Vulnerabilities (CVE)

Filtered by CWE-20
Total 9681 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3391 1 Wireshark 1 Wireshark 2023-12-10 7.8 HIGH N/A
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.
CVE-2007-4612 1 Dale Mooney 1 Contact Form 2023-12-10 4.3 MEDIUM N/A
CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.
CVE-2007-5095 1 Microsoft 2 Windows Media Player, Windows Xp 2023-12-10 7.5 HIGH N/A
Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file.
CVE-2008-1114 1 Vocera 1 Wireless Handset 2023-12-10 4.3 MEDIUM N/A
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
CVE-2008-0414 1 Mozilla 2 Firefox, Seamonkey 2023-12-10 4.3 MEDIUM N/A
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."
CVE-2007-6036 1 Live555 1 Media Server 2023-12-10 7.1 HIGH N/A
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
CVE-2007-3780 1 Mysql 1 Community Server 2023-12-10 5.0 MEDIUM N/A
MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
CVE-2007-6121 2 Ethereal Group, Wireshark 2 Ethereal, Wireshark 2023-12-10 5.0 MEDIUM N/A
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
CVE-2007-6093 1 Ingate 2 Ingate Firewall, Ingate Siparator 2023-12-10 7.1 HIGH N/A
The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected."
CVE-2007-5933 1 Pioneers 1 Pioneers 2023-12-10 7.8 HIGH N/A
Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error.
CVE-2007-6371 1 Nokia 1 N95 2023-12-10 7.1 HIGH N/A
Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session.
CVE-2007-4752 1 Openbsd 1 Openssh 2023-12-10 7.5 HIGH N/A
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
CVE-2007-6534 1 Microsoft 1 Publisher 2023-12-10 6.8 MEDIUM N/A
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
CVE-2007-6176 1 Amensa-soft 1 K\+b-bestellsystem 2023-12-10 10.0 HIGH N/A
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
CVE-2006-4310 1 Mozilla 1 Firefox 2023-12-10 4.3 MEDIUM N/A
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
CVE-2006-1626 1 Microsoft 2 Internet Explorer, Windows Xp 2023-12-10 4.3 MEDIUM N/A
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.
CVE-2005-2177 1 Net-snmp 1 Net-snmp 2023-12-10 5.0 MEDIUM N/A
Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.
CVE-2005-2923 1 Ipswitch 2 Imail Server, Ipswitch Collaboration Suite 2023-12-10 4.0 MEDIUM N/A
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.
CVE-2005-0209 1 Linux 1 Linux Kernel 2023-12-10 7.8 HIGH N/A
Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.
CVE-2006-1729 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Mozilla Suite and 1 more 2023-12-10 4.3 MEDIUM N/A
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.