Total
9730 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0396 | 1 Sony Ericsson | 9 K530i, K610i, K618i and 6 more | 2024-02-28 | 7.8 HIGH | N/A |
| The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed WAP Push packet to (1) SMS or (2) UDP port 2948. | |||||
| CVE-2009-2654 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. | |||||
| CVE-2008-3947 | 1 Hp | 1 Openvms | 2024-02-28 | 7.2 HIGH | N/A |
| DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line. | |||||
| CVE-2009-2992 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-28 | 4.3 MEDIUM | N/A |
| An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2008-6504 | 2 Apache, Opensymphony | 2 Struts, Xwork | 2024-02-28 | 5.0 MEDIUM | N/A |
| ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character. | |||||
| CVE-2008-1862 | 1 Exbb | 1 Exbb Italia | 2024-02-28 | 6.8 MEDIUM | N/A |
| ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php. | |||||
| CVE-2008-3818 | 1 Cisco | 7 Ons, Ons 15310-cl, Ons 15310-ma and 4 more | 2024-02-28 | 7.8 HIGH | N/A |
| Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session. | |||||
| CVE-2008-2545 | 1 Skype Technologies | 1 Skype | 2024-02-28 | 9.3 HIGH | N/A |
| Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. | |||||
| CVE-2008-5521 | 2 Free-av, Microsoft | 2 Antivir, Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
| Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-6793 | 1 Dflabs | 1 Ptk | 2024-02-28 | 6.8 MEDIUM | N/A |
| The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. | |||||
| CVE-2008-2259 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability." | |||||
| CVE-2008-5522 | 2 Avg, Microsoft | 2 Antivirus, Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
| AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-6826 | 1 Mhfmedia | 1 Ads Pro | 2024-02-28 | 10.0 HIGH | N/A |
| dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages. | |||||
| CVE-2008-6207 | 1 Phpg Upload | 1 Phpg Upload | 2024-02-28 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in form_upload.php in PHPG Upload 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7205 | 1 Virtuemart | 1 Virtuemart | 2024-02-28 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file. | |||||
| CVE-2009-2993 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-28 | 9.3 HIGH | N/A |
| The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3210 | 1 Resiprocate | 1 Resiprocate | 2024-02-28 | 5.0 MEDIUM | N/A |
| rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows remote attackers to cause a denial of service (daemon crash) via a SIP (1) INVITE or (2) OPTIONS message with a long domain name in a request URI, which triggers an assert error. | |||||
| CVE-2008-6557 | 1 Puppetmaster | 1 Webutil | 2024-02-28 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command. | |||||
| CVE-2009-1272 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
| The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction. | |||||
| CVE-2008-5826 | 1 Nokia | 1 6131 Nfc | 2024-02-28 | 7.8 HIGH | N/A |
| The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI. | |||||