Vulnerabilities (CVE)

Filtered by CWE-20
Total 9681 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6060 1 Ahnlab 1 V3 Internet Security 2023-12-10 9.3 HIGH N/A
AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename.
CVE-2007-6509 1 Appian 1 Business Process Management Suite 2023-12-10 7.8 HIGH N/A
Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp.
CVE-2007-5667 2 Microsoft, Novell 4 Windows 2000, Windows 2003 Server, Windows Xp and 1 more 2023-12-10 7.2 HIGH N/A
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
CVE-2008-0791 1 Intermate 1 Winipds 2023-12-10 5.0 MEDIUM N/A
ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types.
CVE-2008-0473 1 Web Wiz 1 Rich Text Editor 2023-12-10 6.4 MEDIUM N/A
RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors.
CVE-2007-6178 1 Easy Hosting Control Panel 1 Easy Hosting Control Panel 2023-12-10 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/.
CVE-2007-6010 1 Pioneers 1 Pioneers 2023-12-10 7.8 HIGH N/A
Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933.
CVE-2008-0277 1 Drupal 1 Fileshare Module 2023-12-10 8.5 HIGH N/A
Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.
CVE-2007-3389 1 Wireshark 1 Wireshark 2023-12-10 5.0 MEDIUM N/A
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
CVE-2007-5540 1 Opera 1 Opera Browser 2023-12-10 7.5 HIGH N/A
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.
CVE-2007-6492 1 Imesh.com 1 Imesh 2023-12-10 7.1 HIGH N/A
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.
CVE-2007-1097 1 Wiclear 1 Wiclear 2023-12-10 10.0 HIGH N/A
Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information.
CVE-2007-4783 1 Php 1 Php 2023-12-10 5.0 MEDIUM N/A
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVE-2006-4935 1 Moodle 1 Moodle 2023-12-10 10.0 HIGH N/A
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
CVE-2007-5657 1 Tibco 4 Ems Server, Enterprise Message Service, Rtworks and 1 more 2023-12-10 10.0 HIGH N/A
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
CVE-2007-4450 1 Toribash 1 Toribash 2023-12-10 5.0 MEDIUM N/A
The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-4449 easier.
CVE-2006-4842 2 Netscape, Sun 2 Portable Runtime Api, Solaris 2023-12-10 3.6 LOW N/A
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVE-2008-0406 1 Hfs 1 Http File Server 2023-12-10 5.0 MEDIUM N/A
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
CVE-2008-0506 1 Coppermine 1 Coppermine Photo Gallery 2023-12-10 6.8 MEDIUM N/A
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
CVE-2007-6573 1 Qksoft 1 Qk Smtp Server 3 2023-12-10 7.8 HIGH N/A
QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551.