Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0465 | 1 Synactis | 1 All In The Box.ocx | 2024-02-28 | 9.3 HIGH | N/A |
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument. | |||||
CVE-2008-2945 | 1 Sun | 2 Java System Access Manager, Java System Identity Server | 2024-02-28 | 7.5 HIGH | N/A |
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. | |||||
CVE-2008-2954 | 1 Linux | 1 Direct Connect | 2024-02-28 | 7.8 HIGH | N/A |
client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read. | |||||
CVE-2008-3479 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." | |||||
CVE-2008-1412 | 1 F-secure | 12 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus For Linux and 9 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | |||||
CVE-2008-5669 | 1 Textpattern | 1 Textpattern | 2024-02-28 | 5.0 MEDIUM | N/A |
index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter. | |||||
CVE-2008-2042 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-28 | 9.3 HIGH | N/A |
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. | |||||
CVE-2008-7180 | 1 Rittwick Banerjee | 1 Telephone Directory 2008 | 2024-02-28 | 5.0 MEDIUM | N/A |
del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable. | |||||
CVE-2009-2954 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||||
CVE-2008-4103 | 1 Joomla | 2 Com Mailto, Joomla | 2024-02-28 | 5.0 MEDIUM | N/A |
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. | |||||
CVE-2008-2704 | 1 Novell | 1 Groupwise Messenger | 2024-02-28 | 5.0 MEDIUM | N/A |
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
CVE-2009-1834 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 4.3 MEDIUM | N/A |
Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters. | |||||
CVE-2008-4817 | 1 Adobe | 3 Acrobat, Acrobat Reader, Download Manager | 2024-02-28 | 9.3 HIGH | N/A |
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. | |||||
CVE-2008-6490 | 1 Flysforum | 1 Flaber | 2024-02-28 | 7.5 HIGH | N/A |
function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php. | |||||
CVE-2008-6558 | 2 Sco, Unixware | 2 Unixware, Reliantha | 2024-02-28 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program. | |||||
CVE-2009-1106 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 6.4 MEDIUM | N/A |
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. | |||||
CVE-2009-2509 | 1 Microsoft | 2 Windows Server 2003, Windows Server 2008 | 2024-02-28 | 9.0 HIGH | N/A |
Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." | |||||
CVE-2009-2852 | 2 Ryan.mcgeary, Wordpress | 2 Wp-syntax, Wordpress | 2024-02-28 | 6.8 MEDIUM | N/A |
WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function. | |||||
CVE-2009-2765 | 1 Dd-wrt | 1 Dd-wrt | 2024-02-28 | 8.3 HIGH | N/A |
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI. | |||||
CVE-2008-4163 | 1 Isc | 1 Bind | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. |