Total
9728 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1349 | 3 Apache, Canonical, Redhat | 7 Mod Perl, Ubuntu Linux, Enterprise Linux Desktop and 4 more | 2024-02-28 | 5.0 MEDIUM | N/A |
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. | |||||
CVE-2007-4781 | 1 Joomla | 1 Joomla | 2024-02-28 | 6.6 MEDIUM | N/A |
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter. | |||||
CVE-2007-4784 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. | |||||
CVE-2008-0932 | 3 Debian, Redhat, The Sword Project | 4 Debian Linux, Fedora, Diatheke Front End and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. | |||||
CVE-2007-5036 | 1 Airdefense | 1 Airsensor | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service (HTTPS service outage) via a crafted query string in an HTTPS request to (1) adLog.cgi, (2) post.cgi, or (3) ad.cgi, related to the "files filter." | |||||
CVE-2007-6437 | 1 Balabit | 2 Syslog-ng Open Source Edition, Syslog-ng Premium Edition | 2024-02-28 | 5.0 MEDIUM | N/A |
Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference. | |||||
CVE-2006-7139 | 1 Kde | 2 K-mail, Kde | 2024-02-28 | 2.6 LOW | N/A |
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. | |||||
CVE-2007-1202 | 1 Microsoft | 3 Word, Word Viewer, Works | 2024-02-28 | 6.8 MEDIUM | N/A |
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." | |||||
CVE-2007-1476 | 1 Symantec | 6 Client Security, Norton Antispam, Norton Antivirus and 3 more | 2024-02-28 | 1.9 LOW | N/A |
The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855. | |||||
CVE-2008-0097 | 1 Georgia Softworks | 1 Ssh2 Server | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message. | |||||
CVE-2007-2509 | 1 Php | 1 Php | 2024-02-28 | 2.6 LOW | N/A |
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. | |||||
CVE-2007-6039 | 1 Php | 1 Php | 2024-02-28 | 2.1 LOW | N/A |
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. | |||||
CVE-2006-4340 | 1 Mozilla | 4 Firefox, Network Security Services, Seamonkey and 1 more | 2024-02-28 | 4.0 MEDIUM | N/A |
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. | |||||
CVE-2007-5657 | 1 Tibco | 4 Ems Server, Enterprise Message Service, Rtworks and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets. | |||||
CVE-2008-0373 | 1 Php | 1 F1 Maxs File Uploader | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files. | |||||
CVE-2007-6494 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-28 | 10.0 HIGH | N/A |
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. | |||||
CVE-2007-6684 | 1 Videolan | 1 Vlc | 2024-02-28 | 5.0 MEDIUM | N/A |
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | |||||
CVE-2006-5265 | 1 Microsoft | 1 Dynamics Gp | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. | |||||
CVE-2007-4695 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. | |||||
CVE-2007-4914 | 1 Invision Power Services | 1 Invision Power Board | 2024-02-28 | 6.0 MEDIUM | N/A |
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/. |