Max CVSS 10.0 Min CVSS 2.6 Total Count52
IDCVSSSummaryLast (major) updatePublished
CVE-2008-0416 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including
19-01-2017 - 21:59 11-02-2008 - 22:00
CVE-2008-1237 6.8
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors relat
07-12-2016 - 22:00 27-03-2008 - 06:44
CVE-2008-1236 6.8
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors relat
07-12-2016 - 22:00 27-03-2008 - 06:44
CVE-2008-1235 9.3
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka
07-12-2016 - 22:00 27-03-2008 - 06:44
CVE-2008-1234 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event han
07-12-2016 - 22:00 27-03-2008 - 06:44
CVE-2008-1233 6.8
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."
07-12-2016 - 22:00 27-03-2008 - 06:44
CVE-2007-1858 2.6
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information o
22-08-2016 - 21:59 09-05-2007 - 20:19
CVE-2008-0412 9.3
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableF
13-09-2013 - 01:50 08-02-2008 - 17:00
CVE-2008-0418 4.3
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome:
09-09-2013 - 01:30 08-02-2008 - 17:00
CVE-2008-0414 4.3
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."
01-09-2013 - 01:43 08-02-2008 - 17:00
CVE-2007-3527 6.8
Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, wh
30-10-2012 - 22:39 03-07-2007 - 14:30
CVE-2007-3181 10.0
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gd
30-10-2012 - 22:37 12-06-2007 - 19:30
CVE-2007-2606 7.8
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a co
30-10-2012 - 22:35 11-05-2007 - 06:19
CVE-2007-2449 4.3
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote att
30-10-2012 - 22:34 14-06-2007 - 19:30
CVE-2008-1066 7.5
The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
23-01-2012 - 22:24 28-02-2008 - 15:44
CVE-2008-0593 4.3
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and
18-10-2011 - 00:00 08-02-2008 - 20:00
CVE-2008-0591 4.3
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by
20-09-2011 - 00:00 08-02-2008 - 19:00
CVE-2008-1569 3.3
policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.
25-07-2011 - 00:00 31-03-2008 - 18:44
CVE-2008-1552 6.8
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a cra
07-03-2011 - 22:07 31-03-2008 - 13:44
CVE-2008-1412 6.8
Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash
07-03-2011 - 22:07 20-03-2008 - 06:44
CVE-2008-1241 4.3
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
07-03-2011 - 22:06 27-03-2008 - 06:44
CVE-2008-1240 5.0
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine.
07-03-2011 - 22:06 27-03-2008 - 21:44
CVE-2008-1238 5.0
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypa
07-03-2011 - 22:06 27-03-2008 - 06:44
CVE-2008-1218 6.8
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delim
07-03-2011 - 22:06 10-03-2008 - 19:44
CVE-2008-1195 9.3
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via uns
07-03-2011 - 22:06 06-03-2008 - 16:44
CVE-2008-0594 5.0
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
07-03-2011 - 22:04 08-02-2008 - 20:00
CVE-2008-0592 4.3
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Fir
07-03-2011 - 22:04 08-02-2008 - 19:00
CVE-2008-0544 10.0
Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of t
07-03-2011 - 22:04 01-02-2008 - 15:00
CVE-2008-0467 10.0
Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username.
07-03-2011 - 22:04 28-01-2008 - 21:00
CVE-2008-0417 4.3
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.
07-03-2011 - 22:04 08-02-2008 - 17:00
CVE-2008-0415 4.3
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.lo
07-03-2011 - 22:04 08-02-2008 - 17:00
CVE-2007-6697 7.5
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484.
07-03-2011 - 22:03 01-02-2008 - 15:00
CVE-2007-5770 5.0
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which mak
07-03-2011 - 22:01 13-11-2007 - 20:46
CVE-2007-5162 4.3
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier
07-03-2011 - 22:00 01-10-2007 - 01:17
CVE-2007-4668 5.0
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
07-03-2011 - 21:58 04-09-2007 - 18:17
CVE-2007-4667 5.0
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
07-03-2011 - 21:58 04-09-2007 - 18:17
CVE-2007-4666 5.0
Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka COR
07-03-2011 - 21:58 04-09-2007 - 18:17
CVE-2007-4665 5.0
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.
07-03-2011 - 21:58 04-09-2007 - 18:17
CVE-2007-4664 7.5
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
07-03-2011 - 21:58 04-09-2007 - 18:17
CVE-2008-0419 9.3
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize
07-03-2011 - 00:00 08-02-2008 - 17:00
CVE-2007-4879 5.0
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web site
07-03-2011 - 00:00 13-09-2007 - 14:17
CVE-2008-1199 4.4
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a s
21-08-2010 - 01:17 06-03-2008 - 16:44
CVE-2008-1468 4.3
Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CV
30-04-2010 - 01:20 24-03-2008 - 17:44
CVE-2008-1570 6.9
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to a
01-12-2008 - 00:00 31-03-2008 - 18:44
CVE-1999-0208 10.0
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
09-09-2008 - 08:34 12-12-1995 - 00:00
CVE-2008-0387 7.8
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_s
05-09-2008 - 17:34 28-01-2008 - 21:00
CVE-2007-6341 5.0
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
05-09-2008 - 17:32 20-12-2007 - 18:46
CVE-2007-4669 4.0
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.
05-09-2008 - 17:28 04-09-2007 - 18:17
CVE-2006-7214 7.8
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic
05-09-2008 - 17:16 29-06-2007 - 14:30
CVE-2006-7213 5.5
Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.
05-09-2008 - 17:16 29-06-2007 - 14:30
CVE-2006-7212 6.8
Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.
05-09-2008 - 17:16 29-06-2007 - 14:30
CVE-2006-7211 4.9
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.
05-09-2008 - 17:16 29-06-2007 - 14:30
Back to Top Mark selected
Back to Top