Vulnerabilities (CVE)

Total 264607 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2690 1 Browsercrm 1 Browsercrm 2024-02-28 9.3 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4112 2024-02-28 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3195. Reason: This candidate is a duplicate of CVE-2008-3195. Notes: All CVE users should reference CVE-2008-3195 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2009-1172 1 Ibm 1 Websphere Application Server 2024-02-28 10.0 HIGH N/A
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
CVE-2008-5936 1 Mini-pub 1 Mini-pub 2024-02-28 5.0 MEDIUM N/A
front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.
CVE-2009-4219 1 Haihaisoft 1 Haihaisoft Universal Player 2024-02-28 9.3 HIGH N/A
Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obtained from third party information.
CVE-2008-5710 1 Avaya 1 Communication Manager 2024-02-28 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
CVE-2008-5133 1 Sun 2 Opensolaris, Solaris 2024-02-28 5.8 MEDIUM N/A
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.
CVE-2008-5207 1 Jonascms 1 Jonascms 2024-02-28 6.8 MEDIUM N/A
Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0565 1 Microsoft 5 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Word and 2 more 2024-02-28 9.3 HIGH N/A
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability."
CVE-2008-3717 1 Harmoni 1 Harmoni 2024-02-28 5.0 MEDIUM N/A
Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.
CVE-2009-4304 1 Moodle 1 Moodle 2024-02-28 7.5 HIGH N/A
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.
CVE-2009-4136 1 Postgresql 1 Postgresql 2024-02-28 6.5 MEDIUM N/A
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
CVE-2009-2284 1 Phpmyadmin 1 Phpmyadmin 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
CVE-2009-0631 1 Cisco 1 Ios 2024-02-28 7.8 HIGH N/A
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet.
CVE-2008-6791 1 Klever 1 Pumpkin 2024-02-28 5.0 MEDIUM N/A
PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field.
CVE-2009-0853 1 Stewart Howe 1 Celerbb 2024-02-28 6.8 MEDIUM N/A
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.
CVE-2009-1846 1 Bjsintay 1 Sitex 2024-02-28 7.5 HIGH N/A
Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter to (1) Corporate/homepage.php, (2) Fusion/homepage.php, (3) Joombo/homepage.php, (4) Streamline/homepage.php, and (5) Structure/homepage.php in themes/.
CVE-2009-3617 1 Tatsuhiro Tsujikawa 1 Aria2 2024-02-28 7.6 HIGH N/A
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.
CVE-2009-2570 1 Symantec 1 Winfax Pro 2024-02-28 9.3 HIGH N/A
Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX control in WinFax\DCCFAXVW.DLL in Symantec WinFax Pro 10.03 allows remote attackers to execute arbitrary code via a long argument to the AppendFax method.
CVE-2008-2143 1 Microsoft 1 Outlook Web Access 2024-02-28 1.9 LOW N/A
Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.