Total
248593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1291 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2023-12-10 | 4.3 MEDIUM | N/A |
| ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | |||||
| CVE-2008-1382 | 1 Libpng | 1 Libpng | 2023-12-10 | 7.5 HIGH | N/A |
| libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. | |||||
| CVE-2009-2498 | 1 Microsoft | 8 Media Foundation Sdk, Windows 2000, Windows Media Format Runtime and 5 more | 2023-12-10 | 9.3 HIGH | N/A |
| Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." | |||||
| CVE-2009-2040 | 1 Grestul | 1 Grestul | 2023-12-10 | 7.5 HIGH | N/A |
| admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request. | |||||
| CVE-2008-6041 | 1 Dataspade | 1 Dataspade | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (4) FilterField parameters. | |||||
| CVE-2008-3876 | 1 Apple | 1 Iphone | 2023-12-10 | 1.9 LOW | N/A |
| Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. | |||||
| CVE-2008-4766 | 1 O2php | 1 Oxygen Bulletin Board | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2263 | 1 Awesomephp | 1 Mega File Manager | 2023-12-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-2719 | 1 Nasm | 1 Netwide Assembler | 2023-12-10 | 6.8 MEDIUM | N/A |
| Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow. | |||||
| CVE-2008-1547 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. | |||||
| CVE-2008-7188 | 1 Clip-share | 1 Clipshare | 2023-12-10 | 7.5 HIGH | N/A |
| ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php. | |||||
| CVE-2008-1384 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
| Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions). | |||||
| CVE-2009-3254 | 1 Ultimatevideosite | 1 Ultimate Player | 2023-12-10 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file. | |||||
| CVE-2008-1971 | 1 Phphq | 1 Phshoutbox Final | 2023-12-10 | 7.5 HIGH | N/A |
| phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php. | |||||
| CVE-2008-3938 | 1 Opendb | 1 Opendb | 2023-12-10 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action. | |||||
| CVE-2008-0051 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.9 MEDIUM | N/A |
| Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | |||||
| CVE-2009-0819 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 4.0 MEDIUM | N/A |
| sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. | |||||
| CVE-2009-4087 | 1 Telepark | 1 Telepark.wiki | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2008-2280 | 1 Scriptphp | 1 Picengine | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php in Script PHP PicEngine 1.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5938 | 1 Modxcms | 1 Modxcms | 2023-12-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter. | |||||