| Max CVSS | 9.3 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-2734 | 5.8 |
The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after perfor
|
11-04-2024 - 00:51 | 24-04-2014 - 23:55 | |
| CVE-2019-7401 | 7.5 |
NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.
|
24-08-2020 - 17:37 | 08-02-2019 - 03:29 | |
| CVE-2006-1133 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered
|
18-10-2018 - 16:30 | 10-03-2006 - 02:02 | |
| CVE-2009-2837 | 6.8 |
Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
|
19-09-2017 - 01:29 | 10-11-2009 - 19:30 | |
| CVE-2009-2820 | 4.3 |
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTT
|
19-09-2017 - 01:29 | 10-11-2009 - 19:30 | |
| CVE-2014-6233 | 7.5 |
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
08-09-2017 - 01:29 | 11-09-2014 - 14:16 | |
| CVE-2014-6235 | 7.5 |
Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
|
08-09-2017 - 01:29 | 11-09-2014 - 14:16 | |
| CVE-2014-6234 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
08-09-2017 - 01:29 | 11-09-2014 - 14:16 | |
| CVE-2014-6241 | 7.5 |
SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
08-09-2017 - 01:29 | 11-09-2014 - 14:16 | |
| CVE-2014-6236 | 7.5 |
Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links.
|
08-09-2017 - 01:29 | 11-09-2014 - 14:16 | |
| CVE-2014-6232 | 4.0 |
Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors.
|
08-09-2017 - 01:29 | 11-09-2014 - 14:16 | |
| CVE-2014-6237 | 3.5 |
Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
08-09-2017 - 01:29 | 11-09-2014 - 14:16 | |
| CVE-2014-6231 | 7.5 |
Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
|
08-09-2017 - 01:29 | 11-09-2014 - 14:16 | |
| CVE-2014-2009 | 5.0 |
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
|
29-08-2017 - 01:34 | 12-09-2014 - 14:55 | |
| CVE-2014-2008 | 7.5 |
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
|
29-08-2017 - 01:34 | 12-09-2014 - 14:55 | |
| CVE-2017-5230 | 6.5 |
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise sec
|
15-08-2017 - 01:29 | 02-03-2017 - 20:59 | |
| CVE-2007-6535 | 6.8 |
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.
|
08-08-2017 - 01:29 | 27-12-2007 - 23:46 | |
| CVE-2017-5232 | 6.8 |
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
|
21-03-2017 - 01:59 | 02-03-2017 - 20:59 | |
| CVE-2003-0051 | 5.0 |
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
|
18-10-2016 - 02:28 | 07-03-2003 - 05:00 | |
| CVE-2014-6239 | 7.5 |
SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
11-09-2014 - 19:48 | 11-09-2014 - 14:16 | |
| CVE-2009-2839 | 6.8 |
Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Per: http://support.apple.com/kb/HT3937
"This issue does no
|
19-12-2009 - 06:57 | 10-11-2009 - 19:30 | |
| CVE-2009-2823 | 4.3 |
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
|
24-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2832 | 5.1 |
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related t
|
17-11-2009 - 07:03 | 10-11-2009 - 19:30 | |
| CVE-2009-2838 | 6.8 |
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
|
17-11-2009 - 07:03 | 10-11-2009 - 19:30 | |
| CVE-2009-2840 | 4.9 |
Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.
|
17-11-2009 - 07:03 | 10-11-2009 - 19:30 | |
| CVE-2009-2833 | 7.5 |
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Pe
|
17-11-2009 - 07:03 | 10-11-2009 - 19:30 | |
| CVE-2009-2836 | 6.2 |
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. Per:
|
17-11-2009 - 07:03 | 10-11-2009 - 19:30 | |
| CVE-2009-2835 | 4.6 |
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
|
17-11-2009 - 07:03 | 10-11-2009 - 19:30 | |
| CVE-2009-2819 | 9.3 |
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. Per: http://support.apple.com/kb/HT3937
"These issues do not affect
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2808 | 5.4 |
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spo
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2829 | 5.0 |
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, rel
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2827 | 6.8 |
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image. Per: http://support.appl
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2810 | 6.8 |
Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trig
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2825 | 4.3 |
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL ser
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2826 | 6.8 |
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2831 | 5.8 |
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2830 | 6.8 |
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2818 | 5.0 |
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). Per: http://suppor
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2824 | 6.8 |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. Per: http://support.apple.com/kb/HT3937
"These issues do not affect Mac OS
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2828 | 7.5 |
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
|
17-11-2009 - 07:02 | 10-11-2009 - 19:30 | |
| CVE-2009-2834 | 4.9 |
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
|
17-11-2009 - 05:00 | 10-11-2009 - 19:30 |