Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5544 | 2 Hacksoft, Microsoft | 2 The Hacker, Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
|
Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
|
|||||
| CVE-2007-3913 | 1 Gforge | 1 Gforge | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-7088 | 1 Photopost | 1 Photopost Vbgallery | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.
|
|||||
| CVE-2006-6971 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter.
|
|||||
| CVE-2007-1235 | 1 Bj Sintay | 1 Sitex | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.
|
|||||
| CVE-2008-2712 | 2 Canonical, Vim | 2 Ubuntu Linux, Vim | 2025-04-09 | 9.3 HIGH | N/A |
|
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2 ...
Show More |
|||||
| CVE-2006-6979 | 1 Amarok | 1 Amarok | 2025-04-09 | 7.5 HIGH | N/A |
|
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2008-1066 | 1 Smarty | 1 Smarty | 2025-04-09 | 7.5 HIGH | N/A |
|
The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
|
|||||
| CVE-2008-2326 | 2 Apple, Microsoft | 6 Bonjour, Windows-nt, Windows 2000 and 3 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.
|
|||||
| CVE-2007-4516 | 1 Symantec Veritas | 1 Storage Foundation | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets.
|
|||||
| CVE-2007-6527 | 1 Rickard Andersson | 1 Punbb | 2025-04-09 | 5.8 MEDIUM | N/A |
|
uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type.
|
|||||
| CVE-2009-0813 | 1 Imera | 1 Teamlinks | 2025-04-09 | 9.3 HIGH | N/A |
|
Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters.
|
|||||
| CVE-2008-1062 | 1 Intervideo | 1 Windvd Media Center | 2025-04-09 | 5.0 MEDIUM | N/A |
|
InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2032 | 1 Acritum | 1 Femitter Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-4494 | 1 Aol | 1 Aolserver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
|
|||||
| CVE-2009-2509 | 1 Microsoft | 2 Windows Server 2003, Windows Server 2008 | 2025-04-09 | 9.0 HIGH | N/A |
|
Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
|
|||||
| CVE-2008-3960 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
|
|||||
| CVE-2008-3607 | 1 Noticeware | 1 Email Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands.
|
|||||
| CVE-2008-6806 | 1 7-shop | 1 7shop | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.
|
|||||
| CVE-2008-6084 | 1 .matteoiammarrone | 1 Iamma Simple Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
|
|||||
| CVE-2009-0234 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Server 2008 | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
|
|||||
| CVE-2008-1441 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2025-04-09 | 5.4 MEDIUM | N/A |
|
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
|
|||||
| CVE-2008-4399 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation."
|
|||||
| CVE-2009-4106 | 1 Ohloh | 1 Agoko Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters.
|
|||||
| CVE-2009-0859 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.7 MEDIUM | N/A |
|
The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.
|
|||||
| CVE-2008-0260 | 1 Minimal Design | 1 Minimal Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.
|
|||||
| CVE-2008-2405 | 1 Sun | 1 Java Active Server Pages | 2025-04-09 | 7.5 HIGH | N/A |
|
Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.
|
|||||
| CVE-2008-7205 | 1 Virtuemart | 1 Virtuemart | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file.
|
|||||
| CVE-2007-4391 | 1 Yahoo | 1 Messenger | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
|
|||||
| CVE-2008-5872 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values.
|
|||||
| CVE-2007-5440 | 1 Crs Manager | 1 Crs Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker
|
|||||
| CVE-2008-4824 | 1 Adobe | 1 Flash Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."
|
|||||
| CVE-2007-5540 | 1 Opera | 1 Opera Browser | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.
|
|||||
| CVE-2007-6122 | 1 Irc Services | 1 Irc Services | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-0606 | 1 Openhandsetalliance | 1 Android Sdk | 2025-04-09 | 7.2 HIGH | N/A |
|
The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820.
|
|||||
| CVE-2007-5035 | 1 Openengine | 1 Openengine | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the this_module_path parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement
|
|||||
| CVE-2008-1445 | 1 Microsoft | 3 Windows-nt, Windows 2003 Server, Windows Xp | 2025-04-09 | 7.1 HIGH | N/A |
|
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
|
|||||
| CVE-2006-5559 | 1 Microsoft | 4 Data Access Components, Windows 2000, Windows 2003 Server and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
|
|||||
| CVE-2007-4783 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code executio ...
Show More |
|||||
| CVE-2003-1568 | 2 Goahead, Goahead Software | 2 Goahead Webserver, Goahead Webserver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
|
|||||