Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3530 | 1 Freebsd | 1 Freebsd | 2017-08-08 | 7.1 HIGH | N/A |
| sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message. | |||||
| CVE-2008-1605 | 1 Leadtools | 1 Multimedia Toolkit | 2017-08-08 | 6.8 MEDIUM | N/A |
| The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method. | |||||
| CVE-2008-1835 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 5.0 MEDIUM | N/A |
| ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar. | |||||
| CVE-2008-1905 | 1 Nero | 2 Mediahome, Nero | 2017-08-08 | 5.0 MEDIUM | N/A |
| NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322. | |||||
| CVE-2008-1568 | 1 Comix | 1 Comix | 2017-08-08 | 7.5 HIGH | N/A |
| comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs. | |||||
| CVE-2008-1942 | 1 Foxit Software | 1 Reader | 2017-08-08 | 6.8 MEDIUM | N/A |
| Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186. | |||||
| CVE-2008-2032 | 1 Acritum | 1 Femitter Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1988 | 1 Encaps | 1 Encapsgallery | 2017-08-08 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file in the rwx_gallery directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1588 | 1 Apple | 3 Iphone, Ipod Touch, Safari | 2017-08-08 | 4.3 MEDIUM | N/A |
| Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. | |||||
| CVE-2008-1517 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.2 HIGH | N/A |
| Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues. | |||||
| CVE-2008-1734 | 1 Gentoo | 2 Linux, Php Toolkit | 2017-08-08 | 3.6 LOW | N/A |
| Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server. | |||||
| CVE-2008-1691 | 1 Seattle Lab Software | 1 Slmail Pro | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2157 | 1 Emc Corporation | 1 Alphastor | 2017-08-08 | 10.0 HIGH | N/A |
| robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500. | |||||
| CVE-2008-1532 | 1 Perlbal | 1 Perlbal | 2017-08-08 | 5.0 MEDIUM | N/A |
| Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload. | |||||
| CVE-2008-1626 | 1 Eggblog | 1 Eggblog | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159. | |||||
| CVE-2008-1740 | 1 Cisco | 1 Unified Presence | 2017-08-08 | 7.8 HIGH | N/A |
| The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972. | |||||
| CVE-2008-1412 | 1 F-secure | 12 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus For Linux and 9 more | 2017-08-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | |||||
| CVE-2008-1745 | 1 Cisco | 1 Unified Communications Manager | 2017-08-08 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115. | |||||
| CVE-2008-2134 | 1 Tru-zone | 1 Nukeet | 2017-08-08 | 6.8 MEDIUM | N/A |
| The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie. | |||||
| CVE-2008-2031 | 1 Vicftps | 1 Vicftps | 2017-08-08 | 5.0 MEDIUM | N/A |
| VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1741 | 1 Cisco | 1 Unified Presence | 2017-08-08 | 7.8 HIGH | N/A |
| The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533. | |||||
| CVE-2008-1589 | 1 Apple | 3 Iphone, Ipod Touch, Safari | 2017-08-08 | 4.3 MEDIUM | N/A |
| Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. | |||||
| CVE-2008-1744 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2017-08-08 | 7.8 HIGH | N/A |
| The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770. | |||||
| CVE-2008-1746 | 1 Cisco | 1 Unified Communications Manager | 2017-08-08 | 7.8 HIGH | N/A |
| The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113. | |||||
| CVE-2008-1648 | 1 Sympa | 1 Sympa | 2017-08-08 | 5.0 MEDIUM | N/A |
| Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1158 | 1 Cisco | 2 Unified Presence, Unified Presence Server | 2017-08-08 | 7.8 HIGH | N/A |
| The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164. | |||||
| CVE-2008-1012 | 1 Apple | 1 Apple Airport Extreme Base Station | 2017-08-08 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation." | |||||
| CVE-2008-0475 | 1 Manageengine | 1 Applications Manager | 2017-08-08 | 5.0 MEDIUM | N/A |
| ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6527 | 1 Rickard Andersson | 1 Punbb | 2017-08-08 | 5.8 MEDIUM | N/A |
| uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type. | |||||
| CVE-2007-6509 | 1 Appian | 1 Business Process Management Suite | 2017-08-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. | |||||
| CVE-2007-6299 | 1 Drupal | 1 Drupal | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | |||||
| CVE-2008-0999 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.1 HIGH | N/A |
| Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. | |||||
| CVE-2008-0331 | 1 Funkwerk | 2 System Software, X2300 | 2017-08-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests. | |||||
| CVE-2006-7235 | 1 5e5 | 1 Teamtek Universal Ftp Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1014 | 1 Apple | 1 Quicktime | 2017-08-08 | 4.3 MEDIUM | N/A |
| Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2008-0527 | 1 Cisco | 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone | 2017-08-08 | 7.8 HIGH | N/A |
| The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request. | |||||
| CVE-2008-0277 | 1 Drupal | 1 Fileshare Module | 2017-08-08 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors. | |||||
| CVE-2008-1028 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. | |||||
| CVE-2008-0264 | 1 Drupal | 1 Meta Tags Module | 2017-08-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node. | |||||
| CVE-2008-1030 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 10.0 HIGH | N/A |
| Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-0251 | 1 Photopost | 1 Photopost Vbgallery | 2017-08-08 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors. | |||||
| CVE-2008-0526 | 1 Cisco | 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone | 2017-08-08 | 7.8 HIGH | N/A |
| Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. | |||||
| CVE-2008-0534 | 2 Cisco, Icon-labs | 2 Service Control Engine, Iconfidant Ssh | 2017-08-08 | 7.8 HIGH | N/A |
| The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device restart or daemon outage) via a high rate of login attempts, aka Bug ID CSCsi68582. | |||||
| CVE-2008-1066 | 1 Smarty | 1 Smarty | 2017-08-08 | 7.5 HIGH | N/A |
| The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string. | |||||
| CVE-2008-1157 | 1 Cisco | 1 Ciscoworks Internetwork Performance Monitor | 2017-08-08 | 10.0 HIGH | N/A |
| Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2008-0054 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.4 MEDIUM | N/A |
| Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | |||||
| CVE-2017-11183 | 1 Glpi-project | 1 Glpi | 2017-08-07 | 5.5 MEDIUM | 4.9 MEDIUM |
| front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. | |||||
| CVE-2017-11393 | 1 Trendmicro | 1 Officescan | 2017-08-06 | 10.0 HIGH | 9.8 CRITICAL |
| Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543. | |||||
| CVE-2016-9717 | 1 Ibm | 1 Infosphere Master Data Management Server | 2017-08-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited. | |||||
| CVE-2017-1460 | 1 Ibm | 1 I | 2017-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379. | |||||