Total
9728 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3766 | 1 Realtime Internet Band Rehearsal | 1 Low Latency Internet Connection Tool | 2024-02-28 | 5.0 MEDIUM | N/A |
Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages. | |||||
CVE-2008-4318 | 1 Project-observer | 1 Observer | 2024-02-28 | 10.0 HIGH | N/A |
Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php. | |||||
CVE-2008-1734 | 1 Gentoo | 2 Linux, Php Toolkit | 2024-02-28 | 3.6 LOW | N/A |
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server. | |||||
CVE-2008-7037 | 2 Itn, Microsoft | 2 Itn News Gadget, Windows Vista | 2024-02-28 | 7.5 HIGH | N/A |
The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response. | |||||
CVE-2008-3906 | 2 Mono, Mono Project | 2 Mono, Mono | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. | |||||
CVE-2009-2320 | 1 Axesstel | 1 Mv 410r | 2024-02-28 | 7.5 HIGH | N/A |
The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript. | |||||
CVE-2008-5544 | 2 Hacksoft, Microsoft | 2 The Hacker, Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-4071 | 2 Adobe, Microsoft | 3 Acrobat, Internet Explorer, Windows Vista | 2024-02-28 | 5.0 MEDIUM | N/A |
A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. | |||||
CVE-2008-5695 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2024-02-28 | 8.5 HIGH | N/A |
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins. | |||||
CVE-2008-2392 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 9.0 HIGH | N/A |
Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard. | |||||
CVE-2009-1432 | 1 Symantec | 3 Antivirus, Client Security, Endpoint Protection | 2024-02-28 | 5.0 MEDIUM | N/A |
Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled. | |||||
CVE-2008-4309 | 1 Net-snmp | 1 Net-snmp | 2024-02-28 | 5.0 MEDIUM | N/A |
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | |||||
CVE-2008-3007 | 1 Microsoft | 2 Office, Office Onenote | 2024-02-28 | 9.3 HIGH | N/A |
Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." | |||||
CVE-2008-3127 | 1 Hiox India | 1 Banner Rotator | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | |||||
CVE-2008-6702 | 1 Stalker-game | 1 S.t.a.l.k.e.r.\ | 2024-02-28 | 5.0 MEDIUM | N/A |
S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception. | |||||
CVE-2009-1300 | 1 Debian | 1 Advanced Package Tool | 2024-02-28 | 10.0 HIGH | N/A |
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight. | |||||
CVE-2008-4514 | 1 Konqueror | 1 Konqueror | 2024-02-28 | 5.0 MEDIUM | N/A |
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error. | |||||
CVE-2009-1773 | 1 Activecollab | 1 Activecollab | 2024-02-28 | 5.0 MEDIUM | N/A |
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message. | |||||
CVE-2009-1777 | 1 Matt Wright | 1 Formmail | 2024-02-28 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter. | |||||
CVE-2009-0289 | 1 Windows Tftp Utility | 1 Tftputil | 2024-02-28 | 5.0 MEDIUM | N/A |
k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request. |