Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7801 total CVE
CVE Vendors Products Updated CVSS
CVE-2007-5168 1 Clanlite 1 Clanlite 2008-11-15 6.8
Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01.2005 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules/serveur_jeux.php or (2) conf/conf-php.php. NOTE: vector 1 is...
CVE-2007-5035 1 Openengine 1 Openengine 2008-11-15 7.5
** DISPUTED ** PHP remote file inclusion vulnerability in html/modules/extranet_profile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the this_module_path parameter. NOTE: this issue is...
CVE-2007-4761 1 Matteo 1 Barbo91 2008-11-15 7.5
Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2008-4927 1 Microsoft 1 Windows Media Player 2008-11-05 4.3
Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this...
CVE-2008-4930 1 Mybb 1 Mybb 2008-11-05 5.0
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content...
CVE-2008-4404 1 Ibm 1 Zseries 2008-10-03 10.0
The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private...
CVE-2000-0380 1 Cisco 1 Ios 2008-09-10 7.1
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
CVE-2008-1062 1 Intervideo 1 Windvd Media Center 2008-09-05 5.0
InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with...
CVE-2007-5556 1 Avaya 1 Voip Handset 2008-09-05 7.8
Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However,...
CVE-2007-5226 1 Dircproxy 1 Dircproxy 2008-09-05 5.0
irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message...
CVE-2007-4635 1 Yahoo 1 Messenger 2008-09-05 5.0
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related...
CVE-2006-6971 1 Mozilla 1 Firefox 2008-09-05 5.0
Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer,...
CVE-2006-4936 1 Moodle 1 Moodle 2008-09-05 10.0
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.
CVE-2006-4935 1 Moodle 1 Moodle 2008-09-05 10.0
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
CVE-2005-4846 1 Spey 1 Spey 2008-09-05 4.3
Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call.
CVE-2005-1330 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-05 4.9
AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception.
CVE-2005-0116 1 Awstats 1 Awstats 2008-09-05 7.5
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
CVE-2004-1777 1 Skype Technologies 1 Skype 2008-09-05 5.0
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
CVE-2003-1538 1 Suse 3 Suse Linux, Office Server, Suse Linux Openexchange Server 2008-09-05 6.4
susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.
CVE-2003-1485 1 Clearswift 1 Mailsweeper 2008-09-05 5.0
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."