Total
248456 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4871 | 1 My Little Forum | 1 My Little Forum | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags. | |||||
CVE-2009-1096 | 1 Sun | 2 Jdk, Jre | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | |||||
CVE-2009-2666 | 1 Fetchmail | 1 Fetchmail | 2023-12-10 | 6.4 MEDIUM | N/A |
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
CVE-2008-6460 | 2 Mirko Werner, Typo3 | 2 Mw Random Objects, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-5043 | 1 Ibm | 1 Metrica Service Assurance Framework | 2023-12-10 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (1) the elementid parameter in a generatedreportresults action to the ReportTree program, (2) the jnlpname parameter to the Launch program, or (3) the :tasklabel parameter to the ReportRequest program, related to the name of a report. | |||||
CVE-2009-1521 | 1 Ibm | 2 Tivoli Storage Manager Client, Tivoli Storage Manager Express | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors. | |||||
CVE-2009-1870 | 1 Adobe | 3 Air, Flash Player, Flex | 2023-12-10 | 4.9 MEDIUM | N/A |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." | |||||
CVE-2009-1658 | 1 Realtywebware | 1 Realty Web-base | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-4340 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. | |||||
CVE-2008-7118 | 1 Webidsupport | 1 Webid | 2023-12-10 | 5.0 MEDIUM | N/A |
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log. | |||||
CVE-2008-7166 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364. | |||||
CVE-2008-4620 | 1 Mrbs | 1 Mrbs | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php. | |||||
CVE-2009-2885 | 1 Phpscriptsnow | 1 World\'s Tallest Buildings | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||||
CVE-2008-4070 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." | |||||
CVE-2008-2030 | 1 F5 | 2 Firepass 4100, Firepass Ssl Vpn | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-3298 | 1 Mahara | 1 Mahara | 2023-12-10 | 6.5 MEDIUM | N/A |
Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors. | |||||
CVE-2008-3134 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file. | |||||
CVE-2008-4012 | 1 Oracle | 1 Weblogic Workshop | 2023-12-10 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite WLW 8.1SP5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI pageflows." | |||||
CVE-2008-6284 | 1 1scripts | 1 Z1exchange | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter. | |||||
CVE-2008-6588 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2023-12-10 | 10.0 HIGH | N/A |
Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. |