Total
10773 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0298 | 1 Apple | 2 Mac Os X, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | |||||
| CVE-2008-6556 | 1 Puppet Master | 1 Webutil | 2025-04-09 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command. | |||||
| CVE-2006-6653 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 1.7 LOW | N/A |
| The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket"). | |||||
| CVE-2007-6534 | 1 Microsoft | 1 Publisher | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | |||||
| CVE-2007-5258 | 1 Phpfreelog | 1 Phpfreelog | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous. | |||||
| CVE-2008-3145 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
| The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. | |||||
| CVE-2007-5557 | 1 Nec | 1 Mobile Handset | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-3654 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 2.1 LOW | N/A |
| The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function. | |||||
| CVE-2009-4467 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 4.0 MEDIUM | N/A |
| misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action. | |||||
| CVE-2009-0790 | 2 Strongswan, Xelerance | 2 Strongswan, Openswan | 2025-04-09 | 5.0 MEDIUM | N/A |
| The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. | |||||
| CVE-2009-1268 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. | |||||
| CVE-2008-3362 | 2 Giulio Ganci, Wordpress | 2 Wp Downloads Manager, Wp Downloads Manager | 2025-04-09 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/. | |||||
| CVE-2008-7068 | 1 Php | 1 Php | 2025-04-09 | 6.4 MEDIUM | N/A |
| The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file. | |||||
| CVE-2008-2970 | 1 Yektaweb | 1 Academic Web Tools | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/. | |||||
| CVE-2008-2006 | 1 Apple | 2 Ical, Mac Os X | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. | |||||
| CVE-2008-5872 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values. | |||||
| CVE-2009-2715 | 1 Sun | 1 Virtualbox | 2025-04-09 | 4.9 MEDIUM | N/A |
| Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction. | |||||
| CVE-2008-2988 | 1 Benjacms | 1 Benja Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/. | |||||
| CVE-2008-6913 | 1 Zeeways | 1 Zeejobsite | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to jobseekers/logos/. | |||||
| CVE-2007-4757 | 1 Phpmytourney | 1 Phpmytourney | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter. | |||||