Max CVSS 10.0 Min CVSS 1.9 Total Count70
IDCVSSSummaryLast (major) updatePublished
CVE-2008-0416 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including
19-01-2017 - 21:59 11-02-2008 - 22:00
CVE-2008-1100 10.0
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
02-01-2017 - 21:59 14-04-2008 - 12:05
CVE-2008-1237 6.8
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors relat
07-12-2016 - 22:00 27-03-2008 - 06:44
CVE-2008-1236 6.8
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors relat
07-12-2016 - 22:00 27-03-2008 - 06:44
CVE-2008-1235 9.3
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka
07-12-2016 - 22:00 27-03-2008 - 06:44
CVE-2008-1234 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event han
07-12-2016 - 22:00 27-03-2008 - 06:44
CVE-2008-1233 6.8
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."
07-12-2016 - 22:00 27-03-2008 - 06:44
CVE-2008-0122 10.0
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code
06-12-2016 - 21:59 15-01-2008 - 21:00
CVE-2007-2583 4.0
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL poin
20-02-2014 - 22:45 09-05-2007 - 20:19
CVE-2008-0412 9.3
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableF
13-09-2013 - 01:50 08-02-2008 - 17:00
CVE-2008-0418 4.3
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome:
09-09-2013 - 01:30 08-02-2008 - 17:00
CVE-2008-0414 4.3
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."
01-09-2013 - 01:43 08-02-2008 - 17:00
CVE-2008-0887 4.7
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-185
05-11-2012 - 22:57 06-04-2008 - 19:44
CVE-2007-2692 6.0
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
05-11-2012 - 22:39 15-05-2007 - 21:19
CVE-2007-2691 4.9
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
05-11-2012 - 22:39 15-05-2007 - 21:19
CVE-2007-2231 4.3
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
05-11-2012 - 22:37 25-04-2007 - 11:19
CVE-2008-1767 7.5
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that trigg
30-10-2012 - 22:55 23-05-2008 - 11:32
CVE-2008-0593 4.3
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and
18-10-2011 - 00:00 08-02-2008 - 20:00
CVE-2008-0591 4.3
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by
20-09-2011 - 00:00 08-02-2008 - 19:00
CVE-2007-1420 2.1
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialize
01-09-2011 - 00:00 12-03-2007 - 19:19
CVE-2006-4227 6.5
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has bee
01-09-2011 - 00:00 18-08-2006 - 16:04
CVE-2007-5794 4.3
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was o
10-08-2011 - 00:00 13-11-2007 - 18:46
CVE-2008-1686 9.3
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to ex
19-05-2011 - 00:00 08-04-2008 - 14:05
CVE-2008-0420 9.3
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to re
12-04-2011 - 00:00 11-02-2008 - 22:00
CVE-2008-2409 9.3
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
07-03-2011 - 22:09 23-05-2008 - 11:32
CVE-2008-2408 9.3
Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag.
07-03-2011 - 22:09 23-05-2008 - 11:32
CVE-2008-2407 9.3
Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message.
07-03-2011 - 22:09 23-05-2008 - 11:32
CVE-2008-2302 4.3
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a cert
07-03-2011 - 22:08 23-05-2008 - 11:32
CVE-2008-2242 7.5
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstrin
07-03-2011 - 22:08 21-05-2008 - 09:24
CVE-2008-2241 10.0
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in
07-03-2011 - 22:08 21-05-2008 - 09:24
CVE-2008-2040 7.5
Stack-based buffer overflow in the HTTP::getAuthUserPass function (core/common/http.cpp) in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Basic Authentication
07-03-2011 - 22:08 30-04-2008 - 12:17
CVE-2008-1950 5.0
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Ran
07-03-2011 - 22:08 21-05-2008 - 09:24
CVE-2008-1949 9.3
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to c
07-03-2011 - 22:08 21-05-2008 - 09:24
CVE-2008-1948 10.0
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows
07-03-2011 - 22:08 21-05-2008 - 09:24
CVE-2008-1927 5.0
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain oper
07-03-2011 - 22:08 24-04-2008 - 01:05
CVE-2008-1837 5.0
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
07-03-2011 - 22:07 16-04-2008 - 12:05
CVE-2008-1836 4.3
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
07-03-2011 - 22:07 16-04-2008 - 12:05
CVE-2008-1835 5.0
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
07-03-2011 - 22:07 16-04-2008 - 12:05
CVE-2008-1833 7.5
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
07-03-2011 - 22:07 16-04-2008 - 11:05
CVE-2008-1387 4.3
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
07-03-2011 - 22:07 16-04-2008 - 12:05
CVE-2008-1380 9.3
The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page.
07-03-2011 - 22:07 17-04-2008 - 15:05
CVE-2008-1241 4.3
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
07-03-2011 - 22:06 27-03-2008 - 06:44
CVE-2008-1240 5.0
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine.
07-03-2011 - 22:06 27-03-2008 - 21:44
CVE-2008-1238 5.0
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypa
07-03-2011 - 22:06 27-03-2008 - 06:44
CVE-2008-0594 5.0
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
07-03-2011 - 22:04 08-02-2008 - 20:00
CVE-2008-0592 4.3
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Fir
07-03-2011 - 22:04 08-02-2008 - 19:00
CVE-2008-0417 4.3
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.
07-03-2011 - 22:04 08-02-2008 - 17:00
CVE-2008-0415 4.3
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.lo
07-03-2011 - 22:04 08-02-2008 - 17:00
CVE-2008-0413 9.3
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2
07-03-2011 - 22:04 08-02-2008 - 17:00
CVE-2008-0314 7.5
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
07-03-2011 - 22:04 16-04-2008 - 11:05
CVE-2008-0304 7.5
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation
07-03-2011 - 22:04 29-02-2008 - 14:44
CVE-2007-6714 6.8
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anony
07-03-2011 - 22:03 17-04-2008 - 18:05
CVE-2007-6598 6.8
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
07-03-2011 - 22:03 03-01-2008 - 21:46
CVE-2007-6454 10.0
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
07-03-2011 - 22:02 19-12-2007 - 19:46
CVE-2007-5962 7.1
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a
07-03-2011 - 22:01 22-05-2008 - 09:09
CVE-2006-4031 2.1
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
07-03-2011 - 21:40 09-08-2006 - 18:04
CVE-2006-0903 4.6
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query f
07-03-2011 - 21:31 27-02-2006 - 18:02
CVE-2008-0419 9.3
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize
07-03-2011 - 00:00 08-02-2008 - 17:00
CVE-2007-4879 5.0
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web site
07-03-2011 - 00:00 13-09-2007 - 14:17
CVE-2008-1199 4.4
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a s
21-08-2010 - 01:17 06-03-2008 - 16:44
CVE-2007-6283 4.9
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
21-08-2010 - 01:13 17-12-2007 - 20:46
CVE-2007-5496 1.9
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during com
21-08-2010 - 01:12 23-05-2008 - 11:32
CVE-2007-5495 4.4
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.
21-08-2010 - 01:12 23-05-2008 - 11:32
CVE-2007-4211 6.0
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
21-08-2010 - 01:09 07-08-2007 - 22:17
CVE-2007-3920 6.2
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
21-08-2010 - 01:09 29-10-2007 - 17:46
CVE-2007-3782 3.5
MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
21-08-2010 - 01:08 15-07-2007 - 18:30
CVE-2007-3781 4.0
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
21-08-2010 - 01:08 15-07-2007 - 18:30
CVE-2006-7232 3.5
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
21-08-2010 - 00:59 31-12-2006 - 00:00
CVE-2008-2064 10.0
Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems."
10-08-2009 - 00:00 02-05-2008 - 19:20
CVE-2008-0166 7.8
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptograp
21-02-2009 - 00:00 13-05-2008 - 13:20
Back to Top Mark selected
Back to Top