Total
248593 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5226 | 3 Joomla, Mambads, Mambo | 3 Joomla, Mambads, Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | |||||
CVE-2009-3322 | 1 Siemens | 1 Gigaset Se361 Wlan Router | 2023-12-10 | 7.8 HIGH | N/A |
The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723. | |||||
CVE-2008-6952 | 1 Cms.maury91 | 1 Maurycms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
CVE-2008-4338 | 1 Vacilanda | 1 Brilliant Gallery | 2023-12-10 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters. | |||||
CVE-2009-2184 | 1 Gravy-media | 1 Media Photo Host | 2023-12-10 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter. | |||||
CVE-2008-5961 | 1 Tribiq | 1 Tribiq Cms | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-7100 | 1 Dotnetnuke | 1 Dotnetnuke | 2023-12-10 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity." | |||||
CVE-2008-4625 | 2 Shiftthis, Wordpress | 2 Shifthis Newsletter, Wordpress | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683. | |||||
CVE-2009-2596 | 1 Sun | 2 Opensolaris, Solaris | 2023-12-10 | 4.7 MEDIUM | N/A |
Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members. | |||||
CVE-2009-0241 | 1 Ganglia | 1 Ganglia | 2023-12-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname. | |||||
CVE-2009-1642 | 1 Mini-stream | 1 Mini-stream To Mp3 Converter | 2023-12-10 | 9.3 HIGH | N/A |
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in "prior to 3.1.3.7." | |||||
CVE-2009-3109 | 1 Symantec | 1 Altiris Deployment Solution | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed. | |||||
CVE-2009-0119 | 1 Microsoft | 1 Windows Xp | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. | |||||
CVE-2009-0371 | 1 Sitexs Cms | 1 Sitexs Cms | 2023-12-10 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter. | |||||
CVE-2008-6627 | 1 Webbdomain | 1 Webshop | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2009-0009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption. | |||||
CVE-2008-3503 | 1 Webgui | 1 Plain Black Webgui | 2023-12-10 | 5.0 MEDIUM | N/A |
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). | |||||
CVE-2008-2355 | 1 Wr-script | 1 Wr-meeting | 2023-12-10 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event. | |||||
CVE-2009-1352 | 1 Dawningsoft | 1 Powerchm | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL. | |||||
CVE-2009-2023 | 1 Shop-script | 1 Shop-script | 2023-12-10 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter. |