Vulnerabilities (CVE)

Total 243345 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-7129 1 Xyssl 1 Xyssl 2023-12-10 5.0 MEDIUM N/A
XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification.
CVE-2008-6578 1 Nortel 1 Cs1000 2023-12-10 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.
CVE-2009-1459 1 Razorcms 1 Razorcms 2023-12-10 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.
CVE-2008-6734 1 Keller Web Admin 1 Kwa 2023-12-10 9.3 HIGH N/A
Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
CVE-2008-2590 1 Oracle 3 Database Server, Enterprise Manager 10g, Instance Management Component 2023-12-10 3.5 LOW N/A
Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors.
CVE-2008-2003 1 Badblue 1 Badblue 2023-12-10 7.5 HIGH N/A
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378.
CVE-2009-3199 1 Uebimiau 1 Uebimiau 2023-12-10 5.0 MEDIUM N/A
Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf.
CVE-2008-3365 2 Microsoft, Pixelpost 7 Windows, Windows-nt, Windows 2000 and 4 more 2023-12-10 6.8 MEDIUM N/A
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
CVE-2009-3212 1 Dimofinf 1 Infinity Script 2023-12-10 6.8 MEDIUM N/A
SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field.
CVE-2009-4250 2 Cutephp, Korn19 2 Cutenews, Utf-8 Cutenews 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled.
CVE-2002-2428 1 Goahead 1 Goahead Webserver 2023-12-10 5.0 MEDIUM N/A
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.
CVE-2009-0941 1 Hp 154 8100c Digital Sender, 9100c Digital Sender, 9200c Digital Sender and 151 more 2023-12-10 7.6 HIGH N/A
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.
CVE-2008-6914 1 Zeeways 1 Zeeproperty 2023-12-10 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/.
CVE-2009-2295 1 Jun Furuse 1 Camlimages 2023-12-10 7.5 HIGH N/A
Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.
CVE-2008-5007 1 Lazarus 1 Lazarus 2023-12-10 6.9 MEDIUM N/A
create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.
CVE-2008-3385 1 Linuxwebshop 1 Php Help Agent 2023-12-10 6.8 MEDIUM N/A
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2009-1090 1 Rapidleech 1 Rapidleech 2023-12-10 6.8 MEDIUM N/A
Directory traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uploaded parameter.
CVE-2009-3648 2 Apsivam, Drupal 2 Service Links, Drupal 2023-12-10 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names.
CVE-2008-4935 1 Amiga 1 Aview 2023-12-10 6.9 MEDIUM N/A
asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.
CVE-2008-5789 2 Joomla, Recly 2 Joomla, Interactive Feederator 2023-12-10 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.