Vulnerabilities (CVE)

Total 239404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1698 1 Apple 3 Iphone Os, Ipod Touch, Safari 2023-12-10 9.3 HIGH N/A
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVE-2009-0743 1 Cisco 1 Unified Meetingplace 2023-12-10 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.
CVE-2008-6215 1 Bookingcentre 1 Booking System For Hotels Group 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.
CVE-2009-1764 1 Bokecc 1 Maxcms 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
CVE-2009-1535 1 Microsoft 3 Internet Information Services, Windows Server 2003, Windows Xp 2023-12-10 7.5 HIGH N/A
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
CVE-2008-6542 1 Dotnetnuke 1 Dotnetnuke 2023-12-10 4.6 MEDIUM N/A
Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.
CVE-2008-3948 1 Xrms 1 Xrms Crm 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.
CVE-2008-5685 1 Sun 3 Netra, Scapp, Sun Fire 2023-12-10 10.0 HIGH N/A
Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets.
CVE-2008-4455 1 Mysql Quick Admin 1 Mysql Quick Admin 2023-12-10 6.8 MEDIUM N/A
Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie.
CVE-2008-6796 1 Preprojects 1 Pre Real Estate Listings 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
CVE-2009-1166 1 Cisco 1 Catalyst 2023-12-10 7.8 HIGH N/A
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708.
CVE-2008-3590 1 Egi Zaberl 1 E.z. Poll 2023-12-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2515 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2023-12-10 7.2 HIGH N/A
Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
CVE-2009-2906 2 Canonical, Samba 2 Ubuntu Linux, Samba 2023-12-10 4.0 MEDIUM N/A
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
CVE-2008-4564 3 Autonomy, Ibm, Symantec 10 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 7 more 2023-12-10 9.3 HIGH N/A
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.
CVE-2009-2912 1 Sun 2 Opensolaris, Solaris 2023-12-10 4.9 MEDIUM N/A
The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.
CVE-2009-0224 1 Microsoft 7 Compatibility Pack Word Excel Powerpoint, Office Compatibility Pack For Word Excel Ppt 2007, Office Powerpoint and 4 more 2023-12-10 9.3 HIGH N/A
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include ChartBuild containers, which triggers memory corruption, aka "Memory Corruption Vulnerability."
CVE-2008-6617 1 Sitexs Cms 1 Sitexs Cms 2023-12-10 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
CVE-2008-2618 1 Oracle 3 Jd Edwards Enterpriseone, Peoplesoft Enterprise, Peoplesoft Peopletools Component 2023-12-10 6.5 MEDIUM N/A
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622.
CVE-2008-6566 1 Octopussy 1 Octopussy 2023-12-10 10.0 HIGH N/A
Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.