Total
10073 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5762 | 1 Novell | 1 Netware Client | 2024-02-04 | 7.2 HIGH | N/A |
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. | |||||
CVE-2007-1478 | 1 Mcgallery | 1 Mcgallery | 2024-02-04 | 5.0 MEDIUM | N/A |
download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter. | |||||
CVE-2007-5155 | 1 Iceows | 1 Iceows | 2024-02-04 | 9.3 HIGH | N/A |
IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments, which allows user-assisted remote attackers to execute arbitrary code via a long filename in the header of an ACE archive, which triggers a stack-based buffer overflow. | |||||
CVE-2007-1666 | 1 Datarescue | 1 Ida Pro | 2024-02-04 | 10.0 HIGH | N/A |
The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions. | |||||
CVE-2007-5047 | 1 Symantec | 1 Norton Internet Security | 2024-02-04 | 7.2 HIGH | N/A |
Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793. | |||||
CVE-2007-3912 | 1 Debian | 1 Debian-goodies | 2024-02-04 | 7.2 HIGH | N/A |
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process. | |||||
CVE-2006-5974 | 1 Fetchmail | 1 Fetchmail | 2024-02-04 | 7.8 HIGH | N/A |
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions. | |||||
CVE-2008-0172 | 2 Boost, Ubuntu | 2 Boost, Ubuntu Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. | |||||
CVE-2007-6488 | 1 Falcon | 1 Series One Cms | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | |||||
CVE-2008-0009 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations. | |||||
CVE-2007-0802 | 2 Mozilla, Opera | 2 Firefox, Opera Browser | 2024-02-04 | 6.4 MEDIUM | N/A |
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. | |||||
CVE-2008-0373 | 1 Php | 1 F1 Maxs File Uploader | 2024-02-04 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files. | |||||
CVE-2007-3896 | 1 Microsoft | 3 Internet Explorer, Windows 2003 Server, Windows Xp | 2024-02-04 | 9.3 HIGH | N/A |
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. | |||||
CVE-2007-0521 | 1 Sony Ericsson | 2 K700i, W810i | 2024-02-04 | 3.3 LOW | N/A |
The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||||
CVE-2007-4971 | 1 Isecsoft | 1 Prosecurity | 2024-02-04 | 4.4 MEDIUM | N/A |
ProSecurity 1.40 Beta 2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenSection, and (5) NtSetSystemTime. | |||||
CVE-2008-1245 | 1 Belkin | 1 F5d7230-4 | 2024-02-04 | 7.8 HIGH | N/A |
cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header. | |||||
CVE-2007-4635 | 1 Yahoo | 1 Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-2931 | 1 Microsoft | 2 Msn Messenger, Windows Live Messenger | 2024-02-04 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. | |||||
CVE-2008-0199 | 1 Pro Search | 1 Pro Search | 2024-02-04 | 5.0 MEDIUM | N/A |
PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI. | |||||
CVE-2006-2220 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 5.0 MEDIUM | N/A |
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. |