Total
9729 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1080 | 1 Opera | 1 Opera Browser | 2024-02-28 | 6.8 MEDIUM | N/A |
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. | |||||
CVE-2008-0116 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." | |||||
CVE-2007-4969 | 1 Sysinternals | 1 Process Monitor | 2024-02-28 | 4.4 MEDIUM | N/A |
Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey. | |||||
CVE-2007-5925 | 1 Mysql | 1 Mysql | 2024-02-28 | 4.0 MEDIUM | N/A |
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. | |||||
CVE-2006-7070 | 1 Etomite | 1 Etomite | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function. | |||||
CVE-2008-1277 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2024-02-28 | 9.0 HIGH | N/A |
The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference. | |||||
CVE-2007-4450 | 1 Toribash | 1 Toribash | 2024-02-28 | 5.0 MEDIUM | N/A |
The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-4449 easier. | |||||
CVE-2006-7160 | 1 Agnitum | 1 Outpost Firewall | 2024-02-28 | 4.9 MEDIUM | N/A |
The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions. | |||||
CVE-2007-6689 | 1 Menalto | 1 Gallery | 2024-02-28 | 7.5 HIGH | N/A |
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module. | |||||
CVE-2007-2292 | 2 Microsoft, Mozilla | 3 Internet Explorer, Firefox, Seamonkey | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. | |||||
CVE-2007-5283 | 1 Hitachi | 1 Tpbroker Object Transaction Monitor | 2024-02-28 | 5.0 MEDIUM | N/A |
The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages. | |||||
CVE-2007-5893 | 1 Alhem | 1 C\+\+ Sockets Library | 2024-02-28 | 5.0 MEDIUM | N/A |
HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party information. | |||||
CVE-2008-1303 | 1 Perforce | 1 Perforce Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference. | |||||
CVE-2007-5282 | 1 Hitachi | 3 Cosminexus Agent, Cosminexus Library Standard, Cosminexus Library Web | 2024-02-28 | 4.3 MEDIUM | N/A |
Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager. | |||||
CVE-2007-4757 | 1 Phpmytourney | 1 Phpmytourney | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter. | |||||
CVE-2007-5563 | 1 Virtuemart | 1 Virtuemart | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
CVE-2006-2219 | 1 Phpbb Group | 1 Phpbb | 2024-02-28 | 5.0 MEDIUM | N/A |
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message. | |||||
CVE-2008-0009 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | N/A |
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations. | |||||
CVE-2007-5737 | 1 Ghlab | 1 Korean Ghboard | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request. | |||||
CVE-2007-4671 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. |