| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-4397 | 6.8 |
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a
|
13-02-2023 - 04:46 | 17-10-2013 - 23:55 | |
| CVE-2012-5456 | 4.3 |
The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arb
|
22-11-2021 - 15:53 | 24-10-2012 - 17:55 | |
| CVE-2018-17161 | 7.5 |
In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a s
|
03-10-2019 - 00:03 | 03-01-2019 - 17:29 | |
| CVE-2017-6009 | 4.3 |
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a ne
|
12-03-2019 - 19:52 | 16-02-2017 - 11:59 | |
| CVE-2006-0434 | 5.0 |
Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functional
|
19-10-2018 - 15:44 | 26-01-2006 - 11:07 | |
| CVE-2013-4422 | 6.8 |
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
|
29-08-2017 - 01:33 | 23-10-2013 - 16:54 | |
| CVE-2013-4433 | 4.3 |
Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter.
|
29-08-2017 - 01:33 | 11-03-2014 - 19:37 | |
| CVE-2009-3105 | 4.3 |
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC.
|
17-08-2017 - 01:31 | 08-09-2009 - 22:30 | |
| CVE-2002-2273 | 4.3 |
Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL.
|
29-07-2017 - 01:29 | 31-12-2002 - 05:00 | |
| CVE-2013-7409 | 7.5 |
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
|
31-12-2016 - 02:59 | 30-10-2014 - 15:55 | |
| CVE-2007-5801 | 7.5 |
Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages."
|
15-11-2008 - 07:02 | 03-11-2007 - 00:46 |