Vulnerabilities (CVE)

Filtered by CWE-119
Total 11612 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0660 2 Aurigma, Facebook 3 Image Uploader Activex Control, Facebook, Photouploader 2024-02-28 9.3 HIGH N/A
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
CVE-2008-0698 1 Ibm 1 Db2 2024-02-28 7.8 HIGH N/A
Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."
CVE-2007-6252 1 Learn2 1 Strunner 2024-02-28 6.8 MEDIUM N/A
Multiple stack-based buffer overflows in the Learn2 Corporation STRunner (aka Street Technologies) ActiveX control in iestm32.dll allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2008-1307 1 Kingsoft 1 Antivirus Online Update Module 2024-02-28 10.0 HIGH N/A
Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method.
CVE-2008-1188 1 Sun 2 Jdk, Jre 2024-02-28 9.3 HIGH N/A
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
CVE-2007-6426 1 Emc 1 Replistor 2024-02-28 7.8 HIGH N/A
Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.
CVE-2008-0671 1 Tintin 2 Tintin\+\+, Wintin\+\+ 2024-02-28 10.0 HIGH N/A
Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF.
CVE-2007-6654 1 Macrovision 1 Update Service 2024-02-28 9.3 HIGH N/A
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660.
CVE-2008-0529 1 Cisco 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone 2024-02-28 10.0 HIGH N/A
Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.
CVE-2007-6302 1 Novell 1 Netmail 2024-02-28 6.8 MEDIUM N/A
Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162."
CVE-2008-0702 1 South River Technologies 1 Titan Ftp Server 2024-02-28 9.3 HIGH N/A
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
CVE-2007-6181 1 Redhat 1 Cygwin 2024-02-28 8.5 HIGH N/A
Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19.
CVE-2008-1052 1 Netwin 1 Surgeftp 2024-02-28 6.4 MEDIUM N/A
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
CVE-2007-6530 3 Groove, Hp, Persits 3 Virtual Office, Loadrunner, Xupload 2024-02-28 9.3 HIGH N/A
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.
CVE-2008-0378 1 Nec 1 Sockscap 2024-02-28 6.8 MEDIUM N/A
Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.
CVE-2007-6227 1 Qemu 1 Qemu 2024-02-28 7.2 HIGH N/A
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.
CVE-2008-0477 1 Move Networks Inc 1 Move Media Player 2024-02-28 10.0 HIGH N/A
Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to execute arbitrary code via a long first argument to the Upgrade method. NOTE: some of these details are obtained from third party information.
CVE-2007-5007 1 Gnome 1 Balsa 2024-02-28 6.8 MEDIUM N/A
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
CVE-2008-0096 1 Georgia Softworks 1 Ssh2 Server 2024-02-28 7.5 HIGH N/A
Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password.
CVE-2008-1096 1 Imagemagick 2 Graphicsmagick, Imagemagick 2024-02-28 6.8 MEDIUM N/A
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.