Total
10302 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5966 | 1 Globsy | 1 Globsy | 2025-04-09 | 7.5 HIGH | N/A |
globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter. | |||||
CVE-2007-2408 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | |||||
CVE-2008-2326 | 2 Apple, Microsoft | 6 Bonjour, Windows-nt, Windows 2000 and 3 more | 2025-04-09 | 5.0 MEDIUM | N/A |
mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label. | |||||
CVE-2008-5522 | 2 Avg, Microsoft | 2 Antivirus, Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2007-5283 | 1 Hitachi | 1 Tpbroker Object Transaction Monitor | 2025-04-09 | 5.0 MEDIUM | N/A |
The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages. | |||||
CVE-2008-2748 | 1 Skulltag Team | 1 Skulltag | 2025-04-09 | 5.0 MEDIUM | N/A |
Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times." | |||||
CVE-2008-5963 | 1 Gravity-gtd | 1 Gravity-gtd | 2025-04-09 | 10.0 HIGH | N/A |
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter. | |||||
CVE-2008-0373 | 1 Php | 1 F1 Maxs File Uploader | 2025-04-09 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files. | |||||
CVE-2009-1824 | 1 Arcabit | 4 Arcavir 2009 Antivirus Protection, Arcavir 2009 Home Protection, Arcavir 2009 Internet Security and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs. | |||||
CVE-2008-6058 | 1 Syslserve | 1 Syslserve | 2025-04-09 | 5.0 MEDIUM | N/A |
Syslserve 1.058 and earlier, and probably 1.059, allows remote attackers to cause a denial of service (hang) via a crafted UDP Syslog packet. | |||||
CVE-2009-2138 | 1 Tbdev | 1 Tbdev.net | 2025-04-09 | 4.3 MEDIUM | N/A |
Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI. | |||||
CVE-2007-0216 | 1 Microsoft | 2 Office, Works | 2025-04-09 | 9.3 HIGH | N/A |
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." | |||||
CVE-2007-6218 | 1 Ossigeno | 1 Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234. | |||||
CVE-2007-5448 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 4.3 MEDIUM | N/A |
Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c. | |||||
CVE-2009-1045 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | 5.0 MEDIUM | N/A |
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. | |||||
CVE-2008-4932 | 1 Comingchina | 1 U-mail Webmail Server | 2025-04-09 | 9.0 HIGH | N/A |
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root. | |||||
CVE-2007-4887 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. | |||||
CVE-2007-6178 | 1 Easy Hosting Control Panel | 1 Easy Hosting Control Panel | 2025-04-09 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | |||||
CVE-2008-1702 | 1 E107 | 2 E107, My Gallery | 2025-04-09 | 4.3 MEDIUM | N/A |
Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-1336 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function. |