Total
18193 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-2369 | 1 Redhat | 2 Network Satellite, Satellite | 2024-11-21 | 9.1 Critical |
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | ||||
CVE-2008-2108 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 9.8 Critical |
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. | ||||
CVE-2008-1160 | 1 Zyxel | 2 Zywall 1050, Zywall 1050 Firmware | 2024-11-21 | 9.8 Critical |
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | ||||
CVE-2008-0961 | 1 Emc | 1 Diskxtender | 2024-11-21 | 9.8 Critical |
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | ||||
CVE-2008-0599 | 4 Apple, Canonical, Fedoraproject and 1 more | 5 Mac Os X, Mac Os X Server, Ubuntu Linux and 2 more | 2024-11-21 | 9.8 Critical |
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | ||||
CVE-2008-0174 | 1 Ge | 1 Proficy Real-time Information Portal | 2024-11-21 | 9.8 Critical |
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | ||||
CVE-2008-0081 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2024-11-21 | 9.8 Critical |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. | ||||
CVE-2008-0062 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 9.8 Critical |
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | ||||
CVE-2007-6745 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | 9.8 Critical |
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | ||||
CVE-2007-6013 | 2 Fedoraproject, Wordpress | 2 Fedora, Wordpress | 2024-11-21 | 9.8 Critical |
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. | ||||
CVE-2007-5199 | 1 X | 1 Libxfont | 2024-11-21 | 9.8 Critical |
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. | ||||
CVE-2007-4773 | 1 Systrace Project | 1 Systrace | 2024-11-21 | 9.8 Critical |
Systrace before 1.6.0 has insufficient escape policy enforcement. | ||||
CVE-2007-3915 | 1 Mandriva | 1 Mondo | 2024-11-21 | 9.1 Critical |
Mondo 2.24 has insecure handling of temporary files. | ||||
CVE-2007-3798 | 7 Apple, Canonical, Debian and 4 more | 8 Mac Os X, Mac Os X Server, Ubuntu Linux and 5 more | 2024-11-21 | 9.8 Critical |
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. | ||||
CVE-2007-2534 | 1 Phphoo3 | 1 Phphoo3 | 2024-11-21 | 9.8 Critical |
Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use | ||||
CVE-2007-0899 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | 9.8 Critical |
There is a possible heap overflow in libclamav/fsg.c before 0.100.0. | ||||
CVE-2007-0681 | 1 Extcalendar Project | 1 Extcalendar | 2024-11-21 | 9.8 Critical |
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. | ||||
CVE-2007-0158 | 1 Acme | 1 Thttpd | 2024-11-21 | 9.8 Critical |
thttpd 2007 has buffer underflow. | ||||
CVE-2006-7079 | 1 Exv2 | 1 Content Management System | 2024-11-21 | 9.8 Critical |
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable. | ||||
CVE-2006-4243 | 1 Linux-vserver | 1 Linux-vserver | 2024-11-21 | 9.8 Critical |
linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code. |