CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7254 matches found

Prion•added 2008/06/05 8:32 p.m.•21 views

Memory corruption

The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote...

5CVSS7.2AI score0.03622EPSS

Exploits0References8Affected Software1

NVD•added 2008/06/05 8:32 p.m.•29 views

CVE-2008-2543

5CVSS6.6AI score0.03622EPSS

Exploits0References8

CVE•added 2008/06/05 8:21 p.m.•52 views

CVE-2008-2543

The CVE-2008-2543 issue affects the ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7. A remote attacker could crash the daemon by sending crafted TCP packets to a remotely accessible TCP port that was meant for localhost communication; the vulnera...

5CVSS6.6AI score0.03622EPSS

Exploits0References8Affected Software1

Cvelist•added 2008/06/05 8:21 p.m.•24 views

CVE-2008-2543

6.6AI score0.03622EPSS

Exploits0References8

Prion•added 2008/02/08 10:0 p.m.•19 views

Directory traversal

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing sessio...

4.3CVSS6.5AI score0.08633EPSS

Exploits0References67Affected Software3

NVD•added 2008/02/08 10:0 p.m.•19 views

CVE-2008-0418

4.3CVSS6.4AI score0.08633EPSS

Exploits0References67

CVE•added 2008/02/08 9:0 p.m.•119 views

CVE-2008-0418

CVE-2008-0418 is a directory-traversal flaw in Chrome URL handling that could allow remote attackers to read local files (Javascript, images, stylesheets) and potentially exfiltrate session data. Affected: Mozilla Firefox <= 2.0.0.11/12, Thunderbird <= 2.0.0.11/12, SeaMonkey

4.3CVSS6.5AI score0.08633EPSS

Exploits0References67Affected Software3

RedHat Linux•added 2008/02/08 2:24 a.m.•2 views

chrome: directory traversal

4.3CVSS7.5AI score0.08633EPSS

Exploits0References4

RedHat Linux•added 2008/02/08 2:13 a.m.•4 views

chrome: directory traversal

4.3CVSS7.5AI score0.08633EPSS

Exploits0References4

Tenable Nessus•added 2008/01/04 12:0 a.m.•26 views

Site@School slideshow_full.php album_name Parameter SQL Injection

The remote host is running Site@School, an open source, PHP-based, content management system intended for primary schools. The version of this software installed on the remote host fails to sanitize user-supplied input to the 'albumname' parameter of the 'starnet/addons/slideshowfull.php' script...

6.8CVSS5.6AI score0.00939EPSS

Exploits0References1

Cvelist•added 2007/11/23 8:0 p.m.•16 views

CVE-2007-6105

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 languagefile parameter to a comments-display-tpl.php and b addons/separate-comments-mod/my-comments-display-tpl.php and the 2 configcommentsformtpl paramete...

7.7AI score0.06719EPSS

Exploits0References11

Fedora•added 2007/11/13 12:5 a.m.•43 views

[SECURITY] Fedora 7 Update: kdeaddons-3.5.8-2.fc7

A collection of KDE Addons/Plugins, including: konq-plugins: akregator, babelfish, domtreeviewer, imagerotation, validat ors, webarchiver kate plugins kicker-applets: kbinaryclock, kolourpicker, ktimemon, mediacontrol knewsticker-scripts...

9.3CVSS5.2AI score0.0702EPSS

Exploits1

seebug.org•added 2007/10/18 12:0 a.m.•49 views

Asterisk cdr_addon_mysql插件SQL注入漏洞

CVECAN ID: CVE-2007-5488 Asterisk是开放源码的软件PBX，支持各种VoIP协议和设备。 Asterisk的cdraddonmysql模块实现上存在输入验证漏洞，远程攻击者可能利用此漏洞非授权操作数据库。 Asterisk的cdraddonmysql模块在插入记录时没有正确地转义指定呼叫的源和目标号码，发送给运行了该模块的Asterisk系统特制的目标号码可能导致SQL注入攻击。如果用户在使用实时数据的话，由于数据可能与插入呼叫记录处于同一数据库中，因此可能会导致各种数据破坏和失效等问题。 Asterisk Asterisk-Addons 1.4.x...

7.5CVSS6.4AI score0.02712EPSS

Exploits3

securityvulns•added 2007/10/18 12:0 a.m.•53 views

AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql

Asterisk Project Security Advisory - AST-2007-023 +------------------------------------------------------------------------+ | Product | Asterisk-Addons | |--------------------+---------------------------------------------------| | Summary | SQL Injection Vulnerability in cdraddonmysql |...

7.5CVSS7.5AI score0.02712EPSS

Exploits3

UbuntuCve•added 2007/10/17 11:17 p.m.•26 views

CVE-2007-5488

Multiple SQL injection vulnerabilities in cdraddonmysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the 1 source and 2 destination numbers, and probably 3 SIP URI, when inserting a record...

7.5CVSS6.1AI score0.02712EPSS

Exploits3References1

Prion•added 2007/10/17 11:17 p.m.•17 views

Sql injection

7.5CVSS9.1AI score0.02712EPSS

Exploits3References7Affected Software1

NVD•added 2007/10/17 11:17 p.m.•12 views

CVE-2007-5488

7.5CVSS8.4AI score0.02712EPSS

Exploits3References7

CVE•added 2007/10/17 11:0 p.m.•44 views

CVE-2007-5488

CVE-2007-5488 concerns the Asterisk-Addons cdr_addon_mysql module, where the cdr_addon_mysql component fails to escape the source and destination numbers (and possibly SIP URI) when inserting a record. This leads to SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQ...

7.5CVSS8.3AI score0.02712EPSS

Exploits3References7Affected Software1

Cvelist•added 2007/10/17 11:0 p.m.•17 views

CVE-2007-5488

8.4AI score0.02712EPSS

Exploits3References7

NVD•added 2007/09/11 7:17 p.m.•17 views

CVE-2007-4818

Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the docroot parameter to 1 addons/plugin.php, 2 addons/sidebar.php, 3 mail/index.php, or 4 mail/mailbox.php in modules/...

7.5CVSS7.7AI score0.55541EPSS

Exploits1References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by