Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0478 | 1 Squid | 1 Squid | 2018-10-11 | 5.0 MEDIUM | N/A |
| Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. | |||||
| CVE-2009-0311 | 1 Emc | 1 Autostart | 2018-10-11 | 10.0 HIGH | N/A |
| The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. | |||||
| CVE-2009-0164 | 1 Apple | 1 Cups | 2018-10-11 | 6.4 MEDIUM | N/A |
| The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. | |||||
| CVE-2009-0050 | 1 Entrouvert | 1 Lasso | 2018-10-11 | 4.3 MEDIUM | N/A |
| Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0120 | 1 Ibm | 1 Websphere Datapower Xml Security Gateway Xs40 | 2018-10-11 | 7.8 HIGH | N/A |
| The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. | |||||
| CVE-2008-7185 | 1 Gnome | 1 Rhythmbox | 2018-10-11 | 4.3 MEDIUM | N/A |
| GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c. | |||||
| CVE-2008-7215 | 2 Brilaps, Mambo-foundation | 2 Mostlyce, Mambo | 2018-10-11 | 5.8 MEDIUM | N/A |
| The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails. | |||||
| CVE-2008-7029 | 1 Alilg | 1 Aliboard | 2018-10-11 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in uploads/avatars/. | |||||
| CVE-2009-0016 | 2 Apple, Microsoft | 2 Itunes, Windows | 2018-10-11 | 5.0 MEDIUM | N/A |
| Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | |||||
| CVE-2008-7269 | 1 Boka | 1 Siteengine | 2018-10-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. | |||||
| CVE-2008-7257 | 1 Cisco | 1 Asa 5580 | 2018-10-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. | |||||
| CVE-2008-6793 | 1 Dflabs | 1 Ptk | 2018-10-11 | 6.8 MEDIUM | N/A |
| The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. | |||||
| CVE-2008-6528 | 1 Tmaxsoft | 1 Jeus | 2018-10-11 | 5.0 MEDIUM | N/A |
| NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream. | |||||
| CVE-2008-6497 | 1 Tp | 1 Neostrada Livebox Adsl Router | 2018-10-11 | 7.8 HIGH | N/A |
| The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI. | |||||
| CVE-2008-6555 | 1 Puppetmaster | 1 Webutil | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command. | |||||
| CVE-2008-6702 | 1 Stalker-game | 1 S.t.a.l.k.e.r.\ | 2018-10-11 | 5.0 MEDIUM | N/A |
| S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception. | |||||
| CVE-2008-6557 | 1 Puppetmaster | 1 Webutil | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command. | |||||
| CVE-2008-6948 | 1 Collabtive | 1 Collabtive | 2018-10-11 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature. | |||||
| CVE-2008-6511 | 1 Igniterealtime | 1 Openfire | 2018-10-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | |||||
| CVE-2008-6556 | 1 Puppet Master | 1 Webutil | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command. | |||||
| CVE-2008-5715 | 2 Microsoft, Mozilla | 2 Windows Vista, Firefox | 2018-10-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms. | |||||
| CVE-2008-5887 | 1 Tincan | 1 Phplist | 2018-10-11 | 5.0 MEDIUM | N/A |
| phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." | |||||
| CVE-2008-5870 | 1 Faststone | 1 Image Viewer | 2018-10-11 | 4.3 MEDIUM | N/A |
| FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942. | |||||
| CVE-2008-5810 | 1 Fujitsu-siemens | 1 Webtransactions | 2018-10-11 | 10.0 HIGH | N/A |
| WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs. | |||||
| CVE-2008-5693 | 1 Ipswitch | 1 Ws Ftp | 2018-10-11 | 5.0 MEDIUM | N/A |
| Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | |||||
| CVE-2008-5674 | 1 Darkwet | 1 Webcam Xp | 2018-10-11 | 9.4 HIGH | N/A |
| Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component. | |||||
| CVE-2008-5669 | 1 Textpattern | 1 Textpattern | 2018-10-11 | 5.0 MEDIUM | N/A |
| index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter. | |||||
| CVE-2008-5581 | 1 Mini-pub | 1 Mini-pub | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter. | |||||
| CVE-2008-5580 | 1 Mini-pub | 1 Mini-pub | 2018-10-11 | 7.5 HIGH | N/A |
| mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument. | |||||
| CVE-2008-5548 | 2 Microsoft, Virusbuster | 2 Internet Explorer, Virusbuster | 2018-10-11 | 9.3 HIGH | N/A |
| VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5547 | 1 Hauri | 1 Virobot | 2018-10-11 | 9.3 HIGH | N/A |
| HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5546 | 2 Microsoft, Virusblokada | 2 Internet Explorer, Vba32 Antivirus | 2018-10-11 | 9.3 HIGH | N/A |
| VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5545 | 2 Microsoft, Trend Micro | 2 Internet Explorer, Trend Micro Antivirus | 2018-10-11 | 9.3 HIGH | N/A |
| Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5544 | 2 Hacksoft, Microsoft | 2 The Hacker, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5543 | 2 Microsoft, Symantec | 2 Internet Explorer, Antivirus | 2018-10-11 | 9.3 HIGH | N/A |
| Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5535 | 2 Microsoft, Norman | 2 Internet Explorer, Norman Antivirus \& Antispyware | 2018-10-11 | 9.3 HIGH | N/A |
| Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5526 | 2 Drweb, Microsoft | 2 Anti-virus, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5525 | 2 Clamav, Microsoft | 2 Clamav, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5523 | 2 Avast, Microsoft | 2 Avast Antivirus, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5531 | 2 Fortinet, Microsoft | 2 Fortiguard Antivirus, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5524 | 2 Microsoft, Quickheal | 2 Internet Explorer, Cat Quickheal | 2018-10-11 | 9.3 HIGH | N/A |
| CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5530 | 3 Avg, Ewido, Microsoft | 3 Ewido Security Suite, Ewido Security Suite, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5528 | 2 Aladdin, Microsoft | 2 Esafe, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5527 | 2 Eset, Microsoft | 2 Smart Security, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5536 | 2 Microsoft, Pandasecurity | 2 Internet Explorer, Panda Antivirus | 2018-10-11 | 9.3 HIGH | N/A |
| Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5537 | 2 Microsoft, Pctools | 2 Internet Explorer, Pctools Antivirus | 2018-10-11 | 9.3 HIGH | N/A |
| PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5542 | 2 Microsoft, Sunbeltsoftware | 2 Internet Explorer, Vipre | 2018-10-11 | 9.3 HIGH | N/A |
| Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5534 | 2 Eset, Microsoft | 2 Nod32 Antivirus, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5431 | 1 5e5 | 1 Teamtek Universal Ftp Server | 2018-10-11 | 5.0 MEDIUM | N/A |
| Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command. | |||||
| CVE-2008-5533 | 2 K7computing, Microsoft | 2 Antivirus, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||