Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3243 | 1 F-prot | 2 F-prot Antivirus, Scanning Engine | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash.
|
|||||
| CVE-2009-3078 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.
|
|||||
| CVE-2009-0418 | 1 Hp | 1 Hp-ux | 2025-04-09 | 9.3 HIGH | N/A |
|
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
|
|||||
| CVE-2009-4490 | 1 Acme | 1 Mini Httpd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
|
|||||
| CVE-2007-5448 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c.
|
|||||
| CVE-2007-2884 | 1 Microsoft | 1 Visual Basic | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
|
|||||
| CVE-2008-3127 | 1 Hiox India | 1 Banner Rotator | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
|
|||||
| CVE-2008-3578 | 1 Hydrairc | 1 Hydrairc | 2025-04-09 | 5.0 MEDIUM | N/A |
|
HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI.
|
|||||
| CVE-2009-0156 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.
|
|||||
| CVE-2009-1045 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | 5.0 MEDIUM | N/A |
|
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
|
|||||
| CVE-2008-1734 | 1 Gentoo | 2 Linux, Php Toolkit | 2025-04-09 | 3.6 LOW | N/A |
|
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server ...
Show More |
|||||
| CVE-2008-0656 | 1 Emc | 2 Documentum Administrator, Documentum Webtop | 2025-04-09 | 10.0 HIGH | N/A |
|
Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.
|
|||||
| CVE-2008-4358 | 1 Spaw Editor | 1 Spaw Php | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name.
|
|||||
| CVE-2007-1257 | 1 Cisco | 10 Catalyst 6000 Ws-svc-nam-1, Catalyst 6000 Ws-svc-nam-2, Catalyst 6000 Ws-x6380-nam and 7 more | 2025-04-09 | 10.0 HIGH | N/A |
|
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.
|
|||||
| CVE-2009-0289 | 1 Windows Tftp Utility | 1 Tftputil | 2025-04-09 | 5.0 MEDIUM | N/A |
|
k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request.
|
|||||
| CVE-2009-2715 | 1 Sun | 1 Virtualbox | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.
|
|||||
| CVE-2007-4636 | 1 Phpbg | 1 Phpbg | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.
|
|||||
| CVE-2007-5253 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might be a directory traversal vulnerability.
|
|||||
| CVE-2009-4090 | 1 Telepark | 1 Telepark.wiki | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte.
|
|||||
| CVE-2007-0102 | 1 Apple | 1 Preview | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
|
|||||
| CVE-2008-1311 | 1 Packettrap | 1 Pt360 Tool Suite Pro | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312.
|
|||||
| CVE-2009-3305 | 1 Pps.jussieu | 1 Polipo | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.
|
|||||
| CVE-2009-1350 | 1 Novell | 1 Netidentity Client1.2.3 | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.
|
|||||
| CVE-2007-3400 | 1 Nctsoft | 2 Nctaudioeditor, Nctaudiostudio | 2025-04-09 | 9.3 HIGH | N/A |
|
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.
|
|||||
| CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2025-04-09 | 10.0 HIGH | N/A |
|
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.
|
|||||
| CVE-2007-1478 | 1 Mcgallery | 1 Mcgallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter.
|
|||||
| CVE-2007-5258 | 1 Phpfreelog | 1 Phpfreelog | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous.
|
|||||
| CVE-2009-1233 | 2 Apple, Microsoft | 2 Safari, Windows | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.
|
|||||
| CVE-2008-7112 | 1 Kyoceramita | 1 Scanner File Utility | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to cause a denial of service (hang or crash) via invalid field length values in a malformed (1) document or (2) request.
|
|||||
| CVE-2008-3838 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.
|
|||||
| CVE-2008-1626 | 1 Eggblog | 1 Eggblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
|
|||||
| CVE-2008-0251 | 1 Photopost | 1 Photopost Vbgallery | 2025-04-09 | 10.0 HIGH | N/A |
|
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
|
|||||
| CVE-2009-2534 | 1 Realnetworks | 2 Helix Server, Helix Server Mobile | 2025-04-09 | 5.0 MEDIUM | N/A |
|
RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI.
|
|||||
| CVE-2007-3755 | 1 Apple | 2 Iphone, Iphone Os | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.
|
|||||
| CVE-2009-4098 | 1 Openx | 1 Openx | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.
|
|||||
| CVE-2008-3337 | 1 Powerdns | 2 Authoritative Server, Powerdns | 2025-04-09 | 6.4 MEDIUM | N/A |
|
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
|
|||||
| CVE-2007-5375 | 1 Sun | 1 Java Virtual Machine | 2025-04-09 | 2.6 LOW | N/A |
|
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.
|
|||||
| CVE-2008-6702 | 1 Stalker-game | 1 S.t.a.l.k.e.r.\ | 2025-04-09 | 5.0 MEDIUM | N/A |
|
S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception.
|
|||||
| CVE-2009-2954 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
|
|||||
| CVE-2009-1082 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 9.0 HIGH | N/A |
|
Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.
|
|||||