Total
10301 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3834 | 1 Freedesktop | 3 Dbus, Dbus1.0, Dbus1.1.0 | 2025-04-09 | 2.1 LOW | N/A |
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | |||||
CVE-2009-4028 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 6.8 MEDIUM | N/A |
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. | |||||
CVE-2007-6558 | 1 Totalplayer | 1 Totalplayer | 2025-04-09 | 4.3 MEDIUM | N/A |
TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288. | |||||
CVE-2007-5824 | 1 Firefly | 1 Media Server | 2025-04-09 | 7.1 HIGH | N/A |
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function. | |||||
CVE-2007-5926 | 1 Openbase International Ltd | 1 Openbase | 2025-04-09 | 9.0 HIGH | N/A |
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures. | |||||
CVE-2008-0237 | 1 Microsoft | 1 Rich Textbox Control | 2025-04-09 | 6.8 MEDIUM | N/A |
The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method. | |||||
CVE-2009-4224 | 1 Basic-cms | 1 Sweetrice | 2025-04-09 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php. | |||||
CVE-2009-0682 | 1 Ca | 1 Internet Security Suite | 2025-04-09 | 2.1 LOW | N/A |
vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call. | |||||
CVE-2009-2303 | 1 Avatic | 1 Aardvark Topsites Php | 2025-04-09 | 5.0 MEDIUM | N/A |
index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message. | |||||
CVE-2007-5095 | 1 Microsoft | 2 Windows Media Player, Windows Xp | 2025-04-09 | 7.5 HIGH | N/A |
Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file. | |||||
CVE-2009-0234 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Server 2008 | 2025-04-09 | 6.4 MEDIUM | N/A |
The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." | |||||
CVE-2007-6060 | 1 Ahnlab | 1 V3 Internet Security | 2025-04-09 | 9.3 HIGH | N/A |
AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename. | |||||
CVE-2008-3231 | 1 Xine | 1 Xine-lib | 2025-04-09 | 4.3 MEDIUM | N/A |
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. | |||||
CVE-2008-1905 | 1 Nero | 2 Mediahome, Nero | 2025-04-09 | 5.0 MEDIUM | N/A |
NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322. | |||||
CVE-2008-4400 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." | |||||
CVE-2008-6791 | 1 Klever | 1 Pumpkin | 2025-04-09 | 5.0 MEDIUM | N/A |
PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field. | |||||
CVE-2007-4840 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | |||||
CVE-2007-5438 | 1 Vmware | 4 Ace, Vmware Player, Vmware Server and 1 more | 2025-04-09 | 1.9 LOW | N/A |
Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function. | |||||
CVE-2008-2953 | 1 Linux | 1 Direct Connect | 2025-04-09 | 5.0 MEDIUM | N/A |
Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via "partial file list requests" that trigger a NULL pointer dereference. | |||||
CVE-2008-0331 | 1 Funkwerk | 2 System Software, X2300 | 2025-04-09 | 7.8 HIGH | N/A |
Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests. |