Total
11775 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3627 | 1 Derrick Oswald | 1 Html-parser | 2025-04-09 | 4.3 MEDIUM | N/A |
| The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character. | |||||
| CVE-2008-3127 | 1 Hiox India | 1 Banner Rotator | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | |||||
| CVE-2009-1784 | 1 Avg | 1 Avg Anti-virus | 2025-04-09 | 10.0 HIGH | N/A |
| The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive. | |||||
| CVE-2007-2408 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | |||||
| CVE-2007-3912 | 1 Debian | 1 Debian-goodies | 2025-04-09 | 7.2 HIGH | N/A |
| checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process. | |||||
| CVE-2009-1536 | 1 Microsoft | 3 .net Framework, Windows Server 2008, Windows Vista | 2025-04-09 | 2.6 LOW | N/A |
| ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." | |||||
| CVE-2008-6806 | 1 7-shop | 1 7shop | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/. | |||||
| CVE-2009-4105 | 1 Typsoft | 1 Typsoft Ftp Server | 2025-04-09 | 3.5 LOW | N/A |
| TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands. | |||||
| CVE-2008-4366 | 1 Camera Life | 1 Camera Life | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload. | |||||
| CVE-2008-4041 | 1 Softalk Mail Server | 1 Softalk Mail Server | 2025-04-09 | 4.0 MEDIUM | N/A |
| The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters. | |||||
| CVE-2009-3084 | 1 Pidgin | 2 Libpurple, Pidgin | 2025-04-09 | 5.0 MEDIUM | N/A |
| The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name. | |||||
| CVE-2009-0172 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | |||||
| CVE-2007-5658 | 1 Tibco | 3 Enterprise Message Service, Rtworks, Smartsockets Rtserver | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow. | |||||
| CVE-2008-0071 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. | |||||
| CVE-2008-6367 | 1 Socialgroupie | 1 Social Groupie | 2025-04-09 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/. | |||||
| CVE-2009-0800 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2008-4505 | 1 Ibm | 1 Lotus Quickr | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability. | |||||
| CVE-2007-3896 | 1 Microsoft | 3 Internet Explorer, Windows 2003 Server, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
| The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. | |||||
| CVE-2008-3004 | 1 Microsoft | 2 Office, Office Excel Viewer | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability." | |||||
| CVE-2007-4993 | 1 Xensource Inc | 1 Xen | 2025-04-09 | 6.9 MEDIUM | N/A |
| pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements. | |||||