Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0798 | 1 Ipswitch | 1 Whatsup Gold | 2017-10-04 | 7.5 HIGH | N/A |
| Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter. | |||||
| CVE-2002-1120 | 1 Savant | 1 Savant Web Server | 2017-10-04 | 7.5 HIGH | N/A |
| Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2005-4696 | 1 Microsoft | 1 Windows Xp | 2017-10-04 | 2.1 LOW | N/A |
| The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network. | |||||
| CVE-2006-5190 | 1 Oscommerce | 1 Oscommerce | 2017-10-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php. | |||||
| CVE-2008-0680 | 1 Microtik | 1 Routeros | 2017-10-03 | 7.8 HIGH | N/A |
| SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request. | |||||
| CVE-2009-1447 | 1 E-cart | 1 Free Shopping Cart | 2017-09-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. | |||||
| CVE-2009-1483 | 1 Studiolounge | 1 Address Book | 2017-09-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/. | |||||
| CVE-2009-1517 | 1 Symantec | 1 Norton Ghost | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods. | |||||
| CVE-2009-1574 | 1 Ipsec-tools | 1 Ipsec-tools | 2017-09-28 | 5.0 MEDIUM | N/A |
| racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. | |||||
| CVE-2009-1615 | 1 Gowondesigns | 1 Leap | 2017-09-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request. | |||||
| CVE-2009-1663 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory. | |||||
| CVE-2009-1750 | 1 Omnisoftsol | 1 Vidsharepro | 2017-09-28 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||||
| CVE-2009-1659 | 1 Intelliants | 1 Elitius | 2017-09-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/. | |||||
| CVE-2009-1789 | 2 Eggheads, Philip Moore | 3 Eggdrop, Eggdrop Irc Bot, Windrop | 2017-09-28 | 4.3 MEDIUM | N/A |
| mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807. | |||||
| CVE-2009-0389 | 1 Eztools-software | 1 Web On Windows Activex | 2017-09-28 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code. | |||||
| CVE-2008-7022 | 1 Chilkatsoft | 1 Chilkat Imap Activex Control | 2017-09-28 | 9.3 HIGH | N/A |
| Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method. | |||||
| CVE-2008-7021 | 1 Availscript | 1 Jobs Portal Script | 2017-09-28 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2008-7001 | 1 Creative Mind | 1 Creator Cms | 2017-09-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-6997 | 1 Google | 1 Chrome | 2017-09-28 | 4.3 MEDIUM | N/A |
| Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action. | |||||
| CVE-2008-6959 | 1 Chilkatsoft | 1 Chilkat Socket | 2017-09-28 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method. NOTE: this might be related to CVE-2008-1647. | |||||