Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4919 | 1 Visagesoft | 1 Expert Pdf Viewer Activex | 2025-04-09 | 8.8 HIGH | N/A |
|
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method.
|
|||||
| CVE-2007-6271 | 1 Xigla | 1 Absolute News Manager.net | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.
|
|||||
| CVE-2008-4309 | 1 Net-snmp | 1 Net-snmp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
|
|||||
| CVE-2007-1362 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
|
|||||
| CVE-2008-3396 | 1 Epic Games | 1 Unreal Tournament 2004 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.
|
|||||
| CVE-2006-5084 | 1 Skype Technologies | 1 Skype | 2025-04-09 | 7.5 HIGH | N/A |
|
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference.
|
|||||
| CVE-2007-4887 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
|
|||||
| CVE-2008-0054 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
|
|||||
| CVE-2008-1738 | 1 Rising-global | 1 Rising Antivirus | 2025-04-09 | 2.1 LOW | N/A |
|
Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.
|
|||||
| CVE-2007-4927 | 1 Axis | 1 207w Network Camera | 2025-04-09 | 3.5 LOW | N/A |
|
axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.
|
|||||
| CVE-2009-0682 | 1 Ca | 1 Internet Security Suite | 2025-04-09 | 2.1 LOW | N/A |
|
vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call.
|
|||||
| CVE-2008-6541 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.
|
|||||
| CVE-2008-6943 | 1 Scriptsfeed | 1 Recipes Listing Portal | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
|
|||||
| CVE-2008-5537 | 2 Microsoft, Pctools | 2 Internet Explorer, Pctools Antivirus | 2025-04-09 | 9.3 HIGH | N/A |
|
PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
|
|||||
| CVE-2009-2981 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
|
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.
|
|||||
| CVE-2007-5168 | 1 Clanlite | 1 Clanlite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01.2005 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules/serveur_jeux.php or (2) conf/conf-php.php. NOTE: vector 1 is disputed by CVE because the require_once is only reached when a certain constant has already been defined.
|
|||||
| CVE-2008-3178 | 1 Webxell | 1 Webxell Editor | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/.
|
|||||
| CVE-2008-4340 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.
|
|||||
| CVE-2008-6944 | 1 Scriptsfeed | 1 Auto Classifieds | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
|
|||||
| CVE-2008-3657 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 7.5 HIGH | N/A |
|
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
|
|||||
| CVE-2008-2391 | 1 Codeplex | 1 Subsonic | 2025-04-09 | 7.8 HIGH | N/A |
|
SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1.
|
|||||
| CVE-2008-6121 | 1 Socialengine | 1 Socialengine | 2025-04-09 | 7.5 HIGH | N/A |
|
CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie.
|
|||||
| CVE-2007-3701 | 2 3com, Tippingpoint | 2 Tippingpoint Ips Tos, Tipping Point | 2025-04-09 | 7.5 HIGH | N/A |
|
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
|
|||||
| CVE-2008-4932 | 1 Comingchina | 1 U-mail Webmail Server | 2025-04-09 | 9.0 HIGH | N/A |
|
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.
|
|||||
| CVE-2008-4616 | 2 The Spanner, Wordpress | 2 Spambam Plugin, Spambam Plugin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.
|
|||||
| CVE-2009-2304 | 1 Avatic | 1 Aardvark Topsites Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.
|
|||||
| CVE-2008-4641 | 1 Sentex | 1 Jhead | 2025-04-09 | 10.0 HIGH | N/A |
|
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
|
|||||
| CVE-2009-1062 | 1 Adobe | 3 Acrobat, Acrobat Reader, Reader | 2025-04-09 | 9.3 HIGH | N/A |
|
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.
|
|||||
| CVE-2009-1686 | 1 Apple | 1 Safari | 2025-04-09 | 9.3 HIGH | N/A |
|
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
|
|||||
| CVE-2008-1605 | 1 Leadtools | 1 Multimedia Toolkit | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method.
|
|||||
| CVE-2007-4968 | 1 Privacyware | 1 Privatefirewall | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Privatefirewall 5.0.14.2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for (1) NtOpenProcess and (2) NtOpenThread.
|
|||||
| CVE-2008-4398 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.
|
|||||
| CVE-2008-3231 | 1 Xine | 1 Xine-lib | 2025-04-09 | 4.3 MEDIUM | N/A |
|
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
|
|||||
| CVE-2007-4932 | 1 Shop-script | 1 Shop-script | 2025-04-09 | 7.5 HIGH | N/A |
|
admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel.
|
|||||
| CVE-2008-3932 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.
|
|||||
| CVE-2008-2970 | 1 Yektaweb | 1 Academic Web Tools | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.
|
|||||
| CVE-2007-2292 | 2 Microsoft, Mozilla | 3 Internet Explorer, Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
|
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
|
|||||
| CVE-2009-0082 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 7.2 HIGH | 7.8 HIGH |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
|
|||||
| CVE-2009-1777 | 1 Matt Wright | 1 Formmail | 2025-04-09 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter.
|
|||||
| CVE-2009-1272 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
|
|||||