Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4049 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2025-04-09 | 6.8 MEDIUM | N/A |
|
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method.
|
|||||
| CVE-2009-2425 | 1 Tor | 1 Tor | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.
|
|||||
| CVE-2008-7052 | 1 Preprojects | 1 Pre Real Estate Listings | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
|
|||||
| CVE-2009-0879 | 2 Ibm, Microsoft | 2 Director, Windows | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
|
|||||
| CVE-2008-0009 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
|
|||||
| CVE-2009-0029 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
|
The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.
|
|||||
| CVE-2009-1125 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
|
|||||
| CVE-2008-0631 | 1 Afterlogic | 1 Mailbee Objects | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method.
|
|||||
| CVE-2007-5926 | 1 Openbase International Ltd | 1 Openbase | 2025-04-09 | 9.0 HIGH | N/A |
|
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.
|
|||||
| CVE-2007-4567 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
|
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
|
|||||
| CVE-2007-5569 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Pix 500 | 2025-04-09 | 7.1 HIGH | N/A |
|
Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120.
|
|||||
| CVE-2008-7107 | 1 Eset | 1 Smart Security | 2025-04-09 | 7.2 HIGH | N/A |
|
easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.
|
|||||
| CVE-2007-6146 | 1 Hitachi | 1 Jp1 File Transmission Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command.
|
|||||
| CVE-2008-5077 | 1 Openssl | 1 Openssl | 2025-04-09 | 5.8 MEDIUM | N/A |
|
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
|
|||||
| CVE-2009-1361 | 1 Gscripts | 1 Dns Tools | 2025-04-09 | 10.0 HIGH | N/A |
|
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1114 | 1 Vocera | 1 Wireless Handset | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
|
|||||
| CVE-2007-5928 | 1 Openbase International Ltd | 1 Openbase | 2025-04-09 | 9.0 HIGH | 8.1 HIGH |
|
OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear.
|
|||||
| CVE-2008-4770 | 1 Realvnc | 1 Realvnc | 2025-04-09 | 10.0 HIGH | N/A |
|
The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
|
|||||
| CVE-2009-4491 | 1 Acme | 1 Thttpd | 2025-04-09 | 5.0 MEDIUM | 9.8 CRITICAL |
|
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
|
|||||
| CVE-2009-3753 | 1 Opial | 1 Opial | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php.
|
|||||
| CVE-2009-0311 | 1 Emc | 1 Autostart | 2025-04-09 | 10.0 HIGH | N/A |
|
The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer.
|
|||||
| CVE-2007-1995 | 1 Quagga | 1 Quagga | 2025-04-09 | 6.3 MEDIUM | N/A |
|
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
|
|||||
| CVE-2007-6573 | 1 Qksoft | 1 Qk Smtp Server 3 | 2025-04-09 | 7.8 HIGH | N/A |
|
QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551.
|
|||||
| CVE-2008-5870 | 1 Faststone | 1 Image Viewer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.
|
|||||
| CVE-2007-5086 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2025-04-09 | 2.1 LOW | N/A |
|
Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; ...
Show More |
|||||
| CVE-2007-6094 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS).
|
|||||
| CVE-2008-7068 | 1 Php | 1 Php | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.
|
|||||
| CVE-2008-3790 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
|
|||||
| CVE-2008-6790 | 1 Minddezign | 1 Photo Gallery | 2025-04-09 | 5.1 MEDIUM | N/A |
|
The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.
|
|||||
| CVE-2006-6956 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
|
|||||
| CVE-2009-1234 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.
|
|||||
| CVE-2007-4744 | 1 Anyinventory | 1 Anyinventory | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter.
|
|||||
| CVE-2006-5313 | 1 Hastymail | 1 Hastymail | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct SMTP session. NOTE: this is a different type of issue than CVE-2006-5262.
|
|||||
| CVE-2006-6954 | 1 Flock | 1 Flock | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
|
|||||
| CVE-2009-2318 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | 7.8 HIGH | N/A |
|
The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116.
|
|||||
| CVE-2007-6433 | 1 Jboss | 1 Seam | 2025-04-09 | 7.5 HIGH | N/A |
|
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
|
|||||
| CVE-2007-3716 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 9.3 HIGH | N/A |
|
The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.
|
|||||
| CVE-2008-2372 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."
|
|||||
| CVE-2007-0208 | 1 Microsoft | 4 Office, Word, Word Viewer and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
|
|||||
| CVE-2007-4924 | 2 Ekiga, Openh323 Project | 2 Ekiga, Openh323 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
|
|||||