Total
9782 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1722 | 1 Cups | 1 Cups | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. | |||||
CVE-2008-4397 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. | |||||
CVE-2009-1446 | 1 Elkagroup | 1 Image Gallery | 2023-12-10 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-4932 | 1 Comingchina | 1 U-mail Webmail Server | 2023-12-10 | 9.0 HIGH | N/A |
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root. | |||||
CVE-2008-3337 | 1 Powerdns | 2 Authoritative Server, Powerdns | 2023-12-10 | 6.4 MEDIUM | N/A |
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217. | |||||
CVE-2009-1436 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 4.9 MEDIUM | N/A |
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file. | |||||
CVE-2008-6122 | 1 Netgear | 1 Wgr614 | 2023-12-10 | 7.8 HIGH | N/A |
The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). | |||||
CVE-2008-5520 | 2 Ahnlab, Microsoft | 2 V3 Internet Security, Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2009-0083 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." | |||||
CVE-2008-6976 | 1 Mikrotik | 1 Routeros | 2023-12-10 | 6.4 MEDIUM | N/A |
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request. | |||||
CVE-2008-0054 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.4 MEDIUM | N/A |
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | |||||
CVE-2009-0016 | 2 Apple, Microsoft | 2 Itunes, Windows | 2023-12-10 | 5.0 MEDIUM | N/A |
Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | |||||
CVE-2009-3549 | 2 Sun, Wireshark | 2 Sparc, Wireshark | 2023-12-10 | 5.0 MEDIUM | N/A |
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. | |||||
CVE-2008-4096 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 8.5 HIGH | N/A |
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. | |||||
CVE-2008-5220 | 1 Wportfolio | 1 Wportfolio | 2023-12-10 | 10.0 HIGH | N/A |
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/. | |||||
CVE-2007-4742 | 1 Claroline | 1 Claroline | 2023-12-10 | 4.3 MEDIUM | N/A |
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence. | |||||
CVE-2007-3701 | 2 3com, Tippingpoint | 2 Tippingpoint Ips Tos, Tipping Point | 2023-12-10 | 7.5 HIGH | N/A |
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. | |||||
CVE-2007-5925 | 1 Mysql | 1 Mysql | 2023-12-10 | 4.0 MEDIUM | N/A |
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. | |||||
CVE-2007-1803 | 1 Maildwarf | 1 Maildwarf | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses. | |||||
CVE-2007-4636 | 1 Phpbg | 1 Phpbg | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php. |