Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-4755 | 1 Cor Entertainment | 1 Alien Arena 2007 | 2024-02-28 | 5.0 MEDIUM | N/A |
Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries. | |||||
CVE-2006-5313 | 1 Hastymail | 1 Hastymail | 2024-02-28 | 6.5 MEDIUM | N/A |
Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct SMTP session. NOTE: this is a different type of issue than CVE-2006-5262. | |||||
CVE-2008-0199 | 1 Pro Search | 1 Pro Search | 2024-02-28 | 5.0 MEDIUM | N/A |
PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI. | |||||
CVE-2007-6036 | 1 Live555 | 1 Media Server | 2024-02-28 | 7.1 HIGH | N/A |
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. | |||||
CVE-2008-0475 | 1 Manageengine | 1 Applications Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-0830 | 1 Apple | 1 Iphoto | 2024-02-28 | 7.5 HIGH | N/A |
The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043. | |||||
CVE-2006-6971 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter. | |||||
CVE-2007-5031 | 1 Dibbler | 1 Dibbler | 2024-02-28 | 5.0 MEDIUM | N/A |
The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbler 0.6.0 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via an invalid IA_NA option in a REBIND message. | |||||
CVE-2007-6010 | 1 Pioneers | 1 Pioneers | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933. | |||||
CVE-2007-0522 | 1 Motorola | 1 Motorazr | 2024-02-28 | 3.3 LOW | N/A |
The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||||
CVE-2007-6146 | 1 Hitachi | 1 Jp1 File Transmission Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. | |||||
CVE-2008-0251 | 1 Photopost | 1 Photopost Vbgallery | 2024-02-28 | 10.0 HIGH | N/A |
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors. | |||||
CVE-2007-4742 | 1 Claroline | 1 Claroline | 2024-02-28 | 4.3 MEDIUM | N/A |
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence. | |||||
CVE-2008-0298 | 1 Apple | 2 Mac Os X, Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | |||||
CVE-2007-6596 | 1 Clam Anti-virus | 1 Clamav | 2024-02-28 | 5.0 MEDIUM | N/A |
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. | |||||
CVE-2008-0010 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | N/A |
The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations. | |||||
CVE-2007-4844 | 1 X-diesel | 1 Unreal Commander | 2024-02-28 | 4.3 MEDIUM | N/A |
X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting. | |||||
CVE-2007-2764 | 2 Brocade, Linux | 9 Silkworm 12000 Director, Silkworm 200e Switch, Silkworm 24000 Director and 6 more | 2024-02-28 | 7.8 HIGH | N/A |
The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors. | |||||
CVE-2007-6207 | 1 Xensource Inc | 1 Xen | 2024-02-28 | 2.1 LOW | N/A |
Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. | |||||
CVE-2007-5130 | 1 Boesch-it | 1 Simpgb | 2024-02-28 | 4.3 MEDIUM | N/A |
SimpGB 1.46.02 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php or (2) a direct request to admin/trailer.php, which reveals the path in various error messages. |