Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5937 | 1 Zkesoft | 1 Ayeview | 2025-04-09 | 7.8 HIGH | N/A |
|
AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.
|
|||||
| CVE-2007-5031 | 1 Dibbler | 1 Dibbler | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbler 0.6.0 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via an invalid IA_NA option in a REBIND message.
|
|||||
| CVE-2008-5545 | 2 Microsoft, Trend Micro | 2 Internet Explorer, Trend Micro Antivirus | 2025-04-09 | 9.3 HIGH | N/A |
|
Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
|
|||||
| CVE-2008-2805 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.
|
|||||
| CVE-2009-1784 | 1 Avg | 1 Avg Anti-virus | 2025-04-09 | 10.0 HIGH | N/A |
|
The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive.
|
|||||
| CVE-2009-2687 | 2 Debian, Php | 2 Debian Linux, Php | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
|
|||||
| CVE-2009-4028 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
|
|||||
| CVE-2009-1106 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
|
|||||
| CVE-2009-4611 | 1 Mortbay | 1 Jetty | 2025-04-09 | 7.5 HIGH | N/A |
|
Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic v ...
Show More |
|||||
| CVE-2008-2169 | 2 Avici, Hitachi | 4 Router, Gr2000, Gr3000 and 1 more | 2025-04-09 | 7.1 HIGH | 7.5 HIGH |
|
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
|
|||||
| CVE-2008-2031 | 1 Vicftps | 1 Vicftps | 2025-04-09 | 5.0 MEDIUM | N/A |
|
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6121 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
|
|||||
| CVE-2008-6676 | 1 Quickersite | 1 Quickersite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message.
|
|||||
| CVE-2008-0830 | 1 Apple | 1 Iphoto | 2025-04-09 | 7.5 HIGH | N/A |
|
The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043.
|
|||||
| CVE-2009-0022 | 1 Samba | 1 Samba | 2025-04-09 | 6.3 MEDIUM | N/A |
|
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.
|
|||||
| CVE-2007-1803 | 1 Maildwarf | 1 Maildwarf | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses.
|
|||||
| CVE-2006-7113 | 1 Planerd.net | 1 P-news | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3181 | 1 Content Now | 1 Content Now | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in upload.php in ContentNow CMS 1.4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.
|
|||||
| CVE-2007-5066 | 1 Webmin | 1 Webmin | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
|
|||||
| CVE-2008-6122 | 1 Netgear | 1 Wgr614 | 2025-04-09 | 7.8 HIGH | N/A |
|
The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?").
|
|||||
| CVE-2009-2420 | 1 Apple | 1 Safari | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703.
|
|||||
| CVE-2009-0372 | 1 Memht | 1 Memht Portal | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/.
|
|||||
| CVE-2009-1300 | 1 Debian | 1 Advanced Package Tool | 2025-04-09 | 10.0 HIGH | N/A |
|
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.
|
|||||
| CVE-2007-0524 | 1 Lg Electronics | 1 Chocolate Kg800 | 2025-04-09 | 2.9 LOW | N/A |
|
The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
|
|||||
| CVE-2008-3239 | 1 Phpizabi | 1 Phpizabi | 2025-04-09 | 9.3 HIGH | N/A |
|
Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter.
|
|||||
| CVE-2008-5709 | 1 Avaya | 1 Communication Manager | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
|
|||||
| CVE-2008-3584 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 9.3 HIGH | N/A |
|
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet.
|
|||||
| CVE-2008-4101 | 1 Vim | 1 Vim | 2025-04-09 | 9.3 HIGH | N/A |
|
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
|
|||||
| CVE-2009-0943 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
|
|||||
| CVE-2008-3680 | 1 Flagship Industries | 1 Ventrilo | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784.
|
|||||
| CVE-2008-3906 | 2 Mono, Mono Project | 2 Mono, Mono | 2025-04-09 | 4.3 MEDIUM | N/A |
|
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
|
|||||
| CVE-2007-5043 | 1 Kaspersky Lab | 1 Kaspersky Internet Security | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook. NOTE: this issue may partially overlap CVE-2006-3074.
|
|||||
| CVE-2008-4817 | 1 Adobe | 3 Acrobat, Acrobat Reader, Download Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.
|
|||||
| CVE-2009-3591 | 1 Ben Webb | 1 Dopewars | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.
|
|||||
| CVE-2008-2735 | 1 Cisco | 1 Adaptive Security Appliance 5500 | 2025-04-09 | 7.1 HIGH | N/A |
|
The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369.
|
|||||
| CVE-2008-2957 | 1 Pidgin | 1 Pidgin | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
|
|||||
| CVE-2006-6653 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 1.7 LOW | N/A |
|
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").
|
|||||
| CVE-2009-3830 | 1 Microsoft | 1 Sharepoint Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
|
|||||
| CVE-2009-2513 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
|
The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
|
|||||
| CVE-2007-5036 | 1 Airdefense | 1 Airsensor | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service (HTTPS service outage) via a crafted query string in an HTTPS request to (1) adLog.cgi, (2) post.cgi, or (3) ad.cgi, related to the "files filter."
|
|||||