Vulnerabilities (CVE)

Total 243269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1806 1 Ibm 1 Hardware Management Console 2023-12-10 9.3 HIGH N/A
Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual I/O Server (VIOS) partitions. NOTE: some of these details are obtained from third party information.
CVE-2009-0312 1 Moinmoin 1 Moinmoin 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.
CVE-2008-5652 1 Myiosoft 1 Easybookmarker 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3499 1 Bpowerhouse 1 Bplawyercasedocuments 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-5590 1 Kalptaru Infotech 1 Product Sale Framework 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
CVE-2009-0527 1 Adaptcms 1 Adaptcms 2023-12-10 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
CVE-2008-3459 1 Openvpn 1 Openvpn 2023-12-10 7.6 HIGH N/A
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.
CVE-2008-5142 1 Freebsd 1 Freebsd-sendpr 2023-12-10 6.9 MEDIUM N/A
sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file.
CVE-2008-5249 1 Mediawiki 1 Mediawiki 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6138 1 Webbiscuits 1 Modules Controller 2023-12-10 7.5 HIGH N/A
PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
CVE-2008-0311 1 Borland 1 Caliberrm 2023-12-10 9.3 HIGH N/A
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.
CVE-2008-4793 1 Drupal 1 Drupal 2023-12-10 7.5 HIGH N/A
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.
CVE-2009-0085 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2023-12-10 7.1 HIGH N/A
The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
CVE-2008-5410 1 Sun 1 Solaris 2023-12-10 7.8 HIGH N/A
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.
CVE-2008-7020 1 Mcafee 1 Safeboot Device Encryption 2023-12-10 2.1 LOW N/A
McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
CVE-2009-4146 1 Freebsd 1 Freebsd 2023-12-10 7.2 HIGH N/A
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.
CVE-2008-1025 1 Apple 2 Safari, Webkit 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.
CVE-2008-6675 1 Quickersite 1 Quickersite 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp.
CVE-2009-2338 1 Freewebshop 1 Freewebshop 2023-12-10 6.8 MEDIUM N/A
Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter.
CVE-2008-1829 1 Oracle 2 Enterpriseone, Peoplesoft Enterprise 2023-12-10 9.0 HIGH N/A
Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02.