Max CVSS 10.0 Min CVSS 4.1 Total Count46
IDCVSSSummaryLast (major) updatePublished
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
19-02-2017 - 00:21 08-07-2008 - 19:41
CVE-2007-6199 9.3
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
06-01-2017 - 21:59 01-12-2007 - 01:46
CVE-2008-2051 10.0
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
07-12-2016 - 22:00 05-05-2008 - 13:20
CVE-2008-2050 10.0
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
07-12-2016 - 22:00 05-05-2008 - 13:20
CVE-2008-0599 10.0
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
07-12-2016 - 22:00 05-05-2008 - 13:20
CVE-2008-2292 6.8
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in
26-11-2012 - 22:46 18-05-2008 - 10:20
CVE-2008-0674 7.5
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
30-10-2012 - 22:52 18-02-2008 - 18:00
CVE-2008-2430 9.3
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
27-01-2012 - 00:31 07-07-2008 - 19:41
CVE-2008-2952 5.0
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
11-10-2011 - 00:00 01-07-2008 - 17:41
CVE-2007-5135 6.8
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue wa
29-08-2011 - 00:00 27-09-2007 - 16:17
CVE-2007-6200 10.0
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspec
23-08-2011 - 22:41 01-12-2007 - 01:46
CVE-2008-2320 9.3
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (app
04-08-2011 - 00:00 03-08-2008 - 21:41
CVE-2008-0053 10.0
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
13-05-2011 - 00:00 18-03-2008 - 19:44
CVE-2008-4194 5.0
The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."
07-03-2011 - 22:12 24-09-2008 - 07:42
CVE-2008-3429 6.8
Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL.
07-03-2011 - 22:10 31-07-2008 - 18:41
CVE-2008-3144 5.0
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to stri
07-03-2011 - 22:10 01-08-2008 - 10:41
CVE-2008-3143 7.5
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c
07-03-2011 - 22:10 01-08-2008 - 10:41
CVE-2008-3142 7.5
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicod
07-03-2011 - 22:10 01-08-2008 - 10:41
CVE-2008-2935 7.5
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attack
07-03-2011 - 22:09 01-08-2008 - 10:41
CVE-2008-2830 7.2
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands
07-03-2011 - 22:09 23-06-2008 - 16:41
CVE-2008-2325 9.3
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."
07-03-2011 - 22:09 03-08-2008 - 21:41
CVE-2008-2324 4.6
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.
07-03-2011 - 22:09 03-08-2008 - 21:41
CVE-2008-2323 7.1
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.
07-03-2011 - 22:09 03-08-2008 - 21:41
CVE-2008-2322 9.3
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buff
07-03-2011 - 22:09 03-08-2008 - 21:41
CVE-2008-2321 9.3
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of argum
07-03-2011 - 22:09 03-08-2008 - 21:41
CVE-2008-2316 7.5
Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."
07-03-2011 - 22:08 01-08-2008 - 10:41
CVE-2008-2315 7.5
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7)
07-03-2011 - 22:08 01-08-2008 - 10:41
CVE-2008-1722 4.3
Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.
07-03-2011 - 22:07 10-04-2008 - 15:05
CVE-2008-1667 7.8
The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process
07-03-2011 - 22:07 29-07-2008 - 14:41
CVE-2008-1628 4.1
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from thir
07-03-2011 - 22:07 02-04-2008 - 13:44
CVE-2008-1373 5.8
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
07-03-2011 - 22:06 03-04-2008 - 20:44
CVE-2007-4850 5.0
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vuln
07-03-2011 - 21:59 24-01-2008 - 20:00
CVE-2008-0960 10.0
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Dat
07-03-2011 - 00:00 10-06-2008 - 14:32
CVE-2008-1376 7.5
A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.
21-08-2010 - 01:18 01-08-2008 - 10:41
CVE-2008-2363 9.3
The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file t
07-10-2009 - 00:00 02-06-2008 - 17:30
CVE-2008-1292 4.3
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only
20-08-2009 - 01:14 24-03-2008 - 13:44
CVE-2008-1291 4.3
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
20-08-2009 - 01:14 24-03-2008 - 13:44
CVE-2008-1290 4.3
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
20-08-2009 - 01:14 24-03-2008 - 13:44
CVE-2008-3486 7.5
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via
19-08-2009 - 01:17 06-08-2008 - 13:41
CVE-2008-3223 7.5
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
19-08-2009 - 01:17 18-07-2008 - 12:41
CVE-2008-3221 4.3
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities.
19-08-2009 - 01:17 18-07-2008 - 12:41
CVE-2008-3220 6.8
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."
19-08-2009 - 01:17 18-07-2008 - 12:41
CVE-2008-3218 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, a
19-08-2009 - 01:17 18-07-2008 - 12:41
CVE-2008-3222 6.8
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
19-08-2009 - 00:00 18-07-2008 - 12:41
CVE-2008-3219 5.0
The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS
19-08-2009 - 00:00 18-07-2008 - 12:41
CVE-2008-2147 4.6
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
10-09-2008 - 21:10 12-05-2008 - 16:20
Back to Top Mark selected
Back to Top