Total
246720 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4804 | 2 Nukedgallery, Phpnuke | 2 Gallery, Php-nuke | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
CVE-2008-6278 | 1 Rakhisoftware | 1 Rakhisoftware Shopping Cart | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters. | |||||
CVE-2008-5502 | 2 Canonical, Mozilla | 3 Ubuntu Linux, Firefox, Seamonkey | 2023-12-10 | 5.0 MEDIUM | N/A |
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions. | |||||
CVE-2008-3427 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3420. Reason: This candidate is a duplicate of CVE-2008-3420. Notes: All CVE users should reference CVE-2008-3420 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2009-0569 | 1 Rimarts | 1 Becky\! Internet Mail | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request. | |||||
CVE-2008-2681 | 1 Realm Project | 1 Realm Cms | 2023-12-10 | 5.0 MEDIUM | N/A |
Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message. | |||||
CVE-2009-2362 | 1 Yukudr | 1 Audioplus | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file. | |||||
CVE-2009-1831 | 1 Nullsoft | 1 Winamp | 2023-12-10 | 9.3 HIGH | N/A |
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow. | |||||
CVE-2009-2363 | 1 Yukudr | 1 Audioplus | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitrary code via a .pls playlist file with a playlist entry containing a long File1 argument. | |||||
CVE-2008-3512 | 1 Php Nuke | 1 Kleinanzeigen Module | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php. | |||||
CVE-2008-1730 | 1 Arwscripts | 1 Gallery Script Lite | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter. | |||||
CVE-2007-0071 | 1 Adobe | 1 Flash Player | 2023-12-10 | 9.3 HIGH | N/A |
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. | |||||
CVE-2008-4331 | 1 Phpocs | 1 Phpocs | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php. | |||||
CVE-2009-4065 | 2 Drupal, Jeff Miccolis | 2 Drupal, Strongarm Module | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables. | |||||
CVE-2008-4488 | 1 Atarone | 1 Atarone | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-4345 | 1 Webportal | 1 Webportal Cms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter. | |||||
CVE-2009-1983 | 1 Oracle | 1 E-business Suite | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote attackers to affect integrity via unknown vectors. | |||||
CVE-2008-5266 | 2 Oracle, Sun | 2 Glassfish Server, Java System Application Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. | |||||
CVE-2008-2784 | 1 Spamdyke | 1 Spamdyke | 2023-12-10 | 6.4 MEDIUM | N/A |
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command. | |||||
CVE-2009-3718 | 1 Davethewebguy | 1 Battle Blog | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter. |