Total
9839 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2748 | 1 Skulltag Team | 1 Skulltag | 2023-12-10 | 5.0 MEDIUM | N/A |
Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times." | |||||
CVE-2008-7215 | 2 Brilaps, Mambo-foundation | 2 Mostlyce, Mambo | 2023-12-10 | 5.8 MEDIUM | N/A |
The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails. | |||||
CVE-2009-1125 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." | |||||
CVE-2008-6367 | 1 Socialgroupie | 1 Social Groupie | 2023-12-10 | 8.5 HIGH | N/A |
Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/. | |||||
CVE-2008-1988 | 1 Encaps | 1 Encapsgallery | 2023-12-10 | 9.0 HIGH | N/A |
Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file in the rwx_gallery directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-2173 | 1 Yamaha | 1 Router | 2023-12-10 | 7.1 HIGH | N/A |
Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
CVE-2008-6547 | 1 Formencode | 1 Formencode | 2023-12-10 | 7.5 HIGH | N/A |
schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors. | |||||
CVE-2008-5243 | 1 Xine | 1 Xine-lib | 2023-12-10 | 4.3 MEDIUM | N/A |
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error. | |||||
CVE-2008-1605 | 1 Leadtools | 1 Multimedia Toolkit | 2023-12-10 | 6.8 MEDIUM | N/A |
The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method. | |||||
CVE-2008-2933 | 1 Mozilla | 1 Firefox | 2023-12-10 | 2.6 LOW | N/A |
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. | |||||
CVE-2008-6298 | 1 Rocketeer.dip | 1 Sisapilocation | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function." | |||||
CVE-2009-2620 | 1 Firebirdsql | 1 Firebird | 2023-12-10 | 5.0 MEDIUM | N/A |
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference. | |||||
CVE-2008-1785 | 1 Prozilla | 1 Top 100 | 2023-12-10 | 5.5 MEDIUM | N/A |
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. | |||||
CVE-2008-6676 | 1 Quickersite | 1 Quickersite | 2023-12-10 | 5.0 MEDIUM | N/A |
QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message. | |||||
CVE-2008-2169 | 2 Avici, Hitachi | 4 Router, Gr2000, Gr3000 and 1 more | 2023-12-10 | 7.1 HIGH | N/A |
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
CVE-2008-2391 | 1 Codeplex | 1 Subsonic | 2023-12-10 | 7.8 HIGH | N/A |
SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1. | |||||
CVE-2009-2261 | 1 Giorgio Tani | 1 Peazip | 2023-12-10 | 9.3 HIGH | N/A |
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command. | |||||
CVE-2008-6938 | 1 Holger Zimmermann | 1 Pi3web | 2023-12-10 | 4.3 MEDIUM | N/A |
Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. | |||||
CVE-2009-0582 | 1 Gnome | 1 Evolution-data-server | 2023-12-10 | 5.8 MEDIUM | N/A |
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. | |||||
CVE-2008-1118 | 1 Netopia | 1 Timbuktu Pro | 2023-12-10 | 7.5 HIGH | N/A |
Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. |