Total
210122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3935 | 1 D-ic | 2 Shop V50, Shop V52 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3937 | 1 Opendb | 1 Opendb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php. | |||||
| CVE-2008-3938 | 1 Opendb | 1 Opendb | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action. | |||||
| CVE-2008-3939 | 1 Avtech | 1 Pager Enterprise | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | |||||
| CVE-1999-1589 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors. | |||||
| CVE-2002-1432 | 1 Coxco Support | 7 A-cart, Metacart, Midicart Asp and 4 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. | |||||
| CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2008-09-05 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | |||||
| CVE-2002-2230 | 1 Ikonboard | 1 Ikonboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant of CVE-2002-0328. | |||||
| CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2008-09-05 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | |||||
| CVE-2004-2683 | 1 Intersystems | 1 Cache | 2008-09-05 | 2.1 LOW | N/A |
| Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server. | |||||
| CVE-2004-2684 | 1 Intersystems | 1 Cache Database | 2008-09-05 | 2.1 LOW | N/A |
| Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates. | |||||
| CVE-2004-2687 | 2 Apple, Samba | 2 Xcode, Samba | 2008-09-05 | 9.3 HIGH | N/A |
| distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | |||||
| CVE-2004-2700 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2008-09-05 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx. | |||||
| CVE-2004-2706 | 1 Phrozensmoke | 1 Gyach Enhanced | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages. | |||||
| CVE-2005-1812 | 1 Futuresoft | 1 Tftp Server 2000 | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet. | |||||
| CVE-2005-1813 | 1 Futuresoft | 1 Tftp Server 2000 | 2008-09-05 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2) "..\" (dot dot backslash) sequences. | |||||
| CVE-2005-4849 | 1 Apache | 1 Derby | 2008-09-05 | 5.0 MEDIUM | N/A |
| Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2006-6975 | 1 Centipaid | 1 Centipaid | 2008-09-05 | 5.1 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement. | |||||
| CVE-2006-7221 | 1 Fsp | 1 C Library | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes. | |||||
| CVE-2006-7229 | 1 Ubuntu | 1 Linux Kernel | 2008-09-05 | 7.8 HIGH | N/A |
| The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic. | |||||