Total
10450 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1451 | 1 Microsoft | 2 Windows 2000, Windows 2003 Server | 2025-04-09 | 7.2 HIGH | N/A |
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." | |||||
CVE-2007-5570 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | 7.8 HIGH | N/A |
Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844. | |||||
CVE-2008-1265 | 1 Linksys | 1 Wrt54g | 2025-04-09 | 7.8 HIGH | N/A |
The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. | |||||
CVE-2008-3957 | 1 Microsoft | 1 Windows Image Acquisition Logger | 2025-04-09 | 9.3 HIGH | N/A |
The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-2318 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | 7.8 HIGH | N/A |
The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116. | |||||
CVE-2007-6534 | 1 Microsoft | 1 Publisher | 2025-04-09 | 6.8 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | |||||
CVE-2009-3545 | 1 Datawizard | 1 Ftpxq Server | 2025-04-09 | 4.0 MEDIUM | N/A |
DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command. | |||||
CVE-2008-3934 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 3.3 LOW | N/A |
Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | |||||
CVE-2009-4546 | 1 Logoshows | 1 Logoshows Bbs | 2025-04-09 | 7.5 HIGH | N/A |
globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies. | |||||
CVE-2008-3838 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 7.2 HIGH | N/A |
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service. | |||||
CVE-2007-4999 | 1 Pidgin | 1 Pidgin | 2025-04-09 | 4.3 MEDIUM | N/A |
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. | |||||
CVE-2009-2320 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | 7.5 HIGH | N/A |
The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript. | |||||
CVE-2008-1898 | 1 Microsoft | 2 Office, Works | 2025-04-09 | 9.3 HIGH | N/A |
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. | |||||
CVE-2008-4618 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. | |||||
CVE-2009-2715 | 1 Sun | 1 Virtualbox | 2025-04-09 | 4.9 MEDIUM | N/A |
Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction. | |||||
CVE-2007-5738 | 1 Ghlab | 1 Korean Ghboard | 2025-04-09 | 6.8 MEDIUM | N/A |
The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html. | |||||
CVE-2009-0519 | 1 Adobe | 4 Air, Flash Player, Flash Player For Linux and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. | |||||
CVE-2008-3763 | 1 Turnkeywebtools | 1 Php Live Helper | 2025-04-09 | 6.8 MEDIUM | N/A |
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file. | |||||
CVE-2008-2742 | 1 Achievo | 1 Achievo | 2025-04-09 | 7.5 HIGH | N/A |
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled. | |||||
CVE-2008-4366 | 1 Camera Life | 1 Camera Life | 2025-04-09 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload. |