Total
11775 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0813 | 1 Imera | 1 Teamlinks | 2025-04-09 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters. | |||||
| CVE-2007-0216 | 1 Microsoft | 2 Office, Works | 2025-04-09 | 9.3 HIGH | N/A |
| wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." | |||||
| CVE-2009-4493 | 1 Orion | 1 Orion Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | |||||
| CVE-2009-1686 | 1 Apple | 1 Safari | 2025-04-09 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2009-4325 | 1 Ibm | 1 Db2 | 2025-04-09 | 6.4 MEDIUM | N/A |
| The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | |||||
| CVE-2008-3007 | 1 Microsoft | 2 Office, Office Onenote | 2025-04-09 | 9.3 HIGH | N/A |
| Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." | |||||
| CVE-2009-2318 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | 7.8 HIGH | N/A |
| The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116. | |||||
| CVE-2009-0606 | 1 Openhandsetalliance | 1 Android Sdk | 2025-04-09 | 7.2 HIGH | N/A |
| The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820. | |||||
| CVE-2007-1313 | 1 Netxautomation | 1 Netxeib | 2025-04-09 | 7.5 HIGH | N/A |
| NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the (1) IOPCSyncIO::Read, (2) IOPCSyncIO::Write, (3) IOPCServer::AddGroup, (4) IOPCServer::RemoveGroup, (5) IOPCCommon::SetClientName, and (6) IOPCGroupStateMgt::CloneGroup functions, which allow access to arbitrary memory. NOTE: the vectors might be limited to attackers with physical access. | |||||
| CVE-2009-1783 | 1 F-prot | 3 F-prot Antivirus, F-prot Aves, F-prot Milter | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. | |||||
| CVE-2007-6372 | 1 Juniper | 1 Junos | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. | |||||
| CVE-2007-5128 | 2 Boesch-it, Php | 2 Simpnews, Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. | |||||
| CVE-2009-0120 | 1 Ibm | 1 Websphere Datapower Xml Security Gateway Xs40 | 2025-04-09 | 7.8 HIGH | N/A |
| The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. | |||||
| CVE-2009-2386 | 1 Awingsoft | 1 Awakening Winds3d Viewer Plugin | 2025-04-09 | 9.3 HIGH | N/A |
| Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method. | |||||
| CVE-2008-4616 | 2 The Spanner, Wordpress | 2 Spambam Plugin, Spambam Plugin | 2025-04-09 | 5.0 MEDIUM | N/A |
| The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key. | |||||
| CVE-2008-4400 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." | |||||
| CVE-2008-6752 | 1 Revou | 1 Revou | 2025-04-09 | 7.5 HIGH | N/A |
| adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation. | |||||
| CVE-2009-0745 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. | |||||
| CVE-2007-6271 | 1 Xigla | 1 Absolute News Manager.net | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message. | |||||
| CVE-2009-3271 | 1 Apple | 2 Iphone Os, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | |||||