Total
248591 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0578 | 1 Ubuntu | 1 Ubuntu Linux | 2023-12-10 | 6.2 MEDIUM | N/A |
GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. | |||||
CVE-2008-3999 | 1 Oracle | 2 Database 10g, Database 9i | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T. | |||||
CVE-2009-2853 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 10.0 HIGH | N/A |
Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/. | |||||
CVE-2008-3570 | 1 Africabegone | 1 Africa Be Gone | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter. | |||||
CVE-2008-2420 | 1 Stunnel | 1 Stunnel | 2023-12-10 | 6.8 MEDIUM | N/A |
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates. | |||||
CVE-2008-3863 | 1 Gnu | 1 Enscript | 2023-12-10 | 7.6 HIGH | N/A |
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command. | |||||
CVE-2008-3783 | 1 Matterdaddy | 1 Matterdaddy Market | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters. | |||||
CVE-2008-2630 | 1 Joomla | 1 Com Jb2 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php. | |||||
CVE-2008-6594 | 1 Network-publishing | 1 Rdf Newsfeed Export | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-4557 | 1 Cutephp | 1 Cutenews | 2023-12-10 | 10.0 HIGH | N/A |
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression. | |||||
CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 7.5 HIGH | N/A |
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||
CVE-2009-4105 | 1 Typsoft | 1 Typsoft Ftp Server | 2023-12-10 | 3.5 LOW | N/A |
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands. | |||||
CVE-2008-6656 | 1 Openautoclassifieds | 1 Open Auto Classifieds | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php. | |||||
CVE-2008-3465 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows Server 2003 and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." | |||||
CVE-2008-2862 | 1 Elinestudio | 1 Site Composer | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp. | |||||
CVE-2008-5105 | 1 Karjasoft | 1 Sami Ftp Server | 2023-12-10 | 5.0 MEDIUM | N/A |
KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands. | |||||
CVE-2008-5225 | 1 Xerox | 1 Docushare | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. | |||||
CVE-2008-1105 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. | |||||
CVE-2008-5633 | 1 Activewebsoftwares | 1 Activevotes | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-3029 | 1 Symantec | 1 Securityexpressions Audit And Compliance Server | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages. |