Total
9728 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4137 | 1 Php Crawler | 1 Php Crawler | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter. | |||||
CVE-2008-4050 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2024-02-28 | 9.3 HIGH | N/A |
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method. | |||||
CVE-2008-4618 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.8 HIGH | N/A |
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. | |||||
CVE-2008-4505 | 1 Ibm | 1 Lotus Quickr | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability. | |||||
CVE-2009-2533 | 1 Realnetworks | 2 Helix Server, Helix Server Mobile | 2024-02-28 | 5.0 MEDIUM | N/A |
rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers. | |||||
CVE-2008-4398 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. | |||||
CVE-2008-3004 | 1 Microsoft | 2 Office, Office Excel Viewer | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability." | |||||
CVE-2008-1737 | 1 Sophos | 1 Anti-virus | 2024-02-28 | 6.9 MEDIUM | N/A |
Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function. | |||||
CVE-2009-0871 | 1 Digium | 1 Asterisk | 2024-02-28 | 3.5 LOW | N/A |
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions. | |||||
CVE-2008-1478 | 1 Ari Pikivirta | 1 Home Ftp Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-4086 | 1 Javascript | 1 Xerver Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-2420 | 1 Apple | 1 Safari | 2024-02-28 | 5.8 MEDIUM | N/A |
Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703. | |||||
CVE-2008-5542 | 2 Microsoft, Sunbeltsoftware | 2 Internet Explorer, Vipre | 2024-02-28 | 9.3 HIGH | N/A |
Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-4404 | 1 Ibm | 1 Zseries | 2024-02-28 | 10.0 HIGH | N/A |
The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | |||||
CVE-2008-1740 | 1 Cisco | 1 Unified Presence | 2024-02-28 | 7.8 HIGH | N/A |
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972. | |||||
CVE-2008-2742 | 1 Achievo | 1 Achievo | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled. | |||||
CVE-2008-1441 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2024-02-28 | 5.4 MEDIUM | N/A |
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." | |||||
CVE-2008-4640 | 1 Sentex | 1 Jhead | 2024-02-28 | 3.6 LOW | N/A |
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character. | |||||
CVE-2008-6684 | 1 Yourfreeworld | 1 Apartment Search Script | 2024-02-28 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in Member_Admin/logo/. | |||||
CVE-2009-2301 | 1 Radware | 2 Appwall, Gateway | 2024-02-28 | 7.8 HIGH | N/A |
The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. |