Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5523 | 2 Avast, Microsoft | 2 Avast Antivirus, Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-6121 | 1 Socialengine | 1 Socialengine | 2024-02-28 | 7.5 HIGH | N/A |
CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. | |||||
CVE-2009-1082 | 1 Sun | 1 Java System Identity Manager | 2024-02-28 | 9.0 HIGH | N/A |
Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs. | |||||
CVE-2008-1745 | 1 Cisco | 1 Unified Communications Manager | 2024-02-28 | 7.8 HIGH | N/A |
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115. | |||||
CVE-2009-0545 | 1 Zeroshell | 1 Zeroshell | 2024-02-28 | 10.0 HIGH | N/A |
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. | |||||
CVE-2009-2622 | 1 Squid-cache | 1 Squid | 2024-02-28 | 5.0 MEDIUM | N/A |
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. | |||||
CVE-2008-4049 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2024-02-28 | 6.8 MEDIUM | N/A |
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method. | |||||
CVE-2009-2513 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." | |||||
CVE-2008-1568 | 1 Comix | 1 Comix | 2024-02-28 | 7.5 HIGH | N/A |
comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs. | |||||
CVE-2009-4028 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-28 | 6.8 MEDIUM | N/A |
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. | |||||
CVE-2009-1783 | 1 F-prot | 3 F-prot Antivirus, F-prot Aves, F-prot Milter | 2024-02-28 | 10.0 HIGH | N/A |
Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. | |||||
CVE-2008-1898 | 1 Microsoft | 2 Office, Works | 2024-02-28 | 9.3 HIGH | N/A |
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. | |||||
CVE-2008-4358 | 1 Spaw Editor | 1 Spaw Php | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name. | |||||
CVE-2008-5906 | 1 Ktorrent | 1 Ktorrent | 2024-02-28 | 6.8 MEDIUM | N/A |
Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts. | |||||
CVE-2008-4441 | 2 Linksys, Marvell | 2 Wap400n, 88w8361p-bem1 | 2024-02-28 | 7.1 HIGH | N/A |
The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197. | |||||
CVE-2009-1124 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." | |||||
CVE-2008-6806 | 1 7-shop | 1 7shop | 2024-02-28 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/. | |||||
CVE-2009-1219 | 1 Sun | 2 Java System Calendar Server, One Calendar Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. | |||||
CVE-2008-2056 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Pix Security Appliance | 2024-02-28 | 7.8 HIGH | N/A |
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface. | |||||
CVE-2008-1532 | 1 Perlbal | 1 Perlbal | 2024-02-28 | 5.0 MEDIUM | N/A |
Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload. |