE-2008-0013 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014.
|
|||||
| CVE-2008-3583 | 1 Intellitamper | 1 Intellitamper | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected.
|
|||||
| CVE-2009-2501 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groo ...
Show More |
|||||
| CVE-2009-0174 | 1 Vuplayer | 1 Vuplayer | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file.
|
|||||
| CVE-2009-3717 | 1 Lucvil | 1 Patplayer | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file.
|
|||||
| CVE-2008-3704 | 1 Microsoft | 4 Visual Basic, Visual Foxpro, Visual Studio and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption V ...
Show More |
|||||
| CVE-2009-2140 | 1 Go-oo | 1 Go-oo | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238.
|
|||||
| CVE-2008-1670 | 1 Kde | 1 Kde | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
|
|||||
| CVE-2008-5045 | 1 Network-client.com | 1 Ftp Now | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.
|
|||||
| CVE-2009-3958 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.
|
|||||
| CVE-2008-5824 | 1 68k | 1 Audiofile | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.
|
|||||
| CVE-2007-4662 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
|
|||||
| CVE-2008-4825 | 1 Ezbsystems | 1 Ultraiso | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.
|
|||||
| CVE-2008-0947 | 1 Mit | 1 Kerberos 5 | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
|
|||||