Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5824 | 1 Firefly | 1 Media Server | 2024-02-28 | 7.1 HIGH | N/A |
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function. | |||||
CVE-2007-1136 | 1 Webmplayer | 1 Webmplayer | 2024-02-28 | 6.8 MEDIUM | N/A |
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous. | |||||
CVE-2008-0414 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." | |||||
CVE-2007-5448 | 1 Madwifi | 1 Madwifi | 2024-02-28 | 4.3 MEDIUM | N/A |
Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c. | |||||
CVE-2007-2408 | 1 Apple | 1 Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | |||||
CVE-2007-5208 | 1 Hp | 1 Linux Imaging And Printing Project | 2024-02-28 | 7.6 HIGH | N/A |
hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail. | |||||
CVE-2007-3912 | 1 Debian | 1 Debian-goodies | 2024-02-28 | 7.2 HIGH | N/A |
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process. | |||||
CVE-2007-4780 | 1 Joomla | 1 Joomla | 2024-02-28 | 6.8 MEDIUM | N/A |
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | |||||
CVE-2008-0876 | 1 Hitachi | 2 Sewb3 Mi-platform, Sewb3 Platform | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via "invalid data." | |||||
CVE-2007-6509 | 1 Appian | 1 Business Process Management Suite | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. | |||||
CVE-2007-4570 | 1 Redhat | 2 Enterprise Linux, Mcstrans | 2024-02-28 | 1.9 LOW | N/A |
Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. | |||||
CVE-2007-0035 | 1 Microsoft | 2 Office, Works | 2024-02-28 | 9.3 HIGH | N/A |
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." | |||||
CVE-2007-5040 | 1 Ghostsecurity | 1 Ghost Security Suite | 2024-02-28 | 2.1 LOW | N/A |
Ghost Security Suite alpha 1.200 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtCreateThread, (3) NtDeleteValueKey, (4) NtQueryValueKey, (5) NtSetSystemInformation, and (6) NtSetValueKey kernel SSDT hooks. | |||||
CVE-2007-5928 | 1 Openbase International Ltd | 1 Openbase | 2024-02-28 | 9.0 HIGH | N/A |
OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear. | |||||
CVE-2008-0506 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-28 | 6.8 MEDIUM | N/A |
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. | |||||
CVE-2007-3701 | 2 3com, Tippingpoint | 2 Tippingpoint Ips Tos, Tipping Point | 2024-02-28 | 7.5 HIGH | N/A |
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. | |||||
CVE-2007-5039 | 1 Ghostsecurity | 1 Ghost Security Suite | 2024-02-28 | 2.1 LOW | N/A |
Ghost Security Suite beta 1.110 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtQueryValueKey, (4) NtSetSystemInformation, and (5) NtSetValueKey kernel SSDT hooks. | |||||
CVE-2007-6060 | 1 Ahnlab | 1 V3 Internet Security | 2024-02-28 | 9.3 HIGH | N/A |
AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename. | |||||
CVE-2007-5736 | 1 Seeblick | 1 Seeblick | 2024-02-28 | 6.4 MEDIUM | N/A |
Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS. | |||||
CVE-2007-3711 | 1 3com | 1 Tippingpoint Ips Tos | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. |