Total
9728 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1761 | 1 Ca | 1 Arcserve Backup | 2024-02-28 | 5.0 MEDIUM | N/A |
| The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. | |||||
| CVE-2009-4106 | 1 Ohloh | 1 Agoko Cms | 2024-02-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters. | |||||
| CVE-2009-0093 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Server 2008 | 2024-02-28 | 3.5 LOW | N/A |
| Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. | |||||
| CVE-2008-3314 | 1 Zdaemon | 1 Zdaemon | 2024-02-28 | 5.0 MEDIUM | N/A |
| ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference. | |||||
| CVE-2008-1457 | 1 Microsoft | 5 Windows-nt, Windows 2000, Windows 2003 Server and 2 more | 2024-02-28 | 9.0 HIGH | N/A |
| The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. | |||||
| CVE-2009-1491 | 2 Mcafee, Microsoft | 2 Groupshield, Exchange Server | 2024-02-28 | 9.3 HIGH | N/A |
| McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. | |||||
| CVE-2009-0099 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | |||||
| CVE-2009-2855 | 1 Squid-cache | 1 Squid | 2024-02-28 | 5.0 MEDIUM | N/A |
| The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. | |||||
| CVE-2008-4041 | 1 Softalk Mail Server | 1 Softalk Mail Server | 2024-02-28 | 4.0 MEDIUM | N/A |
| The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters. | |||||
| CVE-2009-0943 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 6.8 MEDIUM | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | |||||
| CVE-2008-5548 | 2 Microsoft, Virusbuster | 2 Internet Explorer, Virusbuster | 2024-02-28 | 9.3 HIGH | N/A |
| VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-1544 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2024-02-28 | 7.1 HIGH | N/A |
| The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header. | |||||
| CVE-2008-4343 | 1 Chilkat Software | 1 Chilkat Xml Activex Control | 2024-02-28 | 9.3 HIGH | N/A |
| The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. | |||||
| CVE-2008-1605 | 1 Leadtools | 1 Multimedia Toolkit | 2024-02-28 | 6.8 MEDIUM | N/A |
| The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method. | |||||
| CVE-2009-0088 | 1 Microsoft | 5 Office Converter Pack, Office Word, Windows 2000 and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
| The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." | |||||
| CVE-2008-1647 | 1 Chilkat Software | 1 Chilkathttp Activex | 2024-02-28 | 9.3 HIGH | N/A |
| The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1234 | 1 Opera | 1 Opera Browser | 2024-02-28 | 4.3 MEDIUM | N/A |
| Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected. | |||||
| CVE-2009-2261 | 1 Giorgio Tani | 1 Peazip | 2024-02-28 | 9.3 HIGH | N/A |
| PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command. | |||||
| CVE-2008-4136 | 1 Michael Roth Software | 1 Pftp | 2024-02-28 | 5.0 MEDIUM | N/A |
| Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames. | |||||
| CVE-2009-0858 | 1 D.j.bernstein | 1 Djbdns | 2024-02-28 | 5.8 MEDIUM | N/A |
| The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain. | |||||