Vulnerabilities (CVE)

Total 263098 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5745 1 Openoffice 1 Openoffice 2024-02-28 6.8 MEDIUM N/A
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.
CVE-2008-4808 1 Ibm 1 Lotus Connections 2024-02-28 5.0 MEDIUM N/A
IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1370 1 Xilisoft 1 Xilisoft Video Converter 2024-02-28 9.3 HIGH N/A
Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file.
CVE-2009-1173 1 Ibm 1 Websphere Application Server 2024-02-28 2.1 LOW N/A
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used.
CVE-2008-7090 1 Pligg 1 Pligg Cms 2024-02-28 7.8 HIGH N/A
Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.
CVE-2009-1901 1 Ibm 1 Websphere Application Server 2024-02-28 10.0 HIGH N/A
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.
CVE-2009-0833 2 Myplugins, Nullsoft 2 Gen Msn, Winamp 2024-02-28 9.3 HIGH N/A
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information.
CVE-2008-5267 1 Experts 1 Experts 2024-02-28 6.8 MEDIUM N/A
SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter.
CVE-2009-2547 1 Bistudio 2 Arma, Arma 2 2024-02-28 5.0 MEDIUM N/A
Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) via a VoIP over Network (VON) packet to port 2305 with a negative packet_size value, which triggers a buffer over-read.
CVE-2009-1568 1 Novell 1 Iprint Client 2024-02-28 9.3 HIGH N/A
Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter.
CVE-2009-4116 1 Cutephp 1 Cutenews 2024-02-28 3.5 LOW N/A
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files.
CVE-2009-1611 1 Electrasoft 1 32bit Ftp 2024-02-28 10.0 HIGH N/A
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command.
CVE-2008-3801 1 Cisco 3 Ios, Unified Callmanager, Unified Communications Manager 2024-02-28 7.1 HIGH N/A
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.
CVE-2008-1117 1 Netopia 1 Timbuktu Pro 2024-02-28 10.0 HIGH N/A
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.
CVE-2008-4372 1 Availscript 1 Availscript Article Script 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter.
CVE-2009-0709 1 Vlad Alexa Mancini 1 Phpfootball 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2964 1 Researchguide 1 Researchguide 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2558 1 Adminnewstools 1 Admin News Tools 2024-02-28 7.5 HIGH N/A
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request.
CVE-2009-2771 1 Freearcadescript 1 Free Arcade Script 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/.
CVE-2009-3650 2 David Strauss, Drupal 2 Dex, Drupal 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.