Total
246531 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1051 | 1 Chaozz | 1 Fubarforum | 2023-12-10 | 5.0 MEDIUM | N/A |
FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv. | |||||
CVE-2008-1362 | 1 Vmware | 6 Ace, Player, Server and 3 more | 2023-12-10 | 7.2 HIGH | N/A |
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361. | |||||
CVE-2008-6685 | 2 Thomas Waggershauser, Typo3 | 2 Air Filemanager, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
CVE-2009-1577 | 1 Cscope | 1 Cscope | 2023-12-10 | 9.3 HIGH | N/A |
Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file. | |||||
CVE-2008-2453 | 1 Phpclassifiedsscript | 1 Php Classifieds Script | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php. | |||||
CVE-2008-6896 | 1 3cx | 1 Phone System | 2023-12-10 | 5.0 MEDIUM | N/A |
login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path. | |||||
CVE-2008-2786 | 1 Mozilla | 1 Firefox | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes. | |||||
CVE-2008-5294 | 1 Bdigital Web Solutions | 1 Webstudio Ecatalogue | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | |||||
CVE-2009-0166 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. | |||||
CVE-2008-6404 | 1 Extrosoft | 1 Thyme | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | |||||
CVE-2009-0317 | 1 Gnome | 1 Nautilus-python | 2023-12-10 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
CVE-2009-2164 | 1 Kjtechforce | 1 Mailman | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php. | |||||
CVE-2008-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 1.9 LOW | N/A |
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | |||||
CVE-2009-3355 | 1 Datetopia | 1 Buy Dating Site | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter. | |||||
CVE-2009-0264 | 1 Fujitsu | 1 Systemcastwizard Lite | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors. | |||||
CVE-2008-6520 | 1 Imatix | 1 Xitami | 2023-12-10 | 10.0 HIGH | N/A |
Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. | |||||
CVE-2008-4876 | 1 Philips Electronics | 1 Voip841 Dect Phone | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page. | |||||
CVE-2009-2353 | 1 Eaccelerator | 1 Eaccelerator | 2023-12-10 | 6.8 MEDIUM | N/A |
encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files. | |||||
CVE-2009-0554 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | |||||
CVE-2009-1597 | 2 Adobe, Mozilla | 2 Acrobat Reader, Firefox | 2023-12-10 | 9.3 HIGH | N/A |
Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." |