Total
248456 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6897 | 1 Andres Garcia | 1 Getleft | 2023-12-10 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) "a" HTML tag; a long src attribute in (2) embed, (3) img, or (4) script tags; (5) a long background attribute in a body tag; and other unspecified tags. | |||||
| CVE-2009-4038 | 1 Nch | 1 Axon Virtual Pbx | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NCH Software Axon Virtual PBX 2.10 and 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) onok or (2) oncancel parameter to the logon program. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5339 | 1 Sun | 3 Jdk, Jre, Sdk | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. | |||||
| CVE-2009-3048 | 4 Conectiva, Freebsd, Opera and 1 more | 4 Linux, Freebsd, Opera Browser and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
| Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | |||||
| CVE-2008-6641 | 1 Aspindir | 1 Shader Tv | 2023-12-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp. | |||||
| CVE-2008-5712 | 1 Kde | 1 Konqueror | 2023-12-10 | 5.0 MEDIUM | N/A |
| The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514. | |||||
| CVE-2009-0540 | 1 Insightinformatics | 1 Libero | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field. | |||||
| CVE-2008-6784 | 1 Scripts-for-sites | 1 Ez Adult Directory | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2009-3660 | 1 Efrontlearning | 1 Efront | 2023-12-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | |||||
| CVE-2008-4579 | 1 Gentoo | 2 Cman, Fence | 2023-12-10 | 1.9 LOW | N/A |
| The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. | |||||
| CVE-2008-5763 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2023-12-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter. | |||||
| CVE-2008-1026 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-7185 | 1 Gnome | 1 Rhythmbox | 2023-12-10 | 4.3 MEDIUM | N/A |
| GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c. | |||||
| CVE-2008-6944 | 1 Scriptsfeed | 1 Auto Classifieds | 2023-12-10 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/. | |||||
| CVE-2008-4067 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2023-12-10 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. | |||||
| CVE-2008-3420 | 1 Willo | 1 Mobius Web Publishing Software | 2023-12-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php. | |||||
| CVE-2008-2608 | 1 Oracle | 2 Data Pump Component, Database Server | 2023-12-10 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote authenticated attack vectors related to SYS.KUPF$FILE_INT. | |||||
| CVE-2009-0885 | 1 Mediacommands | 1 Media Commands | 2023-12-10 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file. | |||||
| CVE-2008-6486 | 1 Shatm | 1 Sharedlog | 2023-12-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter. | |||||
| CVE-2008-3382 | 1 Mojoscripts | 1 Mojoclassifieds | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. | |||||