Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3834 | 1 Freedesktop | 3 Dbus, Dbus1.0, Dbus1.1.0 | 2017-09-28 | 2.1 LOW | N/A |
| The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | |||||
| CVE-2008-3879 | 1 Ultrashareware | 1 Ultra Office Control | 2017-09-28 | 9.3 HIGH | N/A |
| The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method. | |||||
| CVE-2008-4049 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2017-09-28 | 6.8 MEDIUM | N/A |
| A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method. | |||||
| CVE-2008-4050 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2017-09-28 | 9.3 HIGH | N/A |
| A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method. | |||||
| CVE-2008-1495 | 1 Peel | 1 Peel | 2017-09-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf. | |||||
| CVE-2008-1535 | 1 Matti Kiviharju | 1 Rekry Component | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php. | |||||
| CVE-2008-0830 | 1 Apple | 1 Iphoto | 2017-09-28 | 7.5 HIGH | N/A |
| The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043. | |||||
| CVE-2008-1647 | 1 Chilkat Software | 1 Chilkathttp Activex | 2017-09-28 | 9.3 HIGH | N/A |
| The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1693 | 1 Poppler | 1 Poppler | 2017-09-28 | 6.8 MEDIUM | N/A |
| The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object. | |||||
| CVE-2008-1785 | 1 Prozilla | 1 Top 100 | 2017-09-28 | 5.5 MEDIUM | N/A |
| delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. | |||||
| CVE-2008-1856 | 1 Linpha | 1 Linpha | 2017-09-28 | 5.1 MEDIUM | N/A |
| plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration. | |||||
| CVE-2008-1862 | 1 Exbb | 1 Exbb Italia | 2017-09-28 | 6.8 MEDIUM | N/A |
| ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php. | |||||
| CVE-2008-0237 | 1 Microsoft | 1 Rich Textbox Control | 2017-09-28 | 6.8 MEDIUM | N/A |
| The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method. | |||||
| CVE-2008-0718 | 1 Sun | 1 Solaris | 2017-09-28 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2007-6684 | 1 Videolan | 1 Vlc | 2017-09-28 | 5.0 MEDIUM | N/A |
| The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | |||||
| CVE-2008-0260 | 1 Minimal Design | 1 Minimal Gallery | 2017-09-28 | 5.0 MEDIUM | N/A |
| minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function. | |||||
| CVE-2008-0631 | 1 Afterlogic | 1 Mailbee Objects | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method. | |||||
| CVE-2008-1419 | 2 Redhat, Xiph.org | 3 Enterprise Linux, Linux Advanced Workstation, Libvorbis | 2017-09-28 | 4.3 MEDIUM | N/A |
| Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. | |||||
| CVE-2007-4130 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-09-28 | 7.2 HIGH | N/A |
| The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation. | |||||
| CVE-2007-4570 | 1 Redhat | 2 Enterprise Linux, Mcstrans | 2017-09-28 | 1.9 LOW | N/A |
| Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. | |||||