Search
Total
6314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4690 | 1 Lynx | 1 Lynx | 2017-09-29 | 10.0 HIGH | N/A |
| lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. | |||||
| CVE-2008-4592 | 1 Sportspanel | 1 Sports Clubs Web Portal | 2017-09-29 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. | |||||
| CVE-2008-4576 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.8 HIGH | N/A |
| sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. | |||||
| CVE-2008-4554 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.6 MEDIUM | N/A |
| The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. | |||||
| CVE-2008-4493 | 1 Microsoft | 1 Digital Image | 2017-09-29 | 6.8 MEDIUM | N/A |
| Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. | |||||
| CVE-2008-4416 | 1 Hp | 1 Hp-ux | 2017-09-29 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. | |||||
| CVE-2008-4323 | 1 Microsoft | 1 Windows Xp | 2017-09-29 | 4.3 MEDIUM | N/A |
| Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. | |||||
| CVE-2008-5684 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session). | |||||
| CVE-2008-4064 | 1 Mozilla | 1 Firefox | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. | |||||
| CVE-2008-4063 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. | |||||
| CVE-2008-3804 | 1 Cisco | 1 Ios | 2017-09-29 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used. | |||||
| CVE-2008-3816 | 1 Cisco | 2 Adaptive Security Appliance 5500 Series, Pix Security Appliance | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet. | |||||
| CVE-2008-3652 | 1 Ipsec-tools | 1 Ipsec-tools | 2017-09-29 | 7.8 HIGH | N/A |
| src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption). | |||||
| CVE-2008-3549 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors. | |||||
| CVE-2008-3156 | 1 Panda | 1 Panda Activescan | 2017-09-29 | 9.3 HIGH | N/A |
| The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. | |||||
| CVE-2008-2549 | 1 Adobe | 1 Acrobat Reader | 2017-09-29 | 4.3 MEDIUM | N/A |
| Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. | |||||
| CVE-2008-2595 | 1 Oracle | 2 Database 10g, Database 9i | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference. | |||||
| CVE-2008-2374 | 1 Bluez | 2 Bluez Libs, Bluez Utils | 2017-09-29 | 7.5 HIGH | N/A |
| src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read. | |||||
| CVE-2008-2090 | 1 Sun | 1 Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. | |||||
| CVE-2008-1664 | 1 Hp | 1 Hp-ux | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2008-1660 | 1 Hp | 1 Hp-ux | 2017-09-29 | 6.3 MEDIUM | N/A |
| Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors. | |||||
| CVE-2008-1659 | 1 Hp | 2 Hp-ux, Ldap-ux | 2017-09-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors. | |||||
| CVE-2008-1597 | 1 Ibm | 1 Aix | 2017-09-29 | 4.9 MEDIUM | N/A |
| The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior." | |||||
| CVE-2008-1275 | 1 Mailenable | 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard | 2017-09-29 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands. | |||||
| CVE-2008-1187 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. | |||||
| CVE-2008-1191 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue." | |||||
| CVE-2008-1159 | 1 Cisco | 3 Ios S, Ios T, Ios Xr | 2017-09-29 | 7.1 HIGH | N/A |
| Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293. | |||||
| CVE-2008-1115 | 1 Sun | 1 Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands. | |||||
| CVE-2008-0713 | 1 Hp | 1 Hp-ux | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors. | |||||
| CVE-2008-0242 | 1 Sun | 1 Solaris | 2017-09-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions. | |||||
| CVE-2007-6230 | 1 Rayzz | 1 Rayzz Script | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter. | |||||
| CVE-2007-6215 | 1 Web-meetme | 1 Web-meetme | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter. | |||||
| CVE-2007-6214 | 1 Learnloop | 1 Learnloop | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database. | |||||
| CVE-2007-6207 | 1 Xensource Inc | 1 Xen | 2017-09-29 | 2.1 LOW | N/A |
| Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. | |||||
| CVE-2007-6151 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.2 HIGH | N/A |
| The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow. | |||||
| CVE-2007-5946 | 1 Hp | 1 Hp-ux | 2017-09-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access. | |||||
| CVE-2007-5716 | 1 Sun | 1 Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet. | |||||
| CVE-2007-5651 | 1 Cisco | 2 Catos, Ios | 2017-09-29 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet. | |||||
| CVE-2007-5368 | 1 Sun | 1 Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors. | |||||
| CVE-2007-5118 | 1 Sun | 1 Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2007-5111 | 1 Eb Design Pty Ltd | 1 Ebcrypt | 2017-09-29 | 4.3 MEDIUM | N/A |
| A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allows remote attackers to cause a denial of service (crash) via a string argument to the AddString method. | |||||
| CVE-2007-4637 | 1 Xgb | 1 Xgb | 2017-09-29 | 6.4 MEDIUM | N/A |
| xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps. | |||||
| CVE-2007-4574 | 3 Amd, Intel, Redhat | 3 Amd64, Ia64, Enterprise Linux | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors. | |||||
| CVE-2007-4285 | 1 Cisco | 1 Ios | 2017-09-29 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header. | |||||
| CVE-2007-3922 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. | |||||
| CVE-2007-6552 | 1 Auracms | 1 Auracms | 2017-09-29 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request. | |||||
| CVE-2007-6419 | 1 Hp | 1 Hp-ux | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2015-2591 | 1 Oracle | 1 Peoplesoft Products | 2017-09-26 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise Portal - Interaction Hub component in Oracle PeopleSoft Products 9.1.00 allows remote authenticated users to affect integrity via unknown vectors related to Enterprise Portal. | |||||
| CVE-2015-0467 | 1 Oracle | 1 Peoplesoft Products | 2017-09-22 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Security. | |||||
| CVE-2015-0468 | 1 Oracle | 1 Database Server | 2017-09-22 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||