Total
9775 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-7248 | 1 Rubyonrails | 1 Rails | 2023-12-10 | 6.8 MEDIUM | N/A |
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain. | |||||
CVE-2008-5533 | 2 K7computing, Microsoft | 2 Antivirus, Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-4812 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2023-12-10 | 9.3 HIGH | N/A |
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. | |||||
CVE-2009-2622 | 1 Squid-cache | 1 Squid | 2023-12-10 | 5.0 MEDIUM | N/A |
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. | |||||
CVE-2008-5531 | 2 Fortinet, Microsoft | 2 Fortiguard Antivirus, Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2009-4102 | 2 Mozilla, Sage.mozdev | 2 Firefox, Sage | 2023-12-10 | 9.3 HIGH | N/A |
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | |||||
CVE-2008-4224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.1 HIGH | N/A |
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. | |||||
CVE-2008-1028 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. | |||||
CVE-2009-0912 | 1 Mandriva | 3 Linux, Linux Corporate Server, Multi Network Firewall | 2023-12-10 | 7.2 HIGH | N/A |
perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors. | |||||
CVE-2008-5525 | 2 Clamav, Microsoft | 2 Clamav, Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-4824 | 1 Adobe | 1 Flash Player | 2023-12-10 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." | |||||
CVE-2009-0661 | 1 Flashtux | 1 Weechat | 2023-12-10 | 5.0 MEDIUM | N/A |
Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read. | |||||
CVE-2008-5547 | 1 Hauri | 1 Virobot | 2023-12-10 | 9.3 HIGH | N/A |
HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-3081 | 1 Avaya | 1 Messaging Storage Server | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form. | |||||
CVE-2008-1012 | 1 Apple | 1 Apple Airport Extreme Base Station | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation." | |||||
CVE-2009-0156 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. | |||||
CVE-2009-1538 | 1 Microsoft | 4 Directx, Windows 2000, Windows Server 2003 and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." | |||||
CVE-2009-0647 | 1 Microsoft | 1 Windows Live Messenger | 2023-12-10 | 5.0 MEDIUM | N/A |
msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown. | |||||
CVE-2009-4086 | 1 Javascript | 1 Xerver Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2134 | 1 Tru-zone | 1 Nukeet | 2023-12-10 | 6.8 MEDIUM | N/A |
The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie. |