Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5657 | 1 Tibco | 4 Ems Server, Enterprise Message Service, Rtworks and 1 more | 2017-07-29 | 10.0 HIGH | N/A |
| TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets. | |||||
| CVE-2007-5658 | 1 Tibco | 3 Enterprise Message Service, Rtworks, Smartsockets Rtserver | 2017-07-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow. | |||||
| CVE-2007-5711 | 1 Massive Entertainment | 1 World In Conflict | 2017-07-29 | 5.0 MEDIUM | N/A |
| Massive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000. | |||||
| CVE-2007-5762 | 1 Novell | 1 Netware Client | 2017-07-29 | 7.2 HIGH | N/A |
| NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. | |||||
| CVE-2007-5893 | 1 Alhem | 1 C\+\+ Sockets Library | 2017-07-29 | 5.0 MEDIUM | N/A |
| HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party information. | |||||
| CVE-2007-5926 | 1 Openbase International Ltd | 1 Openbase | 2017-07-29 | 9.0 HIGH | N/A |
| OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures. | |||||
| CVE-2007-3912 | 1 Debian | 1 Debian-goodies | 2017-07-29 | 7.2 HIGH | N/A |
| checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process. | |||||
| CVE-2007-3913 | 1 Gforge | 1 Gforge | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-3654 | 1 Netbsd | 1 Netbsd | 2017-07-29 | 2.1 LOW | N/A |
| The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function. | |||||
| CVE-2007-4459 | 1 Cisco | 2 Voip Phone Cp-7940, Voip Phone Cp-7960 | 2017-07-29 | 7.1 HIGH | N/A |
| Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. | |||||
| CVE-2007-4391 | 1 Yahoo | 1 Messenger | 2017-07-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted. | |||||
| CVE-2007-4221 | 1 Motorola | 1 Timbuktu | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name. | |||||
| CVE-2007-3753 | 1 Apple | 1 Iphone | 2017-07-29 | 7.5 HIGH | N/A |
| Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation. | |||||
| CVE-2007-3755 | 1 Apple | 1 Iphone | 2017-07-29 | 4.3 MEDIUM | N/A |
| Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. | |||||
| CVE-2007-3757 | 1 Apple | 2 Iphone, Safari | 2017-07-29 | 4.3 MEDIUM | N/A |
| Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. | |||||
| CVE-2007-2408 | 1 Apple | 1 Safari | 2017-07-29 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | |||||
| CVE-2007-1803 | 1 Maildwarf | 1 Maildwarf | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses. | |||||
| CVE-2007-2322 | 1 Nero | 2 Mediahome, Mediahome Ce | 2017-07-29 | 7.8 HIGH | N/A |
| NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1666 | 1 Datarescue | 1 Ida Pro | 2017-07-29 | 10.0 HIGH | N/A |
| The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions. | |||||
| CVE-2007-1097 | 1 Wiclear | 1 Wiclear | 2017-07-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information. | |||||
| CVE-2003-1416 | 1 Bisonftp | 1 Bisonftp Server 4 | 2017-07-29 | 4.3 MEDIUM | N/A |
| BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command. | |||||
| CVE-2002-2237 | 1 Tftp | 1 Tftp Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a denial of service via a GET request with a DOS device name such as com1 or aux. | |||||
| CVE-2003-1402 | 1 Kietu | 1 Kietu | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. | |||||
| CVE-2003-1403 | 1 Dotbr | 1 Botbr | 2017-07-29 | 7.5 HIGH | N/A |
| foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | |||||
| CVE-2003-1405 | 1 Dotbr | 1 Botbr | 2017-07-29 | 7.5 HIGH | N/A |
| DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. | |||||
| CVE-2006-6241 | 1 Telnet Ftp Server | 1 Telnet Ftp Server | 2017-07-29 | 4.0 MEDIUM | N/A |
| Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to cause a denial of service (crash) via consecutive RETR commands. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2003-1471 | 1 Alt-n | 1 Mdaemon | 2017-07-29 | 6.3 MEDIUM | N/A |
| MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number. | |||||
| CVE-2003-1364 | 1 Aprelium Technologies | 1 Abyss Web Server | 2017-07-29 | 8.5 HIGH | N/A |
| Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields. | |||||
| CVE-2003-1463 | 2 Alt-n, Microsoft | 2 Webadmin, All Windows | 2017-07-29 | 3.5 LOW | N/A |
| Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. | |||||
| CVE-2002-2239 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Ios | 2017-07-29 | 7.8 HIGH | N/A |
| The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet. | |||||
| CVE-2003-1456 | 4 Linux, Microsoft, Mike Bobbitt and 1 more | 4 Linux Kernel, All Windows, Album.pl and 1 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors. | |||||
| CVE-2007-0103 | 1 Adobe | 1 Acrobat Reader | 2017-07-29 | 6.8 MEDIUM | N/A |
| The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | |||||
| CVE-2001-1584 | 1 Michael Barretto | 1 Cardboard | 2017-07-29 | 7.5 HIGH | N/A |
| CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field. | |||||
| CVE-2007-0102 | 1 Apple | 1 Preview | 2017-07-29 | 6.8 MEDIUM | N/A |
| The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | |||||
| CVE-2003-1450 | 1 Bitchx | 1 Bitchx | 2017-07-29 | 5.0 MEDIUM | N/A |
| BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message. | |||||
| CVE-2003-1490 | 1 Sonicwall | 3 Pro100, Pro200, Pro300 | 2017-07-29 | 7.8 HIGH | N/A |
| SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | |||||
| CVE-2003-1350 | 1 List Site Pro | 1 List Site Pro | 2017-07-29 | 4.3 MEDIUM | N/A |
| List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field. | |||||
| CVE-2003-1444 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2017-07-29 | 4.4 MEDIUM | N/A |
| Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname. | |||||
| CVE-2003-1443 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2017-07-29 | 4.4 MEDIUM | N/A |
| Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com. | |||||
| CVE-2006-6581 | 1 Vernet Loic | 1 Php Debug | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter. | |||||
| CVE-2006-7171 | 1 Koan Software | 1 Mega Mall | 2017-07-29 | 5.0 MEDIUM | N/A |
| product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter. | |||||
| CVE-2003-1441 | 1 Posadis | 1 Posadis | 2017-07-29 | 4.3 MEDIUM | N/A |
| Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference. | |||||
| CVE-2006-7113 | 1 Planerd.net | 1 P-news | 2017-07-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2003-1440 | 1 Burton Computer Corporation | 1 Spamprobe | 2017-07-29 | 4.3 MEDIUM | N/A |
| SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions. | |||||
| CVE-2003-1365 | 1 Perl | 1 Cgi Lite | 2017-07-29 | 5.0 MEDIUM | N/A |
| The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. | |||||
| CVE-2003-1419 | 1 Netscape | 1 Navigator | 2017-07-29 | 4.3 MEDIUM | N/A |
| Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | |||||
| CVE-2003-1488 | 1 Truelogik | 1 Truegalerie | 2017-07-29 | 6.4 MEDIUM | N/A |
| The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1. | |||||
| CVE-2003-1425 | 1 Cpanel | 1 Cpanel | 2017-07-29 | 10.0 HIGH | N/A |
| guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter. | |||||
| CVE-2003-1487 | 1 Phorum | 1 Phorum | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program. | |||||
| CVE-2017-11555 | 1 Libsass | 1 Libsass | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | |||||