Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2988 | 1 Benjacms | 1 Benja Cms | 2018-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/. | |||||
| CVE-2008-2933 | 1 Mozilla | 1 Firefox | 2018-10-11 | 2.6 LOW | N/A |
| Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. | |||||
| CVE-2008-2955 | 1 Pidgin | 1 Pidgin | 2018-10-11 | 4.3 MEDIUM | N/A |
| Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. | |||||
| CVE-2008-2970 | 1 Yektaweb | 1 Academic Web Tools | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/. | |||||
| CVE-2008-2806 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 7.5 HIGH | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. | |||||
| CVE-2008-2809 | 2 Mozilla, Netscape | 4 Firefox, Geckb, Seamonkey and 1 more | 2018-10-11 | 4.0 MEDIUM | N/A |
| Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | |||||
| CVE-2008-2805 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range. | |||||
| CVE-2008-2704 | 1 Novell | 1 Groupwise Messenger | 2018-10-11 | 5.0 MEDIUM | N/A |
| Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2008-2748 | 1 Skulltag Team | 1 Skulltag | 2018-10-11 | 5.0 MEDIUM | N/A |
| Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times." | |||||
| CVE-2008-2636 | 1 Cisco | 1 Linksys Wrh54g Router | 2018-10-11 | 7.8 HIGH | N/A |
| The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence. | |||||
| CVE-2008-2391 | 1 Codeplex | 1 Subsonic | 2018-10-11 | 7.8 HIGH | N/A |
| SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1. | |||||
| CVE-2008-2574 | 1 Flashblog | 1 Flashblog | 2018-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/. | |||||
| CVE-2008-2106 | 1 Activision | 1 Call Of Duty 4 | 2018-10-11 | 6.8 MEDIUM | N/A |
| Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value. | |||||
| CVE-2008-2119 | 1 Asterisk | 2 Asterisk Business Edition, Open Source | 2018-10-11 | 4.3 MEDIUM | N/A |
| Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer. | |||||
| CVE-2008-2110 | 1 Qto | 1 Qtofilemanager | 2018-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request. | |||||
| CVE-2008-2006 | 1 Apple | 2 Ical, Mac Os X | 2018-10-11 | 4.3 MEDIUM | N/A |
| Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. | |||||
| CVE-2008-1898 | 1 Microsoft | 2 Office, Works | 2018-10-11 | 9.3 HIGH | N/A |
| A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. | |||||
| CVE-2008-1702 | 1 E107 | 2 E107, My Gallery | 2018-10-11 | 4.3 MEDIUM | N/A |
| Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1737 | 1 Sophos | 1 Anti-virus | 2018-10-11 | 6.9 MEDIUM | N/A |
| Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function. | |||||
| CVE-2008-1738 | 1 Rising-global | 1 Rising Antivirus | 2018-10-11 | 2.1 LOW | N/A |
| Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. | |||||
| CVE-2008-1585 | 1 Apple | 1 Quicktime | 2018-10-11 | 6.8 MEDIUM | N/A |
| Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. | |||||
| CVE-2008-1492 | 1 Coronamatrix | 1 Phpaddressbook | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0. | |||||
| CVE-2008-1562 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. | |||||
| CVE-2008-1478 | 1 Ari Pikivirta | 1 Home Ftp Server | 2018-10-11 | 5.0 MEDIUM | N/A |
| Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1411 | 1 Acronis | 1 Snap Deploy | 2018-10-11 | 5.0 MEDIUM | N/A |
| The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference. | |||||
| CVE-2008-1278 | 1 Remotelyanywhere | 1 Remotelyanywhere | 2018-10-11 | 5.0 MEDIUM | N/A |
| The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, which triggers a NULL pointer dereference. NOTE: the service is automatically restarted. | |||||
| CVE-2008-1245 | 1 Belkin | 1 F5d7230-4 | 2018-10-11 | 7.8 HIGH | N/A |
| cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header. | |||||
| CVE-2008-1303 | 1 Perforce | 1 Perforce Server | 2018-10-11 | 5.0 MEDIUM | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference. | |||||
| CVE-2008-1280 | 1 Acronis | 2 True Image, True Image Windows Agent | 2018-10-11 | 5.0 MEDIUM | N/A |
| Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. | |||||
| CVE-2008-1337 | 1 Netopia | 1 Timbuktu Pro | 2018-10-11 | 5.0 MEDIUM | N/A |
| The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message. | |||||
| CVE-2008-1249 | 1 Snom | 1 320 Sip Phone | 2018-10-11 | 9.4 HIGH | N/A |
| snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Call a number" field. | |||||
| CVE-2008-1265 | 1 Linksys | 1 Wrt54g | 2018-10-11 | 7.8 HIGH | N/A |
| The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. | |||||
| CVE-2008-1279 | 1 Acronis | 1 True Image | 2018-10-11 | 5.0 MEDIUM | N/A |
| Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. | |||||
| CVE-2008-1277 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2018-10-11 | 9.0 HIGH | N/A |
| The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference. | |||||
| CVE-2008-1311 | 1 Packettrap | 1 Pt360 Tool Suite Pro | 2018-10-11 | 5.0 MEDIUM | N/A |
| The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312. | |||||
| CVE-2008-1197 | 2 Marvell, Netgear | 2 88w8361w-bem1, Wn802t | 2018-10-11 | 6.3 MEDIUM | N/A |
| The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID." | |||||
| CVE-2008-1216 | 1 Ibm | 1 Lotus Quickr Server | 2018-10-11 | 6.8 MEDIUM | N/A |
| IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element. | |||||
| CVE-2008-1136 | 1 Synce | 1 Synce | 2018-10-11 | 9.3 HIGH | N/A |
| The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679. | |||||
| CVE-2008-1144 | 2 Marvell, Netgear | 2 88w8361w-bem1, Wn802t | 2018-10-11 | 6.3 MEDIUM | N/A |
| The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length." | |||||
| CVE-2008-1118 | 1 Netopia | 1 Timbuktu Pro | 2018-10-11 | 7.5 HIGH | N/A |
| Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. | |||||
| CVE-2017-16790 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2018-10-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a "FileType" is sent as normal POST data that could be interpreted as a local file path on the server-side (for example, "file:///etc/passwd"). If the application did not perform any additional checks about the value submitted to the "FileType", the contents of the given file on the server could have been exposed to the attacker. | |||||
| CVE-2011-0018 | 1 Openvas | 1 Openvas Manager | 2018-10-10 | 9.0 HIGH | N/A |
| The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA). | |||||
| CVE-2011-0228 | 1 Apple | 1 Iphone Os | 2018-10-10 | 7.5 HIGH | N/A |
| The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. | |||||
| CVE-2010-4900 | 1 Webmanager-pro | 1 Cms Webmanager-pro | 2018-10-10 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2010-4297 | 1 Vmware | 6 Esx, Esxi, Fusion and 3 more | 2018-10-10 | 7.2 HIGH | N/A |
| The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. | |||||
| CVE-2010-4247 | 2 Citrix, Linux | 2 Xen, Linux Kernel | 2018-10-10 | 5.5 MEDIUM | N/A |
| The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3762 | 1 Isc | 1 Bind | 2018-10-10 | 4.3 MEDIUM | N/A |
| ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query. | |||||
| CVE-2010-3756 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2018-10-10 | 5.0 MEDIUM | N/A |
| The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. NOTE: this might overlap CVE-2010-3060. | |||||
| CVE-2010-3614 | 1 Isc | 1 Bind | 2018-10-10 | 6.4 MEDIUM | N/A |
| named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. | |||||
| CVE-2010-3272 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2018-10-10 | 4.3 MEDIUM | N/A |
| accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. | |||||