Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7801 total CVE
CVE Vendors Products Updated CVSS
CVE-2009-3305 1 Pps.jussieu 1 Polipo 2010-02-26 5.0
Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the...
CVE-2009-4137 1 Piwik 1 Piwik 2009-12-28 7.5
The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files...
CVE-2008-5248 1 Xine 1 Xine-lib 2009-11-24 4.3
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
CVE-2009-2835 1 Apple 2 Mac Os X, Mac Os X Server 2009-11-17 4.6
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
CVE-2009-3287 1 Macournoyer 1 Thin 2009-09-22 7.5
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.
CVE-2009-1371 1 Clamav 1 Clamav 2009-09-16 5.0
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.
CVE-2009-1272 1 Php 1 Php 2009-09-16 5.0
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled...
CVE-2007-6263 1 Netkit-ftp 1 Netkit Ftp 2009-09-15 9.3
The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon...
CVE-2009-2055 1 Cisco 1 Ios Xr 2009-08-21 4.3
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
CVE-2009-0137 1 Apple 1 Safari 2009-08-19 10.0
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input...
CVE-2008-6541 1 Dotnetnuke 1 Dotnetnuke 2009-08-19 6.8
Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.
CVE-2009-2622 1 Squid-cache 1 Squid 2009-08-12 5.0
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing...
CVE-2009-2583 1 Ibm 1 Tivoli Identity Manager 2009-08-04 6.8
Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.
CVE-2002-2428 1 Goahead 1 Goahead Webserver 2009-07-23 5.0
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.
CVE-2009-2386 1 Awingsoft 1 Awakening Winds3d Viewer Plugin 2009-07-13 9.3
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.
CVE-2009-1773 1 Activecollab 1 Activecollab 2009-05-24 5.0
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message.
CVE-2008-4388 1 Symantec 1 Appstream Client 2009-05-18 9.3
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr...
CVE-2009-1361 1 Gscripts 1 Dns Tools 2009-04-23 10.0
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1254 1 James Stone 1 Tunapie 2009-04-16 6.8
James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL.
CVE-2009-1149 1 Phpmyadmin 1 Phpmyadmin 2009-04-16 7.5
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and...