Total
9728 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3250 | 1 Vtiger | 1 Vtiger Crm | 2024-02-28 | 9.0 HIGH | N/A |
| The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/. | |||||
| CVE-2008-5730 | 1 Netcat | 1 Netcat | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file. | |||||
| CVE-2008-4388 | 1 Symantec | 1 Appstream Client | 2024-02-28 | 9.3 HIGH | N/A |
| The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods. | |||||
| CVE-2008-6175 | 1 K2sxs | 1 Silvershield | 2024-02-28 | 5.0 MEDIUM | N/A |
| SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command. | |||||
| CVE-2009-0418 | 1 Hp | 1 Hp-ux | 2024-02-28 | 9.3 HIGH | N/A |
| The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | |||||
| CVE-2009-1125 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." | |||||
| CVE-2009-0016 | 2 Apple, Microsoft | 2 Itunes, Windows | 2024-02-28 | 5.0 MEDIUM | N/A |
| Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | |||||
| CVE-2008-4500 | 1 Solarwinds | 1 Serv-u File Server | 2024-02-28 | 4.0 MEDIUM | N/A |
| Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1". | |||||
| CVE-2008-3936 | 1 Dreambox | 1 Dm500c | 2024-02-28 | 7.8 HIGH | N/A |
| The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. | |||||
| CVE-2008-2809 | 2 Mozilla, Netscape | 4 Firefox, Geckb, Seamonkey and 1 more | 2024-02-28 | 4.0 MEDIUM | N/A |
| Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | |||||
| CVE-2008-1028 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. | |||||
| CVE-2008-3932 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
| Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. | |||||
| CVE-2008-0892 | 1 Redhat | 2 Directory Server, Fedora Directory Server | 2024-02-28 | 9.0 HIGH | N/A |
| The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands. | |||||
| CVE-2008-2805 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range. | |||||
| CVE-2008-6119 | 1 Goople Cms | 1 Goople Cms | 2024-02-28 | 7.5 HIGH | N/A |
| Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3607 | 1 Noticeware | 1 Email Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands. | |||||
| CVE-2008-2171 | 1 Alaxala | 1 Ax Router | 2024-02-28 | 7.1 HIGH | N/A |
| Unspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
| CVE-2009-0942 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 6.8 MEDIUM | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | |||||
| CVE-2008-3811 | 1 Cisco | 1 Ios | 2024-02-28 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810. | |||||
| CVE-2008-5014 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
| jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. | |||||