Total
248814 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-7088 | 1 Photopost | 1 Photopost Vbgallery | 2023-12-10 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor. | |||||
CVE-2008-2208 | 1 Maianscriptworld | 1 Maian Greeting | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | |||||
CVE-2008-4047 | 1 Novell | 1 Novell Forum | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515. | |||||
CVE-2009-1986 | 1 Oracle | 1 E-business Suite | 2023-12-10 | 2.6 LOW | N/A |
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality via unknown vectors. | |||||
CVE-2009-0698 | 1 Xine | 1 Xine-lib | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. | |||||
CVE-2008-2464 | 3 Freebsd, Kame, Netbsd | 3 Freebsd, Kame, Netbsd | 2023-12-10 | 7.1 HIGH | N/A |
The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value. | |||||
CVE-2008-5879 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors. | |||||
CVE-2008-6345 | 1 Cms.maury91 | 1 Solarcms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to indes.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-3534 | 1 Lionwiki | 1 Lionwiki | 2023-12-10 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
CVE-2008-5405 | 1 Oxid | 1 Cain And Abel | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. | |||||
CVE-2009-2850 | 1 Nasa Goddard Space Flight Center | 1 Common Data Format | 2023-12-10 | 9.3 HIGH | N/A |
Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, and other errors in the (2) SearchForRecord_r_64, (3) LastRecord64, (4) CDFsel64, and other unspecified functions. | |||||
CVE-2008-1684 | 1 Sun | 1 Solaris | 2023-12-10 | 4.7 MEDIUM | N/A |
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | |||||
CVE-2009-1712 | 1 Apple | 1 Safari | 2023-12-10 | 9.3 HIGH | N/A |
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. | |||||
CVE-2008-7047 | 1 Natterchat | 1 Natterchat | 2023-12-10 | 7.5 HIGH | N/A |
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp. | |||||
CVE-2009-3040 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php. | |||||
CVE-2008-6504 | 2 Apache, Opensymphony | 2 Struts, Xwork | 2023-12-10 | 5.0 MEDIUM | N/A |
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character. | |||||
CVE-2008-5561 | 1 Netref | 1 Netref | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php. | |||||
CVE-2008-3799 | 1 Cisco | 1 Ios | 2023-12-10 | 7.8 HIGH | N/A |
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. | |||||
CVE-2009-1821 | 1 Dmxready | 1 Registration Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb. | |||||
CVE-2009-3733 | 2 Linux, Vmware | 4 Linux, Esx, Esxi and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. |