Max CVSS 10.0 Min CVSS 4.3 Total Count56
IDCVSSSummaryLast (major) updatePublished
CVE-2017-5254 9.0
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.
20-12-2017 - 17:29 20-12-2017 - 17:29
CVE-2009-1185 7.2
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
07-12-2016 - 22:01 17-04-2009 - 10:30
CVE-2008-3982 5.5
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a differen
23-11-2016 - 13:01 14-10-2008 - 17:11
CVE-2003-0201 10.0
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
17-10-2016 - 22:30 05-05-2003 - 00:00
CVE-2008-3466 10.0
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or
14-07-2015 - 13:48 14-10-2008 - 20:12
CVE-2009-0927 9.3
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerabili
22-11-2013 - 13:19 19-03-2009 - 06:30
CVE-2009-1430 9.3
Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Sym
06-02-2013 - 23:17 29-04-2009 - 11:30
CVE-2008-4250 10.0
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during p
30-10-2012 - 23:04 23-10-2008 - 18:00
CVE-2008-3996 5.5
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.
29-10-2012 - 23:16 14-10-2008 - 17:11
CVE-2008-2439 5.0
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, Offi
29-10-2012 - 23:11 03-10-2008 - 11:07
CVE-2008-4008 10.0
Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unk
22-10-2012 - 22:53 14-10-2008 - 17:11
CVE-2008-2463 6.8
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine
12-09-2012 - 22:29 07-07-2008 - 19:41
CVE-2008-5499 9.3
Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.
10-07-2012 - 00:00 17-12-2008 - 19:30
CVE-2011-2140 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
22-03-2012 - 00:00 10-08-2011 - 18:55
CVE-2010-3904 7.2
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privile
19-03-2012 - 00:00 06-12-2010 - 15:13
CVE-2008-4654 9.3
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted
27-01-2012 - 00:33 21-10-2008 - 20:11
CVE-2008-5036 9.3
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c
27-01-2012 - 00:32 10-11-2008 - 17:18
CVE-2008-5032 9.3
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier orig
27-01-2012 - 00:00 10-11-2008 - 11:15
CVE-2010-3747 9.3
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers
21-09-2011 - 23:25 18-10-2010 - 20:00
CVE-2008-0067 10.0
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to t
21-09-2011 - 22:48 08-01-2009 - 14:30
CVE-2006-3838 10.0
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Net
06-09-2011 - 00:00 26-07-2006 - 21:04
CVE-2009-4098 6.0
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then acc
25-07-2011 - 00:00 29-11-2009 - 08:08
CVE-2008-3657 7.5
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by
13-07-2011 - 00:00 12-08-2008 - 21:41
CVE-2009-3103 10.0
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (syste
24-06-2011 - 00:00 08-09-2009 - 18:30
CVE-2008-0926 7.5
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of s
01-04-2011 - 00:00 28-03-2008 - 14:44
CVE-2009-0658 9.3
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as expl
07-03-2011 - 22:18 20-02-2009 - 14:30
CVE-2009-0184 9.3
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in
07-03-2011 - 22:18 03-02-2009 - 14:30
CVE-2008-5002 9.3
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this co
07-03-2011 - 22:13 10-11-2008 - 09:12
CVE-2008-4922 9.3
Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.
07-03-2011 - 22:13 04-11-2008 - 16:00
CVE-2008-3656 7.8
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows con
07-03-2011 - 22:11 12-08-2008 - 21:41
CVE-2008-3257 10.0
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after
07-03-2011 - 22:10 22-07-2008 - 12:41
CVE-2008-3158 6.9
Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.
07-03-2011 - 22:10 11-07-2008 - 18:41
CVE-2008-2938 4.3
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequence
07-03-2011 - 22:09 12-08-2008 - 20:41
CVE-2008-2908 9.3
Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-fr
07-03-2011 - 22:09 30-06-2008 - 14:24
CVE-2008-1311 5.0
The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or
07-03-2011 - 22:06 12-03-2008 - 13:44
CVE-2005-3498 4.3
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could
07-03-2011 - 21:26 03-11-2005 - 19:02
CVE-2005-3398 4.3
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data fro
07-03-2011 - 21:26 01-11-2005 - 07:47
CVE-2008-5416 9.0
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 an
07-03-2011 - 00:00 10-12-2008 - 09:00
CVE-2008-3655 7.5
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended
07-03-2011 - 00:00 12-08-2008 - 21:41
CVE-2008-5081 5.0
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an as
21-08-2010 - 01:25 16-12-2008 - 21:30
CVE-2009-0187 9.3
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing
27-04-2010 - 01:48 26-02-2009 - 11:17
CVE-2009-3960 4.3
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain se
26-02-2010 - 02:09 15-02-2010 - 13:30
CVE-2008-6082 5.0
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
20-08-2009 - 01:24 06-02-2009 - 06:30
CVE-2008-6938 4.3
Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request t
18-08-2009 - 00:00 11-08-2009 - 17:00
CVE-2008-5492 9.3
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these d
12-08-2009 - 01:22 12-12-2008 - 11:30
CVE-2008-6829 5.0
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.
09-06-2009 - 00:00 08-06-2009 - 15:30
CVE-2009-0546 9.3
Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file.
13-02-2009 - 00:00 12-02-2009 - 18:30
CVE-2009-0133 10.0
Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564.
29-01-2009 - 02:01 15-01-2009 - 12:30
CVE-2008-3878 9.3
Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to th
29-01-2009 - 01:54 02-09-2008 - 11:41
CVE-2007-0977 7.1
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2
15-11-2008 - 01:42 15-02-2007 - 20:28
CVE-2007-1682 9.3
Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists
10-09-2008 - 20:51 27-08-2008 - 16:41
CVE-1999-0502 7.5
A Unix account has a default, null, blank, or missing password.
09-09-2008 - 08:34 01-03-1998 - 00:00
CVE-2008-2031 5.0
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inf
05-09-2008 - 17:39 30-04-2008 - 12:17
CVE-2001-1013 5.0
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid u
05-09-2008 - 16:25 12-09-2001 - 00:00
CVE-2000-0917 10.0
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-1999-0531
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration En
01-08-2008 - 00:00 01-01-1999 - 00:00
Back to Top Mark selected
Back to Top