Total
248483 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-7188 | 1 Clip-share | 1 Clipshare | 2023-12-10 | 7.5 HIGH | N/A |
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php. | |||||
CVE-2008-1384 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions). | |||||
CVE-2009-3254 | 1 Ultimatevideosite | 1 Ultimate Player | 2023-12-10 | 9.3 HIGH | N/A |
Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file. | |||||
CVE-2008-1971 | 1 Phphq | 1 Phshoutbox Final | 2023-12-10 | 7.5 HIGH | N/A |
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php. | |||||
CVE-2008-3938 | 1 Opendb | 1 Opendb | 2023-12-10 | 5.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action. | |||||
CVE-2008-0051 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.9 MEDIUM | N/A |
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | |||||
CVE-2009-0819 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 4.0 MEDIUM | N/A |
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. | |||||
CVE-2009-4087 | 1 Telepark | 1 Telepark.wiki | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
CVE-2008-2280 | 1 Scriptphp | 1 Picengine | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin/index.php in Script PHP PicEngine 1.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-5938 | 1 Modxcms | 1 Modxcms | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter. | |||||
CVE-2008-4268 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2023-12-10 | 8.5 HIGH | N/A |
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." | |||||
CVE-2008-3827 | 1 Mplayer | 1 Mplayer | 2023-12-10 | 9.3 HIGH | N/A |
Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. | |||||
CVE-2008-2238 | 1 Openoffice | 1 Openoffice.org | 2023-12-10 | 9.3 HIGH | N/A |
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow. | |||||
CVE-2008-5627 | 1 Activewebsoftwares | 1 Active Trade | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-3464 | 1 Adobe | 1 Shockwave Player | 2023-12-10 | 9.3 HIGH | N/A |
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-0878 | 1 Wesnoth | 1 Wesnoth | 2023-12-10 | 5.0 MEDIUM | N/A |
The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height. | |||||
CVE-2009-2439 | 1 Web Development House | 1 Alibaba Clone | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group. | |||||
CVE-2008-0060 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | |||||
CVE-2008-1512 | 1 Phpbb | 1 Module Xs | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-3731 | 3 Microsoft, Vmware, Webworks | 11 Windows, Esx Server, Lab Manager and 8 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. |