Total
11775 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2322 | 1 Nero | 2 Mediahome, Mediahome Ce | 2025-04-09 | 7.8 HIGH | N/A |
| NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5657 | 1 Quassel | 1 Quassel Core | 2025-04-09 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message. | |||||
| CVE-2008-5529 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-2545 | 1 Skype Technologies | 1 Skype | 2025-04-09 | 9.3 HIGH | N/A |
| Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. | |||||
| CVE-2009-1062 | 1 Adobe | 3 Acrobat, Acrobat Reader, Reader | 2025-04-09 | 9.3 HIGH | N/A |
| Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061. | |||||
| CVE-2009-4327 | 1 Ibm | 1 Db2 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2008-5528 | 2 Aladdin, Microsoft | 2 Esafe, Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-6084 | 1 .matteoiammarrone | 1 Iamma Simple Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. | |||||
| CVE-2007-5438 | 1 Vmware | 4 Ace, Vmware Player, Vmware Server and 1 more | 2025-04-09 | 1.9 LOW | N/A |
| Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function. | |||||
| CVE-2008-5674 | 1 Darkwet | 1 Webcam Xp | 2025-04-09 | 9.4 HIGH | N/A |
| Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component. | |||||
| CVE-2007-5258 | 1 Phpfreelog | 1 Phpfreelog | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous. | |||||
| CVE-2008-4318 | 1 Project-observer | 1 Observer | 2025-04-09 | 10.0 HIGH | N/A |
| Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php. | |||||
| CVE-2009-0027 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-09 | 5.0 MEDIUM | N/A |
| The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. | |||||
| CVE-2007-6176 | 1 Amensa-soft | 1 K\+b-bestellsystem | 2025-04-09 | 10.0 HIGH | N/A |
| kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. | |||||
| CVE-2008-6938 | 1 Holger Zimmermann | 1 Pi3web | 2025-04-09 | 4.3 MEDIUM | N/A |
| Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. | |||||
| CVE-2008-3697 | 1 Vmware | 2 Server, Vmware Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request. | |||||
| CVE-2008-1740 | 1 Cisco | 1 Unified Presence | 2025-04-09 | 7.8 HIGH | N/A |
| The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972. | |||||
| CVE-2008-5540 | 2 Microsoft, Secure Computing | 3 Internet Explorer, Secure Web Gateway, Webwasher | 2025-04-09 | 9.3 HIGH | N/A |
| Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2007-6129 | 1 Amber Script | 1 Amber Script | 2025-04-09 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2007-4757 | 1 Phpmytourney | 1 Phpmytourney | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter. | |||||