Total
10301 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3889 | 2 Linux, Postfix | 2 Linux Kernel, Postfix | 2025-04-09 | 2.1 LOW | N/A |
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file. | |||||
CVE-2008-3137 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 4.3 MEDIUM | N/A |
The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | |||||
CVE-2008-4397 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. | |||||
CVE-2009-0033 | 1 Apache | 1 Tomcat | 2025-04-09 | 5.0 MEDIUM | N/A |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | |||||
CVE-2009-2955 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||||
CVE-2008-3657 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 7.5 HIGH | N/A |
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen. | |||||
CVE-2008-5523 | 2 Avast, Microsoft | 2 Avast Antivirus, Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-1747 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944. | |||||
CVE-2009-4101 | 2 Didier Ernotte, Mozilla | 2 Inforss, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | |||||
CVE-2007-5318 | 1 Typolight | 1 Typolight Webcms | 2025-04-09 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 allows remote attackers to download arbitrary files via the src parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-3838 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 7.2 HIGH | N/A |
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service. | |||||
CVE-2007-4742 | 1 Claroline | 1 Claroline | 2025-04-09 | 4.3 MEDIUM | N/A |
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence. | |||||
CVE-2008-3571 | 1 Xerox | 1 Phaser | 2025-04-09 | 7.8 HIGH | N/A |
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900. | |||||
CVE-2008-3676 | 1 Hmailserver | 1 Hmailserver | 2025-04-09 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands. | |||||
CVE-2007-6036 | 1 Live555 | 1 Media Server | 2025-04-09 | 7.1 HIGH | N/A |
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. | |||||
CVE-2008-6751 | 1 Revou | 2 Revou, Tclone | 2025-04-09 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in settings/my_photo. | |||||
CVE-2008-6944 | 1 Scriptsfeed | 1 Auto Classifieds | 2025-04-09 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/. | |||||
CVE-2008-7112 | 1 Kyoceramita | 1 Scanner File Utility | 2025-04-09 | 5.0 MEDIUM | N/A |
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to cause a denial of service (hang or crash) via invalid field length values in a malformed (1) document or (2) request. | |||||
CVE-2007-5231 | 1 Zomplog | 1 Zomplog | 2025-04-09 | 4.6 MEDIUM | N/A |
Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2007-5230. | |||||
CVE-2008-5966 | 1 Globsy | 1 Globsy | 2025-04-09 | 7.5 HIGH | N/A |
globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter. |