Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0980 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 5.0 MEDIUM | N/A |
| Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. | |||||
| CVE-1999-0969 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 5.0 MEDIUM | N/A |
| The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. | |||||
| CVE-1999-0489 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 10.0 HIGH | N/A |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. | |||||
| CVE-1999-0910 | 1 Microsoft | 3 Commercial Internet System, Site Server, Site Server Commerce | 2018-10-12 | 5.0 MEDIUM | N/A |
| Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. | |||||
| CVE-1999-0749 | 1 Microsoft | 2 Windows 95, Windows 98 | 2018-10-12 | 2.6 LOW | N/A |
| Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. | |||||
| CVE-1999-0739 | 1 Microsoft | 1 Internet Information Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-1999-0738 | 1 Microsoft | 1 Internet Information Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-1999-0737 | 1 Microsoft | 1 Internet Information Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-1999-0736 | 1 Microsoft | 1 Internet Information Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-1999-1127 | 1 Microsoft | 1 Windows Nt | 2018-10-12 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. | |||||
| CVE-1999-0723 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2018-10-12 | 7.1 HIGH | N/A |
| The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. | |||||
| CVE-1999-0717 | 1 Microsoft | 5 Excel, Windows 2000, Windows 95 and 2 more | 2018-10-12 | 2.6 LOW | N/A |
| A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. | |||||
| CVE-1999-0716 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2018-10-12 | 4.6 MEDIUM | N/A |
| Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. | |||||
| CVE-1999-0715 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2018-10-12 | 4.6 MEDIUM | N/A |
| Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. | |||||
| CVE-2009-0374 | 1 Google | 1 Chrome | 2018-10-11 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue." | |||||
| CVE-2008-7137 | 1 Eye.fi | 1 Eye-fi Manager | 2018-10-11 | 5.0 MEDIUM | N/A |
| WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors. | |||||
| CVE-2008-7211 | 2 Microsoft, Soundblaster | 2 Windows Vista, Ensoniq Pci Es1371 Wdm Driver | 2018-10-11 | 6.9 MEDIUM | N/A |
| CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. | |||||
| CVE-2008-7065 | 1 Siemens | 2 Gigaset C450 Ip, Gigaset C475 Ip | 2018-10-11 | 7.8 HIGH | N/A |
| Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060. | |||||
| CVE-2008-7025 | 1 Checkpoint | 1 Zonealarm | 2018-10-11 | 4.3 MEDIUM | N/A |
| TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response. | |||||
| CVE-2008-6845 | 1 Clamav | 1 Clamav | 2018-10-11 | 5.0 MEDIUM | N/A |
| The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file. | |||||
| CVE-2008-6660 | 1 Ozerov | 1 Bigdump | 2018-10-11 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6712 | 1 Ea | 1 Crysis | 2018-10-11 | 5.0 MEDIUM | N/A |
| The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference. | |||||
| CVE-2008-6775 | 1 Htc | 2 Touch Cruise, Touch Pro | 2018-10-11 | 7.1 HIGH | N/A |
| HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204. | |||||
| CVE-2008-5353 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-11 | 10.0 HIGH | N/A |
| The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". | |||||
| CVE-2008-5029 | 1 Linux | 1 Linux Kernel | 2018-10-11 | 4.9 MEDIUM | N/A |
| The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. | |||||
| CVE-2008-4787 | 1 Microsoft | 1 Internet Explorer | 2018-10-11 | 5.8 MEDIUM | N/A |
| Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025. | |||||
| CVE-2008-4830 | 1 Sap | 1 Sap Gui | 2018-10-11 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method. | |||||
| CVE-2008-4788 | 1 Microsoft | 1 Internet Explorer | 2018-10-11 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900. | |||||
| CVE-2008-3792 | 1 Linux | 1 Linux Kernel | 2018-10-11 | 7.1 HIGH | N/A |
| net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks. | |||||
| CVE-2008-3068 | 1 Microsoft | 17 Access, Excel, Frontpage and 14 more | 2018-10-11 | 7.5 HIGH | N/A |
| Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. | |||||
| CVE-2008-2878 | 1 Yektaweb | 1 Academic Web Tools | 2018-10-11 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter. | |||||
| CVE-2008-2268 | 1 Mdsjack | 1 Mjguest | 2018-10-11 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6.7 GT Rev.01 allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in a redirect action to mjguest.php. NOTE: this is user-assisted because there is a delay and a notification before redirection occurs. | |||||
| CVE-2008-2142 | 1 Gnu | 2 Emacs, Xemacs | 2018-10-11 | 6.8 MEDIUM | N/A |
| Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. | |||||
| CVE-2008-1999 | 1 Apple | 1 Safari | 2018-10-11 | 5.0 MEDIUM | N/A |
| Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. | |||||
| CVE-2008-1736 | 1 Comodo | 1 Comodo Personal Firewall | 2018-10-11 | 7.2 HIGH | N/A |
| Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709. | |||||
| CVE-2008-1735 | 1 Bitdefender | 1 Antivirus | 2018-10-11 | 4.9 MEDIUM | N/A |
| BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. | |||||
| CVE-2008-1501 | 2 Ircu, Quakenet | 2 Ircu, Snircd | 2018-10-11 | 5.0 MEDIUM | N/A |
| The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command. | |||||
| CVE-2008-1546 | 1 Mitsubishi Electric | 1 Gb | 2018-10-11 | 7.8 HIGH | N/A |
| servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. | |||||
| CVE-2008-1387 | 1 Clam Anti-virus | 1 Clamav | 2018-10-11 | 4.3 MEDIUM | N/A |
| ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | |||||
| CVE-2008-1319 | 1 Versant | 1 Versant Object Database | 2018-10-11 | 9.3 HIGH | N/A |
| Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field. | |||||
| CVE-2008-1353 | 1 Zabbix | 1 Zabbix | 2018-10-11 | 4.3 MEDIUM | N/A |
| zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero. | |||||
| CVE-2008-1322 | 1 Asg-sentry | 1 Asg-sentry | 2018-10-11 | 7.8 HIGH | N/A |
| The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability. | |||||
| CVE-2008-1261 | 1 Zyxel | 1 P-2602hw-d1a | 2018-10-11 | 5.0 MEDIUM | N/A |
| The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI. | |||||
| CVE-2008-1256 | 1 Zyxel | 1 P-660hw | 2018-10-11 | 10.0 HIGH | N/A |
| The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access. | |||||
| CVE-2008-1240 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-11 | 5.0 MEDIUM | N/A |
| LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195. | |||||
| CVE-2008-1070 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | |||||
| CVE-2008-1072 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.7 MEDIUM | N/A |
| The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. | |||||
| CVE-2008-1079 | 1 Beehive Software | 1 Sendfile.net | 2018-10-11 | 7.5 HIGH | N/A |
| The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges. | |||||
| CVE-2011-4061 | 1 Ibm | 2 Db2, Tivoli Monitoring For Databases | 2018-10-11 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header. | |||||
| CVE-2011-0276 | 1 Hp | 1 Openview Performance Insight | 2018-10-10 | 10.0 HIGH | N/A |
| HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class. | |||||