Total
250635 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0587 | 1 Go-evolution | 1 Evolution-data-server | 2023-12-10 | 7.5 HIGH | N/A |
| Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. | |||||
| CVE-2008-4105 | 1 Joomla | 1 Joomla | 2023-12-10 | 7.5 HIGH | N/A |
| JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact. | |||||
| CVE-2009-3790 | 1 Cutepdf | 1 Formmax | 2023-12-10 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5545 | 2 Microsoft, Trend Micro | 2 Internet Explorer, Trend Micro Antivirus | 2023-12-10 | 9.3 HIGH | N/A |
| Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-7074 | 1 Memcode | 1 I.scribe | 2023-12-10 | 9.3 HIGH | N/A |
| Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message." | |||||
| CVE-2009-1997 | 1 Oracle | 1 Database Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2009-4218 | 1 Jiros | 1 Jbsx | 2023-12-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4395 | 2 Linux, Ubuntu | 2 Linux Kernel, Linux Kernel | 2023-12-10 | 8.3 HIGH | N/A |
| Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. | |||||
| CVE-2008-2794 | 1 Symantec | 1 Altiris Notification Server | 2023-12-10 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2008-3980 | 1 Oracle | 1 Database 10g | 2023-12-10 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2008-5091 | 1 Novell | 1 Edirectory | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." | |||||
| CVE-2008-5417 | 1 Hp | 2 Decnet Plus For Openvms, Openvms | 2023-12-10 | 2.1 LOW | N/A |
| HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. | |||||
| CVE-2008-1702 | 1 E107 | 2 E107, My Gallery | 2023-12-10 | 4.3 MEDIUM | N/A |
| Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6535 | 1 Paypalestores | 1 Paypal Estores | 2023-12-10 | 7.5 HIGH | N/A |
| admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | |||||
| CVE-2009-1080 | 1 Sun | 1 Java System Identity Manager | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033. | |||||
| CVE-2008-2246 | 1 Microsoft | 2 Windows-nt, Windows Vista | 2023-12-10 | 7.8 HIGH | N/A |
| Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2008-6869 | 1 Oramon | 1 Oramon | 2023-12-10 | 5.0 MEDIUM | N/A |
| Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini. | |||||
| CVE-2008-2603 | 1 Oracle | 1 Enterprise Manager | 2023-12-10 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages. | |||||
| CVE-2008-6418 | 1 Torrenttrader | 1 Torrenttrader | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. | |||||
| CVE-2009-2365 | 1 Datachecknh | 1 Gallerypal Fe | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||