Total
263098 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5745 | 1 Openoffice | 1 Openoffice | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records. | |||||
CVE-2008-4808 | 1 Ibm | 1 Lotus Connections | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-1370 | 1 Xilisoft | 1 Xilisoft Video Converter | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file. | |||||
CVE-2009-1173 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 2.1 LOW | N/A |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used. | |||||
CVE-2008-7090 | 1 Pligg | 1 Pligg Cms | 2024-02-28 | 7.8 HIGH | N/A |
Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php. | |||||
CVE-2009-1901 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 10.0 HIGH | N/A |
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors. | |||||
CVE-2009-0833 | 2 Myplugins, Nullsoft | 2 Gen Msn, Winamp | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-5267 | 1 Experts | 1 Experts | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter. | |||||
CVE-2009-2547 | 1 Bistudio | 2 Arma, Arma 2 | 2024-02-28 | 5.0 MEDIUM | N/A |
Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) via a VoIP over Network (VON) packet to port 2305 with a negative packet_size value, which triggers a buffer over-read. | |||||
CVE-2009-1568 | 1 Novell | 1 Iprint Client | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter. | |||||
CVE-2009-4116 | 1 Cutephp | 1 Cutenews | 2024-02-28 | 3.5 LOW | N/A |
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files. | |||||
CVE-2009-1611 | 1 Electrasoft | 1 32bit Ftp | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command. | |||||
CVE-2008-3801 | 1 Cisco | 3 Ios, Unified Callmanager, Unified Communications Manager | 2024-02-28 | 7.1 HIGH | N/A |
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. | |||||
CVE-2008-1117 | 1 Netopia | 1 Timbuktu Pro | 2024-02-28 | 10.0 HIGH | N/A |
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220. | |||||
CVE-2008-4372 | 1 Availscript | 1 Availscript Article Script | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter. | |||||
CVE-2009-0709 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-2964 | 1 Researchguide | 1 Researchguide | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2009-2558 | 1 Adminnewstools | 1 Admin News Tools | 2024-02-28 | 7.5 HIGH | N/A |
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request. | |||||
CVE-2009-2771 | 1 Freearcadescript | 1 Free Arcade Script | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/. | |||||
CVE-2009-3650 | 2 David Strauss, Drupal | 2 Dex, Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |