Total
10301 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6263 | 1 Netkit-ftp | 1 Netkit Ftp | 2025-04-09 | 9.3 HIGH | N/A |
The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769. | |||||
CVE-2009-0099 | 1 Microsoft | 1 Exchange Server | 2025-04-09 | 5.0 MEDIUM | N/A |
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | |||||
CVE-2009-4546 | 1 Logoshows | 1 Logoshows Bbs | 2025-04-09 | 7.5 HIGH | N/A |
globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies. | |||||
CVE-2008-4398 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. | |||||
CVE-2007-5657 | 1 Tibco | 4 Ems Server, Enterprise Message Service, Rtworks and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets. | |||||
CVE-2009-0372 | 1 Memht | 1 Memht Portal | 2025-04-09 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/. | |||||
CVE-2008-1478 | 1 Ari Pikivirta | 1 Home Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-0802 | 2 Mozilla, Opera | 2 Firefox, Opera Browser | 2025-04-09 | 6.4 MEDIUM | N/A |
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. | |||||
CVE-2009-1233 | 2 Apple, Microsoft | 2 Safari, Windows | 2025-04-09 | 4.3 MEDIUM | N/A |
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. | |||||
CVE-2009-2043 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE. | |||||
CVE-2008-0526 | 1 Cisco | 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone | 2025-04-09 | 7.8 HIGH | N/A |
Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. | |||||
CVE-2008-0097 | 1 Georgia Softworks | 1 Ssh2 Server | 2025-04-09 | 7.5 HIGH | N/A |
Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message. | |||||
CVE-2008-1748 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355. | |||||
CVE-2008-0008 | 3 Mandrakesoft, Pulseaudio, Redhat | 3 Mandrake Linux, Pulseaudio, Fedora | 2025-04-09 | 7.2 HIGH | N/A |
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. | |||||
CVE-2007-5734 | 1 Efileman | 1 Efileman | 2025-04-09 | 6.4 MEDIUM | N/A |
Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/upload_file." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html. | |||||
CVE-2008-1589 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. | |||||
CVE-2008-6298 | 1 Rocketeer.dip | 1 Sisapilocation | 2025-04-09 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function." | |||||
CVE-2009-2421 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol. | |||||
CVE-2008-5014 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. | |||||
CVE-2008-1856 | 1 Linpha | 1 Linpha | 2025-04-09 | 5.1 MEDIUM | N/A |
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration. |