Total
287 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3018 | 1 Microsoft | 4 Office, Office Converter Pack, Windows Nt and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. | |||||
CVE-2008-2674 | 4 Fujitsu, Microsoft, Redhat and 1 more | 11 Interstage Application Server Enterprise, Interstage Application Server Plus, Interstage Application Server Plus Developer and 8 more | 2023-12-10 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. | |||||
CVE-2008-2427 | 4 Freebsd, Microsoft, Pagesperso-orange and 1 more | 6 Freebsd, Windows Nt, Gfl Sdk and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. | |||||
CVE-2008-5232 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-2841 | 2 Microsoft, Xchat | 3 Internet Explorer, Windows Nt, Xchat | 2023-12-10 | 6.8 MEDIUM | N/A |
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. | |||||
CVE-2007-6334 | 2 Ingres, Microsoft | 2 Ingres, Windows Nt | 2023-12-10 | 5.0 MEDIUM | N/A |
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. | |||||
CVE-2007-3958 | 1 Microsoft | 8 Internet Explorer, Windows 2000, Windows 95 and 5 more | 2023-12-10 | 7.1 HIGH | N/A |
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. | |||||
CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2023-12-10 | 7.5 HIGH | N/A |
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | |||||
CVE-2007-1070 | 2 Microsoft, Trend Micro | 6 Windows 2000, Windows 2003 Server, Windows Nt and 3 more | 2023-12-10 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. | |||||
CVE-2007-1727 | 4 Hp, Linux, Microsoft and 1 more | 7 Hp-ux, Openview Network Node Manager, Linux Kernel and 4 more | 2023-12-10 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. | |||||
CVE-2007-2186 | 2 Foxit, Microsoft | 9 Pdf Reader, Windows 2000, Windows 2003 Server and 6 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | |||||
CVE-2007-1912 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. | |||||
CVE-2006-7039 | 2 Atrium Software, Microsoft | 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. | |||||
CVE-2007-1898 | 8 Apple, Hp, Jetbox and 5 more | 16 Mac Os X, Hp-ux, Tru64 and 13 more | 2023-12-10 | 5.8 MEDIUM | N/A |
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. | |||||
CVE-2007-2736 | 9 Achievo, Apple, Hp and 6 more | 18 Achievo, A Ux, Mac Os X and 15 more | 2023-12-10 | 10.0 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | |||||
CVE-2007-1973 | 1 Microsoft | 1 Windows Nt | 2023-12-10 | 6.9 MEDIUM | N/A |
Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. | |||||
CVE-2007-4938 | 11 Apple, Hp, Ibm and 8 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2023-12-10 | 7.6 HIGH | N/A |
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. | |||||
CVE-2006-6261 | 2 Microsoft, Quinnware | 7 Windows 2000, Windows 95, Windows 98 and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields. | |||||
CVE-2006-7034 | 9 Apple, Hp, Ibm and 6 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. | |||||
CVE-2007-3482 | 2 Apple, Microsoft | 2 Safari, Windows Nt | 2023-12-10 | 7.8 HIGH | N/A |
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. |