CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2008/06/04 8:32 p.m.•7 views

CVE-2008-1109

Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view aka the Calendars window...

7.7AI score

Exploits0References21

FreeBSD•added 2008/06/03 12:0 a.m.•29 views

Bugzilla -- Directory Traversal in importxml.pl

A Bugzilla Security Advisory reports: When importing bugs using importxml.pl, the --attachpath option can be specified, pointing to the directory where attachments to import are stored. If the XML file being read by importxml.pl contains a malicious ../relativepath/to/localfile node, the script...

7.1CVSS6.1AI score0.10546EPSS

Exploits1References1

Japan Vulnerability Notes•added 2008/05/20 3:0 p.m.•1 views

Kiri directory traversal vulnerability

Overview Database software Kiri contains a directory traversal vulnerability in its email analysis command. Impact If the email analysis command processes an email with an attachment with a particular file name, the attachment may be written to an unintended location. Solution None...

2.6CVSS7AI score

Exploits0References2

Japan Vulnerability Notes•added 2008/05/20 3:0 p.m.•3 views

IP Messenger for Win Filename Buffer Overflow Vulnerability

Overview IP Messenger for Win suffers buffer overflow when the user saves an attached file with a long name sent with the message. Impact An attacker could execute arbitrary code with the privileges of the user running IP Messenger. Solution Please refer to the 'Vendor Information' section for...

10CVSS8AI score0.05634EPSS

Exploits0References5

Symantec•added 2008/05/13 12:0 a.m.•14 views

Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability

Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

Symantec•added 2008/05/13 12:0 a.m.•10 views

Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in...

Exploits0Affected Software5

NVD•added 2008/03/18 11:44 p.m.•22 views

CVE-2008-1000

Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 aka Leopard allows remote authenticated users to write arbitrary files via ".." sequences in file attachments...

8.5CVSS5.8AI score0.03978EPSS

Exploits3References9

Cvelist•added 2008/03/18 11:0 p.m.•28 views

CVE-2008-1000

8.2AI score0.03978EPSS

Exploits3References9

Symantec•added 2008/03/11 12:0 a.m.•22 views

Microsoft Office File Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

8AI score

Symantec•added 2008/02/12 12:0 a.m.•21 views

Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability

Description Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successfully exploiting this issue would allow the...

Exploits0References1Affected Software3

Symantec•added 2008/02/12 12:0 a.m.•13 views

Microsoft Publisher Memory Index Code Execution Vulnerability

Symantec•added 2008/02/12 12:0 a.m.•12 views

Microsoft Publisher Invalid Memory Reference Remote Code Execution Vulnerability

OpenVAS•added 2008/01/17 12:0 a.m.•23 views

Debian Security Advisory DSA 1232-1 (clamav)

The remote host is missing an update to clamav announced via advisory DSA 1232-1. Stephen Gran discovered that malformed base64-encoded MIME attachments can lead to denial of service through a null pointer dereference. OpenVAS Vulnerability Test $Id: deb12321.nasl 6616 2017-07-07 12:10:49Z cfisch...

5CVSS9.2AI score0.01476EPSS

OpenVAS•added 2008/01/17 12:0 a.m.•13 views

Debian: Security Advisory (DSA-1232-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.7AI score0.01476EPSS

Exploits0References3

seebug.org•added 2007/12/26 12:0 a.m.•18 views

MailMachine Pro 2.2.4 Remote SQL Injection Vulnerability

No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / &nb...

7.1AI score

exploitpack•added 2007/12/25 12:0 a.m.•12 views

MailMachine Pro 2.2.4 - SQL Injection

MailMachine Pro 2.2.4 - SQL Injection --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

0.6AI score