| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-3607 | 9.3 |
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that tri
|
13-02-2023 - 02:20 | 21-10-2009 - 17:30 | |
| CVE-2014-0193 | 5.0 |
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a
|
13-02-2023 - 00:36 | 06-05-2014 - 14:55 | |
| CVE-2019-1636 | 9.3 |
A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows
|
09-10-2019 - 23:47 | 23-01-2019 - 22:29 | |
| CVE-2016-9493 | 4.3 |
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does n
|
09-10-2019 - 23:20 | 13-07-2018 - 20:29 | |
| CVE-2016-9492 | 7.5 |
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions.
|
09-10-2019 - 23:20 | 13-07-2018 - 20:29 | |
| CVE-2003-0073 | 5.0 |
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
|
07-10-2019 - 16:41 | 19-02-2003 - 05:00 | |
| CVE-2006-0872 | 5.0 |
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.
|
20-07-2017 - 01:30 | 24-02-2006 - 11:02 | |
| CVE-2006-0873 | 5.0 |
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.
|
20-07-2017 - 01:30 | 24-02-2006 - 11:02 | |
| CVE-2014-0764 | 7.5 |
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter.
|
09-07-2015 - 16:11 | 12-04-2014 - 04:37 | |
| CVE-2014-1649 | 7.9 |
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
|
24-07-2014 - 04:58 | 16-05-2014 - 11:12 | |
| CVE-2014-3127 | 7.1 |
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory
|
05-06-2014 - 04:31 | 14-05-2014 - 00:55 | |
| CVE-2014-2558 | 6.5 |
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the cr
|
07-05-2014 - 13:23 | 06-05-2014 - 14:55 |