Max CVSS 10.0 Min CVSS 2.1 Total Count32
IDCVSSSummaryLast (major) updatePublished
CVE-2014-8626 7.5
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone fie
29-04-2015 - 22:01 22-11-2014 - 21:59
CVE-2008-5025 7.8
Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid cata
28-08-2013 - 01:56 17-11-2008 - 18:30
CVE-2008-3658 7.5
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
01-08-2013 - 01:52 14-08-2008 - 20:41
CVE-2008-5029 4.9
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors rela
05-11-2012 - 23:11 10-11-2008 - 11:15
CVE-2008-3660 5.0
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
30-10-2012 - 23:01 14-08-2008 - 20:41
CVE-2008-3659 6.4
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function
30-10-2012 - 23:01 14-08-2008 - 20:41
CVE-2008-2829 5.0
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c lega
30-10-2012 - 22:58 23-06-2008 - 16:41
CVE-2008-2666 5.0
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to
30-10-2012 - 22:58 19-06-2008 - 21:41
CVE-2008-2665 5.0
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after
30-10-2012 - 22:58 19-06-2008 - 21:41
CVE-2008-2371 7.5
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins
30-10-2012 - 22:57 07-07-2008 - 19:41
CVE-2008-4576 7.8
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the O
29-10-2012 - 23:17 15-10-2008 - 16:07
CVE-2008-4554 4.6
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.
29-10-2012 - 23:17 15-10-2008 - 16:07
CVE-2008-4395 8.3
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
29-10-2012 - 23:17 06-11-2008 - 10:55
CVE-2008-3528 2.1
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically prox
29-10-2012 - 23:15 27-09-2008 - 06:30
CVE-2008-5300 4.9
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulne
19-03-2012 - 00:00 01-12-2008 - 12:30
CVE-2008-5182 6.9
The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.
19-03-2012 - 00:00 20-11-2008 - 21:30
CVE-2008-5134 10.0
Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response."
19-03-2012 - 00:00 18-11-2008 - 11:00
CVE-2008-4934 7.8
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (syste
19-03-2012 - 00:00 05-11-2008 - 10:00
CVE-2008-4933 7.8
Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog n
19-03-2012 - 00:00 05-11-2008 - 10:00
CVE-2008-4618 7.8
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via
19-03-2012 - 00:00 20-10-2008 - 20:10
CVE-2008-5557 10.0
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is n
07-03-2011 - 22:14 23-12-2008 - 13:30
CVE-2008-5403 10.0
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
07-03-2011 - 22:14 10-12-2008 - 01:44
CVE-2008-5402 10.0
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
07-03-2011 - 22:14 10-12-2008 - 01:44
CVE-2008-5401 10.0
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
07-03-2011 - 22:14 10-12-2008 - 01:44
CVE-2008-3656 7.8
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows con
07-03-2011 - 22:11 12-08-2008 - 21:41
CVE-2008-2379 4.3
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
07-03-2011 - 22:09 04-12-2008 - 19:30
CVE-2008-4310 7.8
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for
21-08-2010 - 00:00 08-12-2008 - 19:30
CVE-2008-5658 7.5
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
31-10-2009 - 02:10 17-12-2008 - 15:30
CVE-2008-5625 7.5
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log"
31-10-2009 - 02:10 17-12-2008 - 12:30
CVE-2008-5624 7.5
PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to b
31-10-2009 - 02:10 17-12-2008 - 12:30
CVE-2008-7068 6.4
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can
25-08-2009 - 00:00 25-08-2009 - 06:30
CVE-2008-3058 7.5
Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) clien
05-02-2009 - 01:44 03-12-2008 - 12:30
Back to Top Mark selected
Back to Top