Total
9775 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-4999 | 1 Pidgin | 1 Pidgin | 2023-12-10 | 4.3 MEDIUM | N/A |
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. | |||||
CVE-2008-0264 | 1 Drupal | 1 Meta Tags Module | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node. | |||||
CVE-2007-5928 | 1 Openbase International Ltd | 1 Openbase | 2023-12-10 | 9.0 HIGH | N/A |
OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear. | |||||
CVE-2007-3711 | 1 3com | 1 Tippingpoint Ips Tos | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. | |||||
CVE-2007-4905 | 1 Auracms | 1 Auracms | 2023-12-10 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/. | |||||
CVE-2008-1277 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2023-12-10 | 9.0 HIGH | N/A |
The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference. | |||||
CVE-2008-0009 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | N/A |
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations. | |||||
CVE-2008-1249 | 1 Snom | 1 320 Sip Phone | 2023-12-10 | 9.4 HIGH | N/A |
snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Call a number" field. | |||||
CVE-2007-5568 | 1 Cisco | 2 Adaptive Security Appliance Software, Firewall Services Module | 2023-12-10 | 7.1 HIGH | N/A |
Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM) 3.1(5) and earlier, allow remote attackers to cause a denial of service (device reload) via a crafted MGCP packet, aka CSCsi90468 (appliance) and CSCsi00694 (FWSM). | |||||
CVE-2007-1313 | 1 Netxautomation | 1 Netxeib | 2023-12-10 | 7.5 HIGH | N/A |
NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the (1) IOPCSyncIO::Read, (2) IOPCSyncIO::Write, (3) IOPCServer::AddGroup, (4) IOPCServer::RemoveGroup, (5) IOPCCommon::SetClientName, and (6) IOPCGroupStateMgt::CloneGroup functions, which allow access to arbitrary memory. NOTE: the vectors might be limited to attackers with physical access. | |||||
CVE-2007-0213 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 10.0 HIGH | N/A |
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. | |||||
CVE-2007-5736 | 1 Seeblick | 1 Seeblick | 2023-12-10 | 6.4 MEDIUM | N/A |
Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS. | |||||
CVE-2007-4993 | 1 Xensource Inc | 1 Xen | 2023-12-10 | 6.9 MEDIUM | N/A |
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements. | |||||
CVE-2007-4459 | 1 Cisco | 2 Voip Phone Cp-7940, Voip Phone Cp-7960 | 2023-12-10 | 7.1 HIGH | N/A |
Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. | |||||
CVE-2007-1478 | 1 Mcgallery | 1 Mcgallery | 2023-12-10 | 5.0 MEDIUM | N/A |
download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter. | |||||
CVE-2007-5119 | 1 Jspwiki | 1 Jspwiki | 2023-12-10 | 4.3 MEDIUM | N/A |
JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sensitive information (full path) via an invalid integer in the version parameter to the default URI under attach/Main/. | |||||
CVE-2007-4430 | 1 Cisco | 5 Cbos, Cli, Ids and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access. | |||||
CVE-2008-1280 | 1 Acronis | 2 True Image, True Image Windows Agent | 2023-12-10 | 5.0 MEDIUM | N/A |
Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. | |||||
CVE-2007-4780 | 1 Joomla | 1 Joomla | 2023-12-10 | 6.8 MEDIUM | N/A |
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | |||||
CVE-2008-0526 | 1 Cisco | 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone | 2023-12-10 | 7.8 HIGH | N/A |
Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. |