Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7054 total CVE
CVE Vendors Products Updated CVSS
CVE-2008-2172 1 Hitachi 3 Gr3000, Gr2000, Gr4000 2011-03-08 7.1
Unspecified vulnerability in Hitachi GR routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-2171 1 Alaxala 1 Ax Router 2011-03-08 7.1
Unspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-1805 1 Skype Technologies 1 Skype 2011-03-08 9.3
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension...
CVE-2008-1366 1 Trend Micro 1 Officescan Corporate Edition 2011-03-08 5.0
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length...
CVE-2008-0932 1 The Sword Project 2 Diatheke Front End, Sword 2011-03-08 7.5
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.
CVE-2008-0876 1 Hitachi 2 Sewb3 Mi-platform, Sewb3 Platform 2011-03-08 4.3
Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via "invalid data."
CVE-2008-0570 1 Drupal 1 Openid 2011-03-08 5.0
The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.
CVE-2008-0386 1 Gentoo 1 Xdg-utils 2011-03-08 6.8
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
CVE-2007-6433 1 Jboss 1 Seam 2011-03-08 7.5
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
CVE-2007-6371 1 Nokia 1 N95 2011-03-08 7.1
Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE...
CVE-2007-6146 1 Hitachi 1 Jp1 File Transmission Server 2011-03-08 5.0
Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command.
CVE-2007-6017 1 Symantec 1 Backup Exec For Windows Server 2011-03-08 5.1
The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method,...
CVE-2007-5810 1 Hitachi 14 Cosminexus Application Server Enterprise, Ucosminexus Application Server Standard, Ucosminexus Developer Standard and 11 more 2011-03-08 5.0
Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.
CVE-2007-5086 1 Kaspersky Lab 2 Kaspersky Internet Security, Kaspersky Anti-virus 2011-03-08 2.1
Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash)...
CVE-2007-4561 1 Realnetworks 1 Helix Dna Server 2011-03-08 10.0
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.
CVE-2007-4516 1 Symantec Veritas 1 Storage Foundation 2011-03-08 4.3
The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets.
CVE-2007-1426 1 Astrocam 1 Astrocam 2011-03-08 7.8
The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attackers to cause a denial of service (daemon shutdown) via requests that contain a large amount of data in the "a" variable, which "fills up the message queue."
CVE-2007-1136 1 Webmplayer 1 Webmplayer 2011-03-08 6.8
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source...
CVE-2006-6852 1 Tdiary 1 Tdiary 2011-03-08 6.0
Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. ...
CVE-2005-3467 1 Serv-u 1 Serv-u 2011-03-08 5.0
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory...