Total
9765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2945 | 1 Sun | 2 Java System Access Manager, Java System Identity Server | 2023-12-10 | 7.5 HIGH | N/A |
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. | |||||
CVE-2009-3102 | 1 Zmanda | 1 Zrm For My Sql | 2023-12-10 | 10.0 HIGH | N/A |
The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable. | |||||
CVE-2008-1478 | 1 Ari Pikivirta | 1 Home Ftp Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2988 | 1 Benjacms | 1 Benja Cms | 2023-12-10 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/. | |||||
CVE-2008-3907 | 1 Newsbeuter | 1 Newsbeuter | 2023-12-10 | 6.8 MEDIUM | N/A |
The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL. | |||||
CVE-2008-3244 | 1 F-prot | 2 F-prot Antivirus, Scanning Engine | 2023-12-10 | 4.3 MEDIUM | N/A |
The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read. | |||||
CVE-2009-4051 | 1 Downstairs.dnsalias | 1 Home Ftp Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via multiple invalid SITE INDEX commands. | |||||
CVE-2009-0943 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | |||||
CVE-2009-2955 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||||
CVE-2009-1536 | 1 Microsoft | 3 .net Framework, Windows Server 2008, Windows Vista | 2023-12-10 | 2.6 LOW | N/A |
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." | |||||
CVE-2009-0465 | 1 Synactis | 1 All In The Box.ocx | 2023-12-10 | 9.3 HIGH | N/A |
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument. | |||||
CVE-2008-0555 | 1 Apache-ssl | 1 Apache-ssl | 2023-12-10 | 7.5 HIGH | N/A |
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. | |||||
CVE-2008-6978 | 1 Fullrevolution | 1 Aspwebalbum | 2023-12-10 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp. | |||||
CVE-2008-1612 | 1 Squid | 1 Squid | 2023-12-10 | 4.3 MEDIUM | N/A |
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239. | |||||
CVE-2007-5474 | 2 Atheros, Linksys | 2 Ar5416-ac1e Chipset, Wrt350n | 2023-12-10 | 6.3 MEDIUM | N/A |
The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. | |||||
CVE-2008-1331 | 1 Alcatel-lucent | 1 Omnipcx Office | 2023-12-10 | 10.0 HIGH | N/A |
cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter. | |||||
CVE-2009-0418 | 1 Hp | 1 Hp-ux | 2023-12-10 | 9.3 HIGH | N/A |
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | |||||
CVE-2008-1626 | 1 Eggblog | 1 Eggblog | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159. | |||||
CVE-2002-2429 | 1 Goahead | 1 Goahead Webserver | 2023-12-10 | 5.0 MEDIUM | N/A |
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. | |||||
CVE-2009-1124 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." |