Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7107 | 1 Eset | 1 Smart Security | 2017-09-28 | 7.2 HIGH | N/A |
| easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface. | |||||
| CVE-2008-7180 | 1 Rittwick Banerjee | 1 Telephone Directory 2008 | 2017-09-28 | 5.0 MEDIUM | N/A |
| del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable. | |||||
| CVE-2009-0465 | 1 Synactis | 1 All In The Box.ocx | 2017-09-28 | 9.3 HIGH | N/A |
| The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument. | |||||
| CVE-2009-0267 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-28 | 5.0 MEDIUM | N/A |
| libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989. | |||||
| CVE-2009-0372 | 1 Memht | 1 Memht Portal | 2017-09-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/. | |||||
| CVE-2009-0418 | 1 Hp | 1 Hp-ux | 2017-09-28 | 9.3 HIGH | N/A |
| The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | |||||
| CVE-2008-4136 | 1 Michael Roth Software | 1 Pftp | 2017-09-28 | 5.0 MEDIUM | N/A |
| Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames. | |||||
| CVE-2008-4137 | 1 Php Crawler | 1 Php Crawler | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter. | |||||
| CVE-2008-4295 | 2 Htc, Microsoft | 3 Mda, Wiza, Windows Mobile | 2017-09-28 | 5.4 MEDIUM | N/A |
| Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. | |||||
| CVE-2008-4318 | 1 Project-observer | 1 Observer | 2017-09-28 | 10.0 HIGH | N/A |
| Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php. | |||||
| CVE-2008-4329 | 1 Openengine | 1 Openengine | 2017-09-28 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter. | |||||
| CVE-2008-4343 | 1 Chilkat Software | 1 Chilkat Xml Activex Control | 2017-09-28 | 9.3 HIGH | N/A |
| The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. | |||||
| CVE-2008-4363 | 1 Deslock | 1 Deslock | 2017-09-28 | 7.2 HIGH | N/A |
| DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended. | |||||
| CVE-2008-4366 | 1 Camera Life | 1 Camera Life | 2017-09-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload. | |||||
| CVE-2008-4380 | 1 Samsung | 1 Dvr Shr2040 | 2017-09-28 | 7.8 HIGH | N/A |
| The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters. | |||||
| CVE-2008-4428 | 1 Phlatline | 1 Personal Information Manager | 2017-09-28 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory. | |||||
| CVE-2008-4493 | 1 Microsoft | 1 Digital Image | 2017-09-28 | 6.8 MEDIUM | N/A |
| Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. | |||||
| CVE-2008-4509 | 1 Foss Gallery | 1 Foss Gallery | 2017-09-28 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory. | |||||
| CVE-2008-4514 | 1 Konqueror | 1 Konqueror | 2017-09-28 | 5.0 MEDIUM | N/A |
| The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error. | |||||
| CVE-2008-4748 | 1 Kvirc | 1 Kvirc | 2017-09-28 | 7.6 HIGH | N/A |
| Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI. | |||||