Total
9779 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5667 | 2 Microsoft, Novell | 4 Windows 2000, Windows 2003 Server, Windows Xp and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. | |||||
CVE-2008-0791 | 1 Intermate | 1 Winipds | 2023-12-10 | 5.0 MEDIUM | N/A |
ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types. | |||||
CVE-2008-0473 | 1 Web Wiz | 1 Rich Text Editor | 2023-12-10 | 6.4 MEDIUM | N/A |
RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors. | |||||
CVE-2007-6178 | 1 Easy Hosting Control Panel | 1 Easy Hosting Control Panel | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | |||||
CVE-2007-6010 | 1 Pioneers | 1 Pioneers | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933. | |||||
CVE-2008-0277 | 1 Drupal | 1 Fileshare Module | 2023-12-10 | 8.5 HIGH | N/A |
Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors. | |||||
CVE-2007-3389 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 5.0 MEDIUM | N/A |
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. | |||||
CVE-2007-5540 | 1 Opera | 1 Opera Browser | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors. | |||||
CVE-2007-6492 | 1 Imesh.com | 1 Imesh | 2023-12-10 | 7.1 HIGH | N/A |
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method. | |||||
CVE-2007-1097 | 1 Wiclear | 1 Wiclear | 2023-12-10 | 10.0 HIGH | N/A |
Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information. | |||||
CVE-2007-4783 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | |||||
CVE-2006-4935 | 1 Moodle | 1 Moodle | 2023-12-10 | 10.0 HIGH | N/A |
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors. | |||||
CVE-2007-5657 | 1 Tibco | 4 Ems Server, Enterprise Message Service, Rtworks and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets. | |||||
CVE-2007-4450 | 1 Toribash | 1 Toribash | 2023-12-10 | 5.0 MEDIUM | N/A |
The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-4449 easier. | |||||
CVE-2006-4842 | 2 Netscape, Sun | 2 Portable Runtime Api, Solaris | 2023-12-10 | 3.6 LOW | N/A |
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | |||||
CVE-2008-0406 | 1 Hfs | 1 Http File Server | 2023-12-10 | 5.0 MEDIUM | N/A |
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name. | |||||
CVE-2008-0506 | 1 Coppermine | 1 Coppermine Photo Gallery | 2023-12-10 | 6.8 MEDIUM | N/A |
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. | |||||
CVE-2007-6573 | 1 Qksoft | 1 Qk Smtp Server 3 | 2023-12-10 | 7.8 HIGH | N/A |
QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551. | |||||
CVE-2007-4216 | 1 Checkpoint | 1 Zonealarm | 2023-12-10 | 7.2 HIGH | N/A |
vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations. | |||||
CVE-2007-5231 | 1 Zomplog | 1 Zomplog | 2023-12-10 | 4.6 MEDIUM | N/A |
Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2007-5230. |