Total
10018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0010 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
| The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations. | |||||
| CVE-2006-7113 | 1 Planerd.net | 1 P-news | 2024-02-04 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1280 | 1 Acronis | 2 True Image, True Image Windows Agent | 2024-02-04 | 5.0 MEDIUM | N/A |
| Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. | |||||
| CVE-2007-5253 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2024-02-04 | 5.0 MEDIUM | N/A |
| c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might be a directory traversal vulnerability. | |||||
| CVE-2007-0213 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 10.0 HIGH | N/A |
| Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. | |||||
| CVE-2007-4755 | 1 Cor Entertainment | 1 Alien Arena 2007 | 2024-02-04 | 5.0 MEDIUM | N/A |
| Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries. | |||||
| CVE-2007-1476 | 1 Symantec | 6 Client Security, Norton Antispam, Norton Antivirus and 3 more | 2024-02-04 | 1.9 LOW | N/A |
| The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855. | |||||
| CVE-2007-5569 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Pix 500 | 2024-02-04 | 7.1 HIGH | N/A |
| Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120. | |||||
| CVE-2007-5570 | 1 Cisco | 1 Firewall Services Module | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844. | |||||
| CVE-2007-6326 | 1 Sergey Lyubka | 1 Simple Httpd | 2024-02-04 | 5.0 MEDIUM | N/A |
| Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. | |||||
| CVE-2007-0522 | 1 Motorola | 1 Motorazr | 2024-02-04 | 3.3 LOW | N/A |
| The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||||
| CVE-2007-6017 | 1 Symantec | 1 Backup Exec For Windows Server | 2024-02-04 | 5.1 MEDIUM | N/A |
| The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. | |||||
| CVE-2008-1114 | 1 Vocera | 1 Wireless Handset | 2024-02-04 | 4.3 MEDIUM | N/A |
| Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2007-5231 | 1 Zomplog | 1 Zomplog | 2024-02-04 | 4.6 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2007-5230. | |||||
| CVE-2007-6062 | 1 Ngircd | 1 Ngircd | 2024-02-04 | 5.0 MEDIUM | N/A |
| irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. | |||||
| CVE-2007-1257 | 1 Cisco | 10 Catalyst 6000 Ws-svc-nam-1, Catalyst 6000 Ws-svc-nam-2, Catalyst 6000 Ws-x6380-nam and 7 more | 2024-02-04 | 10.0 HIGH | N/A |
| The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. | |||||
| CVE-2006-6852 | 1 Tdiary | 1 Tdiary | 2024-02-04 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5738 | 1 Ghlab | 1 Korean Ghboard | 2024-02-04 | 6.8 MEDIUM | N/A |
| The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html. | |||||
| CVE-2008-0932 | 3 Debian, Redhat, The Sword Project | 4 Debian Linux, Fedora, Diatheke Front End and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
| diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. | |||||
| CVE-2007-4932 | 1 Shop-script | 1 Shop-script | 2024-02-04 | 7.5 HIGH | N/A |
| admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel. | |||||