| Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-0013 | 5.0 |
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) requ
|
26-01-2024 - 17:47 | 09-01-2010 - 18:30 | |
| CVE-2007-3278 | 6.9 |
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host param
|
24-02-2023 - 15:35 | 19-06-2007 - 21:30 | |
| CVE-2007-6439 | 6.1 |
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Fir
|
13-02-2023 - 02:18 | 19-12-2007 - 22:46 | |
| CVE-2005-3883 | 5.0 |
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
|
30-10-2018 - 16:25 | 29-11-2005 - 11:03 | |
| CVE-2007-5034 | 4.3 |
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by
|
15-10-2018 - 21:40 | 21-09-2007 - 20:17 | |
| CVE-2005-0400 | 2.1 |
The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
|
03-10-2018 - 21:29 | 02-05-2005 - 04:00 | |
| CVE-2005-1154 | 7.5 |
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site sc
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
| CVE-2004-0521 | 10.0 |
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
| CVE-2004-0883 | 6.4 |
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requ
|
11-10-2017 - 01:29 | 10-01-2005 - 05:00 | |
| CVE-2008-1943 | 2.1 |
Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer. Poss
|
29-09-2017 - 01:30 | 14-05-2008 - 18:20 | |
| CVE-2008-1109 | 9.3 |
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Cale
|
29-09-2017 - 01:30 | 04-06-2008 - 20:32 |