Total
10022 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1030 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 10.0 HIGH | N/A |
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. | |||||
CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2024-02-04 | 10.0 HIGH | N/A |
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | |||||
CVE-2008-5663 | 1 Kusaba | 1 Kusaba | 2024-02-04 | 9.0 HIGH | N/A |
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory. | |||||
CVE-2008-1495 | 1 Peel | 1 Peel | 2024-02-04 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf. | |||||
CVE-2008-4041 | 1 Softalk Mail Server | 1 Softalk Mail Server | 2024-02-04 | 4.0 MEDIUM | N/A |
The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters. | |||||
CVE-2008-4930 | 1 Mybb | 1 Mybb | 2024-02-04 | 5.0 MEDIUM | N/A |
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks. | |||||
CVE-2008-3127 | 1 Hiox India | 1 Banner Rotator | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | |||||
CVE-2009-0748 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem. | |||||
CVE-2009-2852 | 2 Ryan.mcgeary, Wordpress | 2 Wp-syntax, Wordpress | 2024-02-04 | 6.8 MEDIUM | N/A |
WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function. | |||||
CVE-2008-4106 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 5.1 MEDIUM | N/A |
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107. | |||||
CVE-2009-3102 | 1 Zmanda | 1 Zrm For My Sql | 2024-02-04 | 10.0 HIGH | N/A |
The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable. | |||||
CVE-2008-6882 | 2 Joomla, Joompolitan | 2 Joomla, Com Livechat | 2024-02-04 | 7.5 HIGH | N/A |
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. | |||||
CVE-2008-3337 | 1 Powerdns | 2 Authoritative Server, Powerdns | 2024-02-04 | 6.4 MEDIUM | N/A |
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217. | |||||
CVE-2008-2372 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages." | |||||
CVE-2008-6528 | 1 Tmaxsoft | 1 Jeus | 2024-02-04 | 5.0 MEDIUM | N/A |
NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream. | |||||
CVE-2009-0790 | 2 Strongswan, Xelerance | 2 Strongswan, Openswan | 2024-02-04 | 5.0 MEDIUM | N/A |
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. | |||||
CVE-2008-6751 | 1 Revou | 2 Revou, Tclone | 2024-02-04 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in settings/my_photo. | |||||
CVE-2008-5431 | 1 5e5 | 1 Teamtek Universal Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command. | |||||
CVE-2009-3753 | 1 Opial | 1 Opial | 2024-02-04 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php. | |||||
CVE-2008-3904 | 1 Lxde | 2 Gpicview, Lightweight X11 Desktop Environment | 2024-02-04 | 7.5 HIGH | N/A |
src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. |