Total
11463 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0008 | 2 Apple, Microsoft | 3 Quicktime Mpeg-2 Playback Component, Windows Vista, Windows Xp | 2025-04-09 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. | |||||
| CVE-2007-0197 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.8 MEDIUM | N/A |
| Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption. | |||||
| CVE-2008-4824 | 1 Adobe | 1 Flash Player | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." | |||||
| CVE-2008-5105 | 1 Karjasoft | 1 Sami Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands. | |||||
| CVE-2006-2220 | 1 Phpbb | 1 Phpbb | 2025-04-09 | 5.0 MEDIUM | N/A |
| phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. | |||||
| CVE-2008-6814 | 2 Jan De Graaff, Mambo | 2 Com Simpleboard, Mambo | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528. | |||||
| CVE-2009-2765 | 1 Dd-wrt | 1 Dd-wrt | 2025-04-09 | 8.3 HIGH | N/A |
| httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI. | |||||
| CVE-2008-4343 | 1 Chilkat Software | 1 Chilkat Xml Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
| The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. | |||||
| CVE-2008-1366 | 1 Trend Micro | 1 Officescan Corporate Edition | 2025-04-09 | 5.0 MEDIUM | N/A |
| Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference. | |||||
| CVE-2008-3003 | 1 Microsoft | 1 Office | 2025-04-09 | 6.6 MEDIUM | N/A |
| Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." | |||||
| CVE-2008-2683 | 1 Black Ice | 1 Barcode Sdk | 2025-04-09 | 9.3 HIGH | N/A |
| The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1118 | 1 Netopia | 1 Timbuktu Pro | 2025-04-09 | 7.5 HIGH | N/A |
| Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. | |||||
| CVE-2008-1012 | 1 Apple | 1 Apple Airport Extreme Base Station | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation." | |||||
| CVE-2008-0386 | 2 Gentoo, Mandrakesoft | 2 Xdg-utils, Mandrake Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
| Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. | |||||
| CVE-2007-4841 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 9.3 HIGH | N/A |
| Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. | |||||
| CVE-2008-3214 | 1 Thekelleys | 1 Dnsmasq | 2025-04-09 | 7.8 HIGH | N/A |
| dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon. | |||||
| CVE-2007-6103 | 1 Ihu | 1 I Hear U | 2025-04-09 | 5.0 MEDIUM | N/A |
| I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp. | |||||
| CVE-2008-4999 | 1 Nortel | 1 Unistim Ip Phone | 2025-04-09 | 7.8 HIGH | N/A |
| Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue. | |||||
| CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2025-04-09 | 10.0 HIGH | N/A |
| The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | |||||
| CVE-2008-3933 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 3.3 LOW | N/A |
| Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. | |||||