Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0101 | 1 White Dune | 1 White Dune | 2018-10-15 | 7.5 HIGH | N/A |
| Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file. | |||||
| CVE-2008-0071 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2018-10-15 | 4.3 MEDIUM | N/A |
| The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. | |||||
| CVE-2007-6534 | 1 Microsoft | 1 Publisher | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | |||||
| CVE-2007-6573 | 1 Qksoft | 1 Qk Smtp Server 3 | 2018-10-15 | 7.8 HIGH | N/A |
| QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551. | |||||
| CVE-2007-6558 | 1 Totalplayer | 1 Totalplayer | 2018-10-15 | 4.3 MEDIUM | N/A |
| TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288. | |||||
| CVE-2007-6596 | 1 Clam Anti-virus | 1 Clamav | 2018-10-15 | 5.0 MEDIUM | N/A |
| ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. | |||||
| CVE-2007-6494 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 10.0 HIGH | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. | |||||
| CVE-2007-6492 | 1 Imesh.com | 1 Imesh | 2018-10-15 | 7.1 HIGH | N/A |
| The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method. | |||||
| CVE-2007-6437 | 1 Balabit | 2 Syslog-ng Open Source Edition, Syslog-ng Premium Edition | 2018-10-15 | 5.0 MEDIUM | N/A |
| Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference. | |||||
| CVE-2007-6493 | 1 Imesh.com | 1 Imesh | 2018-10-15 | 10.0 HIGH | N/A |
| The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method. | |||||
| CVE-2007-6314 | 1 Real Time Logic | 2 Barracudadrive Web Server, Barracudadrive Web Server Home Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL. | |||||
| CVE-2007-6271 | 1 Xigla | 1 Absolute News Manager.net | 2018-10-15 | 5.0 MEDIUM | N/A |
| Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message. | |||||
| CVE-2007-6278 | 1 Flac | 1 Libflac | 2018-10-15 | 9.3 HIGH | N/A |
| Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. | |||||
| CVE-2007-6121 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2018-10-15 | 5.0 MEDIUM | N/A |
| Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. | |||||
| CVE-2007-6129 | 1 Amber Script | 1 Amber Script | 2018-10-15 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2007-6036 | 1 Live555 | 1 Media Server | 2018-10-15 | 7.1 HIGH | N/A |
| The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. | |||||
| CVE-2007-6060 | 1 Ahnlab | 1 V3 Internet Security | 2018-10-15 | 9.3 HIGH | N/A |
| AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename. | |||||
| CVE-2007-6039 | 1 Php | 1 Php | 2018-10-15 | 2.1 LOW | N/A |
| PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. | |||||
| CVE-2007-5984 | 1 Justin Hagstrom | 1 Autoindex Php Script | 2018-10-15 | 7.8 HIGH | N/A |
| classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation." | |||||
| CVE-2007-5734 | 1 Efileman | 1 Efileman | 2018-10-15 | 6.4 MEDIUM | N/A |
| Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/upload_file." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html. | |||||