Total
266886 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1761 | 1 Opera | 1 Opera | 2024-02-28 | 9.3 HIGH | N/A |
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. | |||||
CVE-2008-4418 | 1 Hp | 1 Hp-ux | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. | |||||
CVE-2008-5285 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. | |||||
CVE-2008-5633 | 1 Activewebsoftwares | 1 Activevotes | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-1637 | 1 Simplecustomer | 1 Simple Customer | 2024-02-28 | 6.4 MEDIUM | N/A |
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters. | |||||
CVE-2008-6573 | 1 Avaya | 1 Communication Manager | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server. | |||||
CVE-2008-2560 | 1 Fourtwosevenbb | 1 427bb | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||||
CVE-2008-4972 | 1 Steve Robbins | 1 Mgt | 2024-02-28 | 6.9 MEDIUM | N/A |
mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file. | |||||
CVE-2008-3453 | 1 Impresscms | 1 Impresscms | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files." | |||||
CVE-2009-1394 | 2 Microsoft, Motorola | 2 Windows, Timbuktu Pro | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe. | |||||
CVE-2008-4502 | 1 Datafeedfile | 1 Dff Framework Api | 2024-02-28 | 10.0 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/. | |||||
CVE-2009-4033 | 1 Tim Hockin | 1 Acpid | 2024-02-28 | 6.9 MEDIUM | N/A |
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file. | |||||
CVE-2009-0453 | 1 Onlinegrades | 1 Online Grades | 2024-02-28 | 5.0 MEDIUM | N/A |
Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
CVE-2009-2594 | 1 Censura | 1 Censura | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action. | |||||
CVE-2009-3503 | 1 Bpowerhouse | 1 Bpholidaylettings | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters. | |||||
CVE-2009-1880 | 1 Mt312 | 1 Rep-bbs | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) model.php and (2) config.php with timestamps before 20090521. | |||||
CVE-2008-1014 | 1 Apple | 1 Quicktime | 2024-02-28 | 4.3 MEDIUM | N/A |
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||||
CVE-2009-1749 | 1 Joost Horward | 1 Catviz | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters. | |||||
CVE-2009-1122 | 1 Microsoft | 2 Internet Information Services, Windows 2000 | 2024-02-28 | 7.5 HIGH | N/A |
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. | |||||
CVE-2008-4925 | 1 Mw6 Technologies | 1 Datamatrix Activex | 2024-02-28 | 9.0 HIGH | N/A |
Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. |