Total
10018 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2392 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 9.0 HIGH | N/A |
Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard. | |||||
CVE-2009-3802 | 1 Amirocms | 1 Amiro.cms | 2024-02-04 | 5.0 MEDIUM | N/A |
Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message. | |||||
CVE-2008-3444 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | N/A |
The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags." | |||||
CVE-2008-4340 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | N/A |
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. | |||||
CVE-2009-0083 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-04 | 7.2 HIGH | N/A |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." | |||||
CVE-2008-6123 | 1 Net-snmp | 2 Net-snmp, Net Snmp | 2024-02-04 | 5.0 MEDIUM | N/A |
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | |||||
CVE-2009-2715 | 1 Sun | 1 Virtualbox | 2024-02-04 | 4.9 MEDIUM | N/A |
Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction. | |||||
CVE-2008-7112 | 1 Kyoceramita | 1 Scanner File Utility | 2024-02-04 | 5.0 MEDIUM | N/A |
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to cause a denial of service (hang or crash) via invalid field length values in a malformed (1) document or (2) request. | |||||
CVE-2009-3115 | 1 Solarwinds | 1 Tftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-4493 | 1 Microsoft | 1 Digital Image | 2024-02-04 | 6.8 MEDIUM | N/A |
Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. | |||||
CVE-2008-2711 | 1 Fetchmail | 1 Fetchmail | 2024-02-04 | 4.3 MEDIUM | N/A |
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages. | |||||
CVE-2008-5537 | 2 Microsoft, Pctools | 2 Internet Explorer, Pctools Antivirus | 2024-02-04 | 9.3 HIGH | N/A |
PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2009-1348 | 1 Mcafee | 13 Active Virus Defense, Active Virusscan, Email Gateway and 10 more | 2024-02-04 | 7.6 HIGH | N/A |
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. | |||||
CVE-2008-2704 | 1 Novell | 1 Groupwise Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
CVE-2008-5002 | 1 Chilkat Software | 1 Chilkat Crypt Activex Control | 2024-02-04 | 9.3 HIGH | N/A |
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2957 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 6.4 MEDIUM | N/A |
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | |||||
CVE-2009-2654 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.8 MEDIUM | N/A |
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. | |||||
CVE-2008-6084 | 1 .matteoiammarrone | 1 Iamma Simple Gallery | 2024-02-04 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. | |||||
CVE-2009-0793 | 2 Littlecms, Sun | 2 Lcms, Openjdk | 2024-02-04 | 4.3 MEDIUM | N/A |
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." | |||||
CVE-2009-2320 | 1 Axesstel | 1 Mv 410r | 2024-02-04 | 7.5 HIGH | N/A |
The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript. |