Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6587 | 1 Plogger | 1 Plogger | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6588 | 1 Phpcredo | 1 Phcdownload | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6613 | 1 Gnu | 1 Libcdio | 2017-08-08 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name. | |||||
| CVE-2007-6625 | 1 Novell | 1 Identity Manager | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. | |||||
| CVE-2007-6636 | 1 Bitflu | 1 Bitflu | 2017-08-08 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file. | |||||
| CVE-2007-6640 | 1 Sourceforge | 2 Creammonkey, Greasekit | 2017-08-08 | 6.4 MEDIUM | N/A |
| Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured. | |||||
| CVE-2007-6669 | 1 Phpcredo | 1 Phcdownload | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter. | |||||
| CVE-2007-6673 | 1 Makale Scripti | 1 Makale Scripti | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action. | |||||
| CVE-2007-6674 | 1 Rapidshare | 1 Database | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter. | |||||
| CVE-2007-6688 | 1 Menalto | 1 Gallery | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." | |||||
| CVE-2007-6695 | 1 Drake Team | 1 Drake Cms | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter. | |||||
| CVE-2007-6701 | 2 Microsoft, Novell | 2 Windows, Client | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. | |||||
| CVE-2007-6703 | 1 Synce | 1 Vdccm | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2007-6711 | 1 Freewebshop | 1 Freewebshop | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors. | |||||
| CVE-2007-6713 | 1 Flip4mac | 1 Flip4mac Wmv | 2017-08-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown impact and attack vectors related to malformed WMV files. | |||||
| CVE-2007-6714 | 1 Dbmail | 1 Dbmail | 2017-08-08 | 6.8 MEDIUM | N/A |
| DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication. | |||||
| CVE-2008-0012 | 1 Trend Micro | 1 Serverprotect | 2017-08-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014. | |||||
| CVE-2008-0013 | 1 Trend Micro | 1 Serverprotect | 2017-08-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014. | |||||
| CVE-2008-0014 | 1 Trend Micro | 1 Serverprotect | 2017-08-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013. | |||||
| CVE-2008-0026 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2017-08-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | |||||
| CVE-2008-0029 | 1 Cisco | 5 Application Velocity System, Application Velocity System 3110, Application Velocity System 3120 and 2 more | 2017-08-08 | 10.0 HIGH | N/A |
| Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. | |||||
| CVE-2008-0031 | 1 Apple | 1 Quicktime | 2017-08-08 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. | |||||
| CVE-2008-0032 | 1 Apple | 1 Quicktime | 2017-08-08 | 5.8 MEDIUM | N/A |
| Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. | |||||
| CVE-2008-0034 | 1 Apple | 1 Iphone | 2017-08-08 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. | |||||
| CVE-2008-0035 | 1 Apple | 4 Iphone, Ipod Touch, Mac Os X and 1 more | 2017-08-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. | |||||
| CVE-2008-0036 | 1 Apple | 1 Quicktime | 2017-08-08 | 6.8 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. | |||||
| CVE-2008-0044 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.8 MEDIUM | N/A |
| Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. | |||||
| CVE-2008-0045 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | |||||
| CVE-2008-0046 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2008-0048 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. | |||||
| CVE-2008-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 1.9 LOW | N/A |
| AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | |||||
| CVE-2008-0050 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | |||||
| CVE-2008-0051 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.9 MEDIUM | N/A |
| Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | |||||
| CVE-2008-0052 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | |||||
| CVE-2008-0054 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.4 MEDIUM | N/A |
| Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | |||||
| CVE-2008-0055 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.2 HIGH | N/A |
| Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | |||||
| CVE-2008-0056 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. | |||||
| CVE-2008-0057 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. | |||||
| CVE-2008-0058 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.8 MEDIUM | N/A |
| Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | |||||
| CVE-2008-0059 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.8 MEDIUM | N/A |
| Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | |||||
| CVE-2008-0060 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | |||||
| CVE-2008-0065 | 1 Winamp | 1 Nullsoft Winamp | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles. | |||||
| CVE-2008-0070 | 1 Orb Networks | 1 Orb | 2017-08-08 | 4.6 MEDIUM | N/A |
| Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-0073 | 2 Redhat, Xine | 2 Fedora, Xine-lib | 2017-08-08 | 6.8 MEDIUM | N/A |
| Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. | |||||
| CVE-2008-0093 | 1 Eticket | 1 Eticket | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters. | |||||
| CVE-2008-0124 | 1 S9y | 1 Serendipity | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. | |||||
| CVE-2008-0130 | 1 Instantsoftwares | 1 Dating Site | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0132 | 1 Pragma Systems | 1 Fortressssh | 2017-08-08 | 5.0 MEDIUM | N/A |
| Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username. | |||||
| CVE-2008-0145 | 1 Php | 1 Php | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. | |||||
| CVE-2008-0153 | 1 Pragma Systems | 1 Pragma Telnetserver | 2017-08-08 | 5.0 MEDIUM | N/A |
| telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference. | |||||