Total
246711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0470 | 1 Cisco | 1 Ios | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. | |||||
| CVE-2009-2627 | 1 Acer | 1 Lunchapp.aplunch | 2023-12-10 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121. | |||||
| CVE-2009-3219 | 1 The-ghost | 1 Ar Web Content Manager | 2023-12-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter. | |||||
| CVE-2008-4959 | 1 Gpsdrive | 1 Gpsdrive-scripts | 2023-12-10 | 6.9 MEDIUM | N/A |
| geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files. | |||||
| CVE-2008-2312 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 4.9 MEDIUM | N/A |
| Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2008-0535 | 2 Cisco, Icon-labs | 2 Service Control Engine, Iconfidant Ssh | 2023-12-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239. | |||||
| CVE-2009-1211 | 1 Bluecoat | 19 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 16 more | 2023-12-10 | 5.8 MEDIUM | N/A |
| Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | |||||
| CVE-2008-4358 | 1 Spaw Editor | 1 Spaw Php | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name. | |||||
| CVE-2008-1363 | 2 Microsoft, Vmware | 5 Windows, Ace, Player and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
| VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process." | |||||
| CVE-2008-2530 | 1 Quickupcms | 1 Quickupcms | 2023-12-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php. | |||||
| CVE-2009-1863 | 1 Adobe | 3 Air, Flash Player, Flex | 2023-12-10 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." | |||||
| CVE-2008-4610 | 1 Mplayer | 1 Mplayer | 2023-12-10 | 5.0 MEDIUM | N/A |
| MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718. | |||||
| CVE-2009-3449 | 1 Collectorz | 1 Mp3 Collector | 2023-12-10 | 4.3 MEDIUM | N/A |
| MP3 Collector 2.3 allows remote attackers to cause a denial of service (application crash) via a long URL in a .m3u playlist file. | |||||
| CVE-2009-2811 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature. | |||||
| CVE-2009-3908 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3608. Reason: This candidate is a duplicate of CVE-2009-3608. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2009-3608 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
| CVE-2009-2148 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1357 | 1 Sun | 1 Java System Delegated Administrator | 2023-12-10 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter. | |||||
| CVE-2008-5298 | 1 Karakas-online | 1 Chm2pdf | 2023-12-10 | 2.1 LOW | N/A |
| chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time. | |||||
| CVE-2008-1659 | 1 Hp | 2 Hp-ux, Ldap-ux | 2023-12-10 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors. | |||||
| CVE-2009-2555 | 1 Google | 2 Chrome, V8 | 2023-12-10 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression. | |||||