Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1898 | 1 Microsoft | 2 Office, Works | 2025-04-09 | 9.3 HIGH | N/A |
| A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. | |||||
| CVE-2009-0027 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-09 | 5.0 MEDIUM | N/A |
| The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. | |||||
| CVE-2008-2957 | 1 Pidgin | 1 Pidgin | 2025-04-09 | 6.4 MEDIUM | N/A |
| The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | |||||
| CVE-2007-5736 | 1 Seeblick | 1 Seeblick | 2025-04-09 | 6.4 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS. | |||||
| CVE-2009-3830 | 1 Microsoft | 1 Sharepoint Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx. | |||||
| CVE-2008-3680 | 1 Flagship Industries | 1 Ventrilo | 2025-04-09 | 5.0 MEDIUM | N/A |
| The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784. | |||||
| CVE-2008-5257 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2025-04-09 | 4.3 MEDIUM | N/A |
| webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan. | |||||
| CVE-2007-2931 | 1 Microsoft | 2 Msn Messenger, Windows Live Messenger | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. | |||||
| CVE-2007-6494 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 10.0 HIGH | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. | |||||
| CVE-2007-4840 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | |||||
| CVE-2008-5693 | 1 Ipswitch | 1 Ws Ftp | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | |||||
| CVE-2007-5282 | 1 Hitachi | 3 Cosminexus Agent, Cosminexus Library Standard, Cosminexus Library Web | 2025-04-09 | 4.3 MEDIUM | N/A |
| Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager. | |||||
| CVE-2007-4752 | 1 Openbsd | 1 Openssh | 2025-04-09 | 7.5 HIGH | N/A |
| ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. | |||||
| CVE-2006-5990 | 1 Vmware | 1 Virtualcenter | 2025-04-09 | 4.0 MEDIUM | N/A |
| VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack. | |||||
| CVE-2007-4844 | 1 X-diesel | 1 Unreal Commander | 2025-04-09 | 4.3 MEDIUM | N/A |
| X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting. | |||||
| CVE-2006-5872 | 1 Dws Systems Inc. | 1 Sql-ledger | 2025-04-09 | 7.5 HIGH | N/A |
| login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program. | |||||
| CVE-2009-1125 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." | |||||
| CVE-2008-5937 | 1 Zkesoft | 1 Ayeview | 2025-04-09 | 7.8 HIGH | N/A |
| AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values. | |||||
| CVE-2007-0908 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. | |||||
| CVE-2007-5925 | 1 Mysql | 1 Mysql | 2025-04-09 | 4.0 MEDIUM | N/A |
| The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. | |||||