Total
9775 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1532 | 1 Perlbal | 1 Perlbal | 2023-12-10 | 5.0 MEDIUM | N/A |
| Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload. | |||||
| CVE-2009-1171 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | N/A |
| The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file. | |||||
| CVE-2008-6750 | 1 China-on-site | 1 Flexphpdirectory | 2023-12-10 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/. | |||||
| CVE-2008-7068 | 1 Php | 1 Php | 2023-12-10 | 6.4 MEDIUM | N/A |
| The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file. | |||||
| CVE-2009-0545 | 1 Zeroshell | 1 Zeroshell | 2023-12-10 | 10.0 HIGH | N/A |
| cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. | |||||
| CVE-2009-0959 | 1 Apple | 2 Iphone Os, Ipod Touch | 2023-12-10 | 7.1 HIGH | N/A |
| The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue." | |||||
| CVE-2009-4327 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2008-6555 | 1 Puppetmaster | 1 Webutil | 2023-12-10 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command. | |||||
| CVE-2008-3761 | 1 Vmware | 1 Vmware Workstation | 2023-12-10 | 4.9 MEDIUM | N/A |
| hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request. | |||||
| CVE-2008-6742 | 1 Gofoxy | 1 Foxy | 2023-12-10 | 4.3 MEDIUM | N/A |
| Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value. | |||||
| CVE-2009-0311 | 1 Emc | 1 Autostart | 2023-12-10 | 10.0 HIGH | N/A |
| The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. | |||||
| CVE-2008-5693 | 1 Ipswitch | 1 Ws Ftp | 2023-12-10 | 5.0 MEDIUM | N/A |
| Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | |||||
| CVE-2008-5431 | 1 5e5 | 1 Teamtek Universal Ftp Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command. | |||||
| CVE-2008-4641 | 1 Sentex | 1 Jhead | 2023-12-10 | 10.0 HIGH | N/A |
| The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | |||||
| CVE-2008-1456 | 1 Microsoft | 5 Windows-nt, Windows 2000, Windows 2003 Server and 2 more | 2023-12-10 | 9.0 HIGH | N/A |
| Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. | |||||
| CVE-2008-7107 | 1 Eset | 1 Smart Security | 2023-12-10 | 7.2 HIGH | N/A |
| easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface. | |||||
| CVE-2008-3584 | 1 Netbsd | 1 Netbsd | 2023-12-10 | 9.3 HIGH | N/A |
| NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet. | |||||
| CVE-2008-3111 | 1 Sun | 3 Jdk, Jre, Sdk | 2023-12-10 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220. | |||||
| CVE-2008-4388 | 1 Symantec | 1 Appstream Client | 2023-12-10 | 9.3 HIGH | N/A |
| The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods. | |||||
| CVE-2008-1856 | 1 Linpha | 1 Linpha | 2023-12-10 | 5.1 MEDIUM | N/A |
| plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration. | |||||