Total
9681 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-3391 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 7.8 HIGH | N/A |
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. | |||||
CVE-2007-4612 | 1 Dale Mooney | 1 Contact Form | 2023-12-10 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers. | |||||
CVE-2007-5095 | 1 Microsoft | 2 Windows Media Player, Windows Xp | 2023-12-10 | 7.5 HIGH | N/A |
Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. | |||||
CVE-2008-1114 | 1 Vocera | 1 Wireless Handset | 2023-12-10 | 4.3 MEDIUM | N/A |
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | |||||
CVE-2008-0414 | 1 Mozilla | 2 Firefox, Seamonkey | 2023-12-10 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." | |||||
CVE-2007-6036 | 1 Live555 | 1 Media Server | 2023-12-10 | 7.1 HIGH | N/A |
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. | |||||
CVE-2007-3780 | 1 Mysql | 1 Community Server | 2023-12-10 | 5.0 MEDIUM | N/A |
MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. | |||||
CVE-2007-6121 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2023-12-10 | 5.0 MEDIUM | N/A |
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. | |||||
CVE-2007-6093 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2023-12-10 | 7.1 HIGH | N/A |
The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected." | |||||
CVE-2007-5933 | 1 Pioneers | 1 Pioneers | 2023-12-10 | 7.8 HIGH | N/A |
Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error. | |||||
CVE-2007-6371 | 1 Nokia | 1 N95 | 2023-12-10 | 7.1 HIGH | N/A |
Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session. | |||||
CVE-2007-4752 | 1 Openbsd | 1 Openssh | 2023-12-10 | 7.5 HIGH | N/A |
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. | |||||
CVE-2007-6534 | 1 Microsoft | 1 Publisher | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | |||||
CVE-2007-6176 | 1 Amensa-soft | 1 K\+b-bestellsystem | 2023-12-10 | 10.0 HIGH | N/A |
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. | |||||
CVE-2006-4310 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | N/A |
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. | |||||
CVE-2006-1626 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2023-12-10 | 4.3 MEDIUM | N/A |
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192. | |||||
CVE-2005-2177 | 1 Net-snmp | 1 Net-snmp | 2023-12-10 | 5.0 MEDIUM | N/A |
Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. | |||||
CVE-2005-2923 | 1 Ipswitch | 2 Imail Server, Ipswitch Collaboration Suite | 2023-12-10 | 4.0 MEDIUM | N/A |
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. | |||||
CVE-2005-0209 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.8 HIGH | N/A |
Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments. | |||||
CVE-2006-1729 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Mozilla Suite and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. |