Total 18193 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-2369 1 Redhat 2 Network Satellite, Satellite 2024-11-21 9.1 Critical
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
CVE-2008-2108 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 9.8 Critical
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
CVE-2008-1160 1 Zyxel 2 Zywall 1050, Zywall 1050 Firmware 2024-11-21 9.8 Critical
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
CVE-2008-0961 1 Emc 1 Diskxtender 2024-11-21 9.8 Critical
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
CVE-2008-0599 4 Apple, Canonical, Fedoraproject and 1 more 5 Mac Os X, Mac Os X Server, Ubuntu Linux and 2 more 2024-11-21 9.8 Critical
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
CVE-2008-0174 1 Ge 1 Proficy Real-time Information Portal 2024-11-21 9.8 Critical
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
CVE-2008-0081 1 Microsoft 3 Excel, Excel Viewer, Office 2024-11-21 9.8 Critical
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
CVE-2008-0062 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 9.8 Critical
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
CVE-2007-6745 2 Clamav, Debian 2 Clamav, Debian Linux 2024-11-21 9.8 Critical
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.
CVE-2007-6013 2 Fedoraproject, Wordpress 2 Fedora, Wordpress 2024-11-21 9.8 Critical
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
CVE-2007-5199 1 X 1 Libxfont 2024-11-21 9.8 Critical
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
CVE-2007-4773 1 Systrace Project 1 Systrace 2024-11-21 9.8 Critical
Systrace before 1.6.0 has insufficient escape policy enforcement.
CVE-2007-3915 1 Mandriva 1 Mondo 2024-11-21 9.1 Critical
Mondo 2.24 has insecure handling of temporary files.
CVE-2007-3798 7 Apple, Canonical, Debian and 4 more 8 Mac Os X, Mac Os X Server, Ubuntu Linux and 5 more 2024-11-21 9.8 Critical
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
CVE-2007-2534 1 Phphoo3 1 Phphoo3 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use
CVE-2007-0899 2 Clamav, Debian 2 Clamav, Debian Linux 2024-11-21 9.8 Critical
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.
CVE-2007-0681 1 Extcalendar Project 1 Extcalendar 2024-11-21 9.8 Critical
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.
CVE-2007-0158 1 Acme 1 Thttpd 2024-11-21 9.8 Critical
thttpd 2007 has buffer underflow.
CVE-2006-7079 1 Exv2 1 Content Management System 2024-11-21 9.8 Critical
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.
CVE-2006-4243 1 Linux-vserver 1 Linux-vserver 2024-11-21 9.8 Critical
linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.