Total
9775 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-4887 | 1 Php | 1 Php | 2023-12-10 | 4.3 MEDIUM | N/A |
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. | |||||
CVE-2007-4391 | 1 Yahoo | 1 Messenger | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted. | |||||
CVE-2008-1136 | 1 Synce | 1 Synce | 2023-12-10 | 9.3 HIGH | N/A |
The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679. | |||||
CVE-2007-5031 | 1 Dibbler | 1 Dibbler | 2023-12-10 | 5.0 MEDIUM | N/A |
The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbler 0.6.0 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via an invalid IA_NA option in a REBIND message. | |||||
CVE-2007-6039 | 1 Php | 1 Php | 2023-12-10 | 2.1 LOW | N/A |
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. | |||||
CVE-2007-5570 | 1 Cisco | 1 Firewall Services Module | 2023-12-10 | 7.8 HIGH | N/A |
Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844. | |||||
CVE-2008-0457 | 1 Symantec | 1 Backupexec System Recovery | 2023-12-10 | 10.0 HIGH | N/A |
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. | |||||
CVE-2008-0982 | 1 Spyce | 1 Spyce | 2023-12-10 | 5.8 MEDIUM | N/A |
Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message. | |||||
CVE-2007-6129 | 1 Amber Script | 1 Amber Script | 2023-12-10 | 5.8 MEDIUM | N/A |
Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
CVE-2007-6146 | 1 Hitachi | 1 Jp1 File Transmission Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. | |||||
CVE-2007-5066 | 1 Webmin | 1 Webmin | 2023-12-10 | 9.0 HIGH | N/A |
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. | |||||
CVE-2007-1349 | 3 Apache, Canonical, Redhat | 7 Mod Perl, Ubuntu Linux, Enterprise Linux Desktop and 4 more | 2023-12-10 | 5.0 MEDIUM | N/A |
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. | |||||
CVE-2007-5556 | 1 Avaya | 1 Voip Handset | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2006-7225 | 1 Perl | 1 Pcre | 2023-12-10 | 4.3 MEDIUM | N/A |
Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. | |||||
CVE-2007-4755 | 1 Cor Entertainment | 1 Alien Arena 2007 | 2023-12-10 | 5.0 MEDIUM | N/A |
Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries. | |||||
CVE-2007-6445 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6117. Reason: This candidate is a duplicate of CVE-2007-6117. Notes: All CVE users should reference CVE-2007-6117 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2008-1303 | 1 Perforce | 1 Perforce Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference. | |||||
CVE-2007-5832 | 1 Ssl-explorer | 1 Ssl-explorer | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-2967 | 1 F-secure | 7 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus Linux Client Security and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. | |||||
CVE-2007-5339 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors. |