Total
10018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6541 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-04 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors. | |||||
| CVE-2008-3796 | 1 Swfdec | 1 Swfdec | 2024-02-04 | 5.0 MEDIUM | N/A |
| Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of service (application crash) via a 1x1 JPEG image. | |||||
| CVE-2008-6944 | 1 Scriptsfeed | 1 Auto Classifieds | 2024-02-04 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/. | |||||
| CVE-2009-1149 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters. | |||||
| CVE-2008-6948 | 1 Collabtive | 1 Collabtive | 2024-02-04 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature. | |||||
| CVE-2008-3230 | 1 Ffmpeg | 1 Lavf Demuxer | 2024-02-04 | 1.9 LOW | N/A |
| The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif. | |||||
| CVE-2008-6676 | 1 Quickersite | 1 Quickersite | 2024-02-04 | 5.0 MEDIUM | N/A |
| QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message. | |||||
| CVE-2009-3523 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2024-02-04 | 6.9 MEDIUM | N/A |
| aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625. | |||||
| CVE-2008-5533 | 2 K7computing, Microsoft | 2 Antivirus, Internet Explorer | 2024-02-04 | 9.3 HIGH | N/A |
| K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2009-0027 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-02-04 | 5.0 MEDIUM | N/A |
| The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. | |||||
| CVE-2008-3657 | 1 Ruby-lang | 1 Ruby | 2024-02-04 | 7.5 HIGH | N/A |
| The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen. | |||||
| CVE-2008-4505 | 1 Ibm | 1 Lotus Quickr | 2024-02-04 | 7.8 HIGH | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability. | |||||
| CVE-2008-1294 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
| Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. | |||||
| CVE-2008-3479 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." | |||||
| CVE-2008-1898 | 1 Microsoft | 2 Office, Works | 2024-02-04 | 9.3 HIGH | N/A |
| A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. | |||||
| CVE-2009-0681 | 1 Pgp | 1 Desktop | 2024-02-04 | 7.2 HIGH | N/A |
| PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys. | |||||
| CVE-2008-4618 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.8 HIGH | N/A |
| The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. | |||||
| CVE-2008-4767 | 2 Php-nuke, Phpnuke | 2 Downloadsplus Module, Php-nuke | 2024-02-04 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality. | |||||
| CVE-2008-5520 | 2 Ahnlab, Microsoft | 2 V3 Internet Security, Internet Explorer | 2024-02-04 | 9.3 HIGH | N/A |
| AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-1014 | 1 Apple | 1 Quicktime | 2024-02-04 | 4.3 MEDIUM | N/A |
| Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||||