| Max CVSS | 10.0 | Min CVSS | 3.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-0087 | 8.8 |
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
|
14-02-2024 - 16:54 | 08-04-2008 - 23:05 | |
| CVE-2008-0077 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG e
|
03-02-2024 - 02:21 | 12-02-2008 - 23:00 | |
| CVE-2007-1887 | 7.5 |
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by ca
|
21-07-2022 - 15:12 | 06-04-2007 - 01:19 | |
| CVE-2008-3813 | 7.8 |
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.
|
02-06-2022 - 17:22 | 26-09-2008 - 16:21 | |
| CVE-2008-3812 | 7.1 |
Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
|
02-06-2022 - 17:20 | 26-09-2008 - 16:21 | |
| CVE-2008-2256 | 9.3 |
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uni
|
23-07-2021 - 15:04 | 13-08-2008 - 12:42 | |
| CVE-2004-0214 | 10.0 |
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long s
|
23-07-2021 - 15:03 | 03-11-2004 - 05:00 | |
| CVE-2003-1027 | 10.0 |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as de
|
23-07-2021 - 12:55 | 20-01-2004 - 05:00 | |
| CVE-2009-0550 | 9.3 |
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on
|
23-07-2021 - 12:19 | 15-04-2009 - 08:00 | |
| CVE-2004-0216 | 10.0 |
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when ca
|
23-07-2021 - 12:18 | 03-11-2004 - 05:00 | |
| CVE-2008-0074 | 7.2 |
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
|
05-02-2021 - 15:37 | 12-02-2008 - 21:00 | |
| CVE-2008-0075 | 10.0 |
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
|
23-11-2020 - 19:49 | 12-02-2008 - 21:00 | |
| CVE-2008-2247 | 4.3 |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.
|
09-04-2020 - 13:32 | 08-07-2008 - 23:41 | |
| CVE-2006-0032 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, w
|
30-04-2019 - 14:27 | 12-09-2006 - 23:07 | |
| CVE-2004-0901 | 10.0 |
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site,
|
30-04-2019 - 14:27 | 10-01-2005 - 05:00 | |
| CVE-2008-4036 | 7.2 |
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, r
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
| CVE-2008-1454 | 9.4 |
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the
|
26-02-2019 - 14:04 | 08-07-2008 - 23:41 | |
| CVE-2009-0143 | 4.3 |
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
|
08-11-2018 - 20:21 | 14-03-2009 - 18:30 | |
| CVE-2007-5671 | 4.4 |
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not
|
30-10-2018 - 16:26 | 05-06-2008 - 20:32 | |
| CVE-2008-0080 | 10.0 |
Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
|
30-10-2018 - 16:26 | 12-02-2008 - 23:00 | |
| CVE-2004-0790 | 5.0 |
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have
|
30-10-2018 - 16:26 | 12-04-2005 - 04:00 | |
| CVE-2008-0964 | 9.3 |
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
|
30-10-2018 - 16:25 | 08-08-2008 - 18:41 | |
| CVE-2004-1060 | 5.0 |
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment w
|
19-10-2018 - 15:30 | 12-04-2004 - 04:00 | |
| CVE-2006-3059 | 9.3 |
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
|
18-10-2018 - 16:45 | 17-06-2006 - 13:18 | |
| CVE-2006-4702 | 6.8 |
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. A
|
17-10-2018 - 21:39 | 13-12-2006 - 01:28 | |
| CVE-2007-0069 | 9.3 |
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that t
|
16-10-2018 - 16:31 | 08-01-2008 - 20:46 | |
| CVE-2008-0119 | 9.3 |
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corrupt
|
15-10-2018 - 21:57 | 13-05-2008 - 22:20 | |
| CVE-2007-5958 | 5.0 |
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
|
15-10-2018 - 21:47 | 18-01-2008 - 23:00 | |
| CVE-2007-5135 | 6.8 |
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue wa
|
15-10-2018 - 21:40 | 27-09-2007 - 20:17 | |
| CVE-2009-1131 | 9.3 |
Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Dat
|
12-10-2018 - 21:50 | 12-05-2009 - 22:30 | |
| CVE-2008-1090 | 9.3 |
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
|
12-10-2018 - 21:45 | 08-04-2008 - 23:05 | |
| CVE-2008-1088 | 9.3 |
Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
|
12-10-2018 - 21:45 | 08-04-2008 - 23:05 | |
| CVE-2008-0102 | 10.0 |
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
|
12-10-2018 - 21:44 | 12-02-2008 - 23:00 | |
| CVE-2007-1201 | 9.3 |
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components Data
|
12-10-2018 - 21:43 | 11-03-2008 - 23:44 | |
| CVE-2007-0065 | 10.0 |
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a c
|
12-10-2018 - 21:42 | 12-02-2008 - 23:00 | |
| CVE-2007-0216 | 9.3 |
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter
|
12-10-2018 - 21:42 | 12-02-2008 - 23:00 | |
| CVE-2006-3014 | 5.1 |
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens
|
12-10-2018 - 21:40 | 22-06-2006 - 00:06 | |
| CVE-2008-3869 | 10.0 |
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.
|
11-10-2018 - 20:50 | 26-05-2009 - 21:30 | |
| CVE-2009-1268 | 4.3 |
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
|
10-10-2018 - 19:35 | 13-04-2009 - 16:30 | |
| CVE-2009-1304 | 5.0 |
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
| CVE-2005-2841 | 7.5 |
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted u
|
11-10-2017 - 01:30 | 08-09-2005 - 10:03 | |
| CVE-2002-2270 | 3.6 |
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.
|
11-10-2017 - 01:29 | 31-12-2002 - 05:00 | |
| CVE-2001-1509 | 4.6 |
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
|
11-10-2017 - 01:29 | 31-12-2001 - 05:00 | |
| CVE-2008-2418 | 4.7 |
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
|
29-09-2017 - 01:31 | 23-05-2008 - 15:32 | |
| CVE-2008-1684 | 4.7 |
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
|
29-09-2017 - 01:30 | 06-04-2008 - 23:44 | |
| CVE-2008-1595 | 4.9 |
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information
|
29-09-2017 - 01:30 | 31-03-2008 - 23:44 |