Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2172 | 1 Hitachi | 3 Gr2000, Gr3000, Gr4000 | 2024-02-28 | 7.1 HIGH | N/A |
Unspecified vulnerability in Hitachi GR routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2024-02-28 | 10.0 HIGH | N/A |
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | |||||
CVE-2008-6171 | 1 Drupal | 1 Drupal | 2024-02-28 | 9.3 HIGH | N/A |
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||||
CVE-2009-2620 | 1 Firebirdsql | 1 Firebird | 2024-02-28 | 5.0 MEDIUM | N/A |
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference. | |||||
CVE-2009-2256 | 1 Netgear | 1 Dg632 | 2024-02-28 | 7.8 HIGH | N/A |
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. | |||||
CVE-2008-4641 | 1 Sentex | 1 Jhead | 2024-02-28 | 10.0 HIGH | N/A |
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | |||||
CVE-2009-0859 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.7 MEDIUM | N/A |
The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program. | |||||
CVE-2009-2303 | 1 Avatic | 1 Aardvark Topsites Php | 2024-02-28 | 5.0 MEDIUM | N/A |
index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message. | |||||
CVE-2009-4100 | 2 Mozilla, Yoono | 2 Firefox, Yoono | 2024-02-28 | 9.3 HIGH | N/A |
Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload. | |||||
CVE-2009-0582 | 1 Gnome | 1 Evolution-data-server | 2024-02-28 | 5.8 MEDIUM | N/A |
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. | |||||
CVE-2008-4748 | 1 Kvirc | 1 Kvirc | 2024-02-28 | 7.6 HIGH | N/A |
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI. | |||||
CVE-2008-2256 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability." | |||||
CVE-2008-3889 | 2 Linux, Postfix | 2 Linux Kernel, Postfix | 2024-02-28 | 2.1 LOW | N/A |
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file. | |||||
CVE-2009-0843 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2024-02-28 | 7.8 HIGH | N/A |
The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists. | |||||
CVE-2008-6978 | 1 Fullrevolution | 1 Aspwebalbum | 2024-02-28 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp. | |||||
CVE-2008-5581 | 1 Mini-pub | 1 Mini-pub | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter. | |||||
CVE-2008-6185 | 1 Noticeware | 1 Noticeware Email Server Ng | 2024-02-28 | 5.0 MEDIUM | N/A |
NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command. | |||||
CVE-2008-2941 | 1 Hp | 1 Linux Imaging And Printing Project | 2024-02-28 | 4.9 MEDIUM | N/A |
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207. | |||||
CVE-2009-1268 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. | |||||
CVE-2008-2735 | 1 Cisco | 1 Adaptive Security Appliance 5500 | 2024-02-28 | 7.1 HIGH | N/A |
The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369. |