Total
246433 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3377 | 1 Mozilla | 1 Firefox | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2008-6171 | 1 Drupal | 1 Drupal | 2023-12-10 | 9.3 HIGH | N/A |
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||||
CVE-2008-6006 | 1 Minbank | 1 Micronation Banking System | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/. | |||||
CVE-2008-2690 | 1 Browsercrm | 1 Browsercrm | 2023-12-10 | 9.3 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-4359 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2023-12-10 | 7.5 HIGH | N/A |
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. | |||||
CVE-2009-1417 | 1 Gnu | 1 Gnutls | 2023-12-10 | 5.0 MEDIUM | N/A |
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. | |||||
CVE-2008-2227 | 1 Php-fusion | 1 Forum Rank System | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-3322 | 1 Maian | 1 Recipe | 2023-12-10 | 7.5 HIGH | N/A |
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. | |||||
CVE-2008-3644 | 1 Apple | 1 Safari | 2023-12-10 | 1.9 LOW | N/A |
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. | |||||
CVE-2008-2458 | 1 4shared | 1 Starsgames Control Panel | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter. | |||||
CVE-2008-6251 | 1 Scripts | 1 Phpfan | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | |||||
CVE-2009-0599 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. | |||||
CVE-2008-5825 | 1 Nokia | 1 6131 Nfc | 2023-12-10 | 2.6 LOW | N/A |
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone. | |||||
CVE-2008-6717 | 1 Uochm | 1 Signup | 2023-12-10 | 7.5 HIGH | N/A |
U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php. | |||||
CVE-2008-3187 | 1 Opensuse | 1 Zypper | 2023-12-10 | 5.0 MEDIUM | N/A |
zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key. | |||||
CVE-2008-3150 | 1 Neutrino-cms | 1 Atomic Edition | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php. | |||||
CVE-2008-6464 | 1 Mevin | 1 Basic-php-events-lister | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-5181 | 1 Microsoft | 1 Office Communicator | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. | |||||
CVE-2008-5769 | 1 Kerio | 1 Kerio Mailserver | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-2366 | 1 Datachecknh | 2 Forumpal, Forumpal Fe | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information. |