ReportizFlow
Filtered by vendor
Subscriptions
Total
13126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1216 | 1 Ibm | 1 Lotus Quickr Server | 2025-04-09 | N/A |
| IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element. | ||||
| CVE-2008-0555 | 1 Apache-ssl | 1 Apache-ssl | 2025-04-09 | N/A |
| The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. | ||||
| CVE-2009-4102 | 2 Mozilla, Sage.mozdev | 2 Firefox, Sage | 2025-04-09 | N/A |
| Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | ||||
| CVE-2008-1249 | 1 Snom | 1 320 Sip Phone | 2025-04-09 | N/A |
| snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Call a number" field. | ||||
| CVE-2008-1294 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. | ||||
| CVE-2008-1311 | 1 Packettrap | 1 Pt360 Tool Suite Pro | 2025-04-09 | N/A |
| The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312. | ||||
| CVE-2008-1366 | 1 Trend Micro | 1 Officescan Corporate Edition | 2025-04-09 | N/A |
| Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference. | ||||
| CVE-2008-6084 | 1 .matteoiammarrone | 1 Iamma Simple Gallery | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. | ||||
| CVE-2008-1492 | 1 Coronamatrix | 1 Phpaddressbook | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0. | ||||
| CVE-2008-6745 | 1 Blogphp | 1 Blogphp | 2025-04-09 | N/A |
| index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action. | ||||
| CVE-2008-1517 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues. | ||||
| CVE-2008-1562 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2025-04-09 | N/A |
| The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. | ||||
| CVE-2007-0208 | 1 Microsoft | 4 Office, Word, Word Viewer and 1 more | 2025-04-09 | N/A |
| Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. | ||||
| CVE-2008-6557 | 1 Puppetmaster | 1 Webutil | 2025-04-09 | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command. | ||||
| CVE-2007-5738 | 1 Ghlab | 1 Korean Ghboard | 2025-04-09 | N/A |
| The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html. | ||||
| CVE-2007-6176 | 1 Amensa-soft | 1 K\+b-bestellsystem | 2025-04-09 | N/A |
| kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. | ||||
| CVE-2009-4546 | 1 Logoshows | 1 Logoshows Bbs | 2025-04-09 | N/A |
| globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies. | ||||
| CVE-2007-6263 | 1 Netkit-ftp | 1 Netkit Ftp | 2025-04-09 | N/A |
| The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769. | ||||
| CVE-2007-6314 | 1 Real Time Logic | 2 Barracudadrive Web Server, Barracudadrive Web Server Home Server | 2025-04-09 | N/A |
| BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL. | ||||
| CVE-2009-0843 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2025-04-09 | N/A |
| The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists. | ||||