Total
250653 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1166 | 1 Cisco | 1 Catalyst | 2023-12-10 | 7.8 HIGH | N/A |
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708. | |||||
CVE-2008-3590 | 1 Egi Zaberl | 1 E.z. Poll | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-2515 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." | |||||
CVE-2009-2906 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2023-12-10 | 4.0 MEDIUM | N/A |
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. | |||||
CVE-2008-4564 | 3 Autonomy, Ibm, Symantec | 10 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 7 more | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file. | |||||
CVE-2009-2912 | 1 Sun | 2 Opensolaris, Solaris | 2023-12-10 | 4.9 MEDIUM | N/A |
The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls. | |||||
CVE-2009-0224 | 1 Microsoft | 7 Compatibility Pack Word Excel Powerpoint, Office Compatibility Pack For Word Excel Ppt 2007, Office Powerpoint and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include ChartBuild containers, which triggers memory corruption, aka "Memory Corruption Vulnerability." | |||||
CVE-2008-6617 | 1 Sitexs Cms | 1 Sitexs Cms | 2023-12-10 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. | |||||
CVE-2008-2618 | 1 Oracle | 3 Jd Edwards Enterpriseone, Peoplesoft Enterprise, Peoplesoft Peopletools Component | 2023-12-10 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622. | |||||
CVE-2008-6566 | 1 Octopussy | 1 Octopussy | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability. | |||||
CVE-2008-7017 | 1 Cacert | 1 Cacert | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate. | |||||
CVE-2009-0851 | 1 Stewart Howe | 1 Celerbb | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php. | |||||
CVE-2008-2085 | 1 Icewalkers | 1 Sipp | 2023-12-10 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message. | |||||
CVE-2009-4262 | 1 Haroldbakker | 1 Hb-ns | 2023-12-10 | 7.5 HIGH | N/A |
Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php. | |||||
CVE-2008-7016 | 1 Luke Mewburn | 1 Tnftpd | 2023-12-10 | 6.8 MEDIUM | N/A |
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server. | |||||
CVE-2008-5138 | 1 Bkleineidam | 1 Libpam Mount | 2023-12-10 | 6.9 MEDIUM | N/A |
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file. | |||||
CVE-2008-0996 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 1.7 LOW | N/A |
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. | |||||
CVE-2008-1474 | 1 Roundup-tracker | 1 Roundup | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS). | |||||
CVE-2008-0727 | 1 Ibm | 1 Informix Dynamic Server | 2023-12-10 | 8.5 HIGH | N/A |
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. | |||||
CVE-2008-2390 | 1 Hp | 1 Software Update | 2023-12-10 | 6.8 MEDIUM | N/A |
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument. |