Vulnerabilities (CVE)

Filtered by CWE-20
Total 10073 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5762 1 Novell 1 Netware Client 2024-02-04 7.2 HIGH N/A
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
CVE-2007-1478 1 Mcgallery 1 Mcgallery 2024-02-04 5.0 MEDIUM N/A
download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter.
CVE-2007-5155 1 Iceows 1 Iceows 2024-02-04 9.3 HIGH N/A
IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments, which allows user-assisted remote attackers to execute arbitrary code via a long filename in the header of an ACE archive, which triggers a stack-based buffer overflow.
CVE-2007-1666 1 Datarescue 1 Ida Pro 2024-02-04 10.0 HIGH N/A
The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions.
CVE-2007-5047 1 Symantec 1 Norton Internet Security 2024-02-04 7.2 HIGH N/A
Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793.
CVE-2007-3912 1 Debian 1 Debian-goodies 2024-02-04 7.2 HIGH N/A
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
CVE-2006-5974 1 Fetchmail 1 Fetchmail 2024-02-04 7.8 HIGH N/A
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.
CVE-2008-0172 2 Boost, Ubuntu 2 Boost, Ubuntu Linux 2024-02-04 5.0 MEDIUM N/A
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
CVE-2007-6488 1 Falcon 1 Series One Cms 2024-02-04 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
CVE-2008-0009 1 Linux 1 Linux Kernel 2024-02-04 2.1 LOW N/A
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
CVE-2007-0802 2 Mozilla, Opera 2 Firefox, Opera Browser 2024-02-04 6.4 MEDIUM N/A
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.
CVE-2008-0373 1 Php 1 F1 Maxs File Uploader 2024-02-04 7.5 HIGH N/A
Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.
CVE-2007-3896 1 Microsoft 3 Internet Explorer, Windows 2003 Server, Windows Xp 2024-02-04 9.3 HIGH N/A
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
CVE-2007-0521 1 Sony Ericsson 2 K700i, W810i 2024-02-04 3.3 LOW N/A
The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
CVE-2007-4971 1 Isecsoft 1 Prosecurity 2024-02-04 4.4 MEDIUM N/A
ProSecurity 1.40 Beta 2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenSection, and (5) NtSetSystemTime.
CVE-2008-1245 1 Belkin 1 F5d7230-4 2024-02-04 7.8 HIGH N/A
cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header.
CVE-2007-4635 1 Yahoo 1 Messenger 2024-02-04 5.0 MEDIUM N/A
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2931 1 Microsoft 2 Msn Messenger, Windows Live Messenger 2024-02-04 9.3 HIGH N/A
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
CVE-2008-0199 1 Pro Search 1 Pro Search 2024-02-04 5.0 MEDIUM N/A
PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI.
CVE-2006-2220 1 Phpbb 1 Phpbb 2024-02-04 5.0 MEDIUM N/A
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.