Vulnerabilities (CVE)

Total 254219 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6272 1 Miticdjd 1 Apoll 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter.
CVE-2008-4403 1 Trend Micro 1 Officescan 2023-12-10 5.0 MEDIUM N/A
The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism."
CVE-2009-0772 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2023-12-10 9.3 HIGH N/A
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
CVE-2008-2304 1 Apple 1 Core Image Fun House 2023-12-10 6.8 MEDIUM N/A
Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains many characters.
CVE-2008-6530 1 Ezonescripts 1 Living Local 2023-12-10 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.
CVE-2009-2823 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 4.3 MEDIUM N/A
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
CVE-2008-6692 2 Fr.simon Rundell, Typo3 2 Pd Trainingcourses, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-0757 1 Mpfr 1 Gnu Mpfr 2023-12-10 7.5 HIGH N/A
Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions.
CVE-2008-4228 1 Apple 2 Iphone Os, Ipod Touch 2023-12-10 3.6 LOW N/A
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.
CVE-2008-7115 1 Belkin 2 F5d7632-4, Wireless G Router 2023-12-10 10.0 HIGH N/A
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244.
CVE-2007-6717 1 Ibm 1 Aix 2023-12-10 7.2 HIGH N/A
Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.
CVE-2008-1540 2 Joomla, Mambo 2 Datsogallery, Datsogallery 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1477 1 Jcorporate 1 Eforum 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in busca.php in eForum 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) busca and (2) link parameters.
CVE-2008-2417 1 How2asp 1 Webboard 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter.
CVE-2009-1230 1 Podcast Generator 1 Podcast Generator 2023-12-10 6.5 MEDIUM N/A
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
CVE-2008-6282 1 Ortus.nirn 1 Cms Ortus 2023-12-10 6.5 MEDIUM N/A
SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php.
CVE-2008-0999 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 7.1 HIGH N/A
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.
CVE-2008-6597 1 Phpcredo 1 Phcdownload 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2650 1 Sorcerersoftware 1 Multimedia Jukebox 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.
CVE-2008-3800 1 Cisco 3 Ios, Unified Callmanager, Unified Communications Manager 2023-12-10 7.1 HIGH N/A
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.