Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-18 | CVE-2007-3268 | Divide By Zero vulnerability in IBM Tivoli Provisioning Manager OS Deployment 5.1.0.2 The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error. | 7.5 |
| 2007-06-26 | CVE-2007-3409 | Uncontrolled Recursion vulnerability in multiple products Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. | 7.5 |
| 2007-06-22 | CVE-2007-3365 | Improper Handling of Case Sensitivity vulnerability in Myserverproject Myserver 0.8.9 MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI. | 7.5 |
| 2007-03-07 | CVE-2006-7142 | Use of Hard-coded Credentials vulnerability in Utimaco Safeguard 4.30 The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive. | 7.8 |
| 2007-03-06 | CVE-2007-1285 | Uncontrolled Recursion vulnerability in multiple products The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | 7.5 |
| 2007-02-16 | CVE-2007-0897 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | 7.5 |
| 2007-01-16 | CVE-2006-6767 | Reachable Assertion vulnerability in Time-Travellers Oftpd oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure. | 7.5 |
| 2006-12-21 | CVE-2006-6679 | Incorrect Authorization vulnerability in Chetcpasswd Project Chetcpasswd Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header. | 7.5 |
| 2006-11-07 | CVE-2006-5779 | Reachable Assertion vulnerability in multiple products OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | 7.5 |
| 2006-10-28 | CVE-2006-4574 | Reachable Assertion vulnerability in Wireshark 0.10.1/0.99.2/0.99.3 Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values. | 7.5 |