Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

2166 total CVE
CVE Vendors Products Updated CVSS
CVE-2009-1082 1 Sun 1 Java System Identity Manager 2009-03-25 9.0
Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative...
CVE-2009-0609 1 Sun 1 Java System Directory Server 2009-02-18 7.8
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote...
CVE-2008-4641 1 Sentex 1 Jhead 2008-12-03 10.0
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
CVE-2007-6689 1 Menalto 1 Gallery 2008-11-15 7.5
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module.
CVE-2007-6010 1 Pioneers 1 Pioneers 2008-11-15 7.8
Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an...
CVE-2007-5832 1 Ssl-explorer 1 Ssl-explorer 2008-11-15 7.5
Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are...
CVE-2007-5830 1 Avaya 2 Messaging Storage Server, Message Networking 2008-11-15 7.8
Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."
CVE-2007-5563 1 Virtuemart 1 Virtuemart 2008-11-15 7.5
Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2007-5258 1 Phpfreelog 1 Phpfreelog 2008-11-15 7.5
PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous.
CVE-2007-5035 1 Openengine 1 Openengine 2008-11-15 7.5
** DISPUTED ** PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the this_module_path parameter. NOTE: this issue is...
CVE-2007-4761 1 Matteo 1 Barbo91 2008-11-15 7.5
Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2008-4404 1 Ibm 1 Zseries 2008-10-03 10.0
The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private...
CVE-2007-5556 1 Avaya 1 Voip Handset 2008-09-05 7.8
Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However,...
CVE-2006-4936 1 Moodle 1 Moodle 2008-09-05 10.0
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.
CVE-2006-4935 1 Moodle 1 Moodle 2008-09-05 10.0
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
CVE-2005-0116 1 Awstats 1 Awstats 2008-09-05 7.5
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
CVE-2002-2421 1 Andrey Cherezov 1 Acweb 2008-09-05 7.8
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
CVE-2002-2420 1 Independent Solution 2 Super Site Searcher, Simple Site Searcher 2008-09-05 7.5
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
CVE-2002-2371 1 Linksys 1 Wet11 2008-09-05 7.8
Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.
CVE-2002-2365 1 Springer Verlag Berlin Heidelberg 1 Simple Wais 2008-09-05 10.0
Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.