Total
246711 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3824 | 1 Michael J Greenwood | 1 Php Content Manager | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter. | |||||
CVE-2009-2147 | 1 Phpwebthings | 1 Phpwebthings | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2009-1943 | 1 Safenet-inc | 2 Softremote, Softremote1.4 | 2023-12-10 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514. | |||||
CVE-2008-3784 | 2 Btitracker Project, Xbtitracker Project | 2 Btitracker, Xbtitracker | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. | |||||
CVE-2008-7247 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 6.0 MEDIUM | N/A |
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. | |||||
CVE-2008-3142 | 3 Canonical, Debian, Python | 3 Ubuntu Linux, Debian Linux, Python | 2023-12-10 | 7.5 HIGH | N/A |
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. | |||||
CVE-2007-2238 | 1 Microsoft | 1 Intelligent Application Gateway 2007 | 2023-12-10 | 9.3 HIGH | N/A |
Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. | |||||
CVE-2009-3878 | 2 Intevydis, Sun | 2 Vulndisco Pack, Java System Web Server | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2009-0491 | 1 Elecard | 1 Elecard Mpeg Player | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL. | |||||
CVE-2008-5669 | 1 Textpattern | 1 Textpattern | 2023-12-10 | 5.0 MEDIUM | N/A |
index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter. | |||||
CVE-2008-3998 | 1 Oracle | 1 E-business Suite | 2023-12-10 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
CVE-2009-3286 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.6 MEDIUM | N/A |
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. | |||||
CVE-2008-6923 | 1 Joomla | 2 Com Content, Joomla | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. | |||||
CVE-2009-0133 | 1 Microsoft | 1 Html Help Workshop | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564. | |||||
CVE-2008-1144 | 2 Marvell, Netgear | 2 88w8361w-bem1, Wn802t | 2023-12-10 | 6.3 MEDIUM | N/A |
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length." | |||||
CVE-2008-2120 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | |||||
CVE-2008-4968 | 1 Bitmover | 1 Lmbench | 2023-12-10 | 6.9 MEDIUM | N/A |
The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file. | |||||
CVE-2009-2200 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2023-12-10 | 7.1 HIGH | N/A |
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | |||||
CVE-2008-5132 | 1 Memht | 1 Memht Portal | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | |||||
CVE-2008-6511 | 1 Igniterealtime | 1 Openfire | 2023-12-10 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. |