Total
266790 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1659 | 1 Intelliants | 1 Elitius | 2024-02-28 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/. | |||||
CVE-2008-3481 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-02-28 | 7.5 HIGH | N/A |
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
CVE-2009-0821 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element. | |||||
CVE-2008-4990 | 1 Enomaly | 1 Elastic Computing Platform | 2024-02-28 | 6.9 MEDIUM | N/A |
Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file. | |||||
CVE-2008-7088 | 1 Photopost | 1 Photopost Vbgallery | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor. | |||||
CVE-2009-1405 | 1 Pastel | 1 Pastelcms | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set_lng parameter. | |||||
CVE-2009-1785 | 1 Ulteo | 1 Open Virtual Desktop | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop 1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter to header.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-2858 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure. | |||||
CVE-2008-1002 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. | |||||
CVE-2008-4396 | 1 Safer Networking | 1 Filealyzer | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data. | |||||
CVE-2008-5297 | 1 Vitalwerks | 1 No-ip Duc | 2024-02-28 | 7.6 HIGH | N/A |
Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function. | |||||
CVE-2008-3992 | 1 Oracle | 1 Database 10g | 2024-02-28 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to DMSYS.DBMS_DM_EXP_INTERNAL. | |||||
CVE-2008-2273 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2024-02-28 | 9.0 HIGH | N/A |
Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors. | |||||
CVE-2008-5019 | 3 Canonical, Debian, Mozilla | 3 Ubuntu Linux, Debian Linux, Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. | |||||
CVE-2008-3584 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 9.3 HIGH | N/A |
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet. | |||||
CVE-2009-2300 | 1 Phion | 1 Airlock Web Application Firewall | 2024-02-28 | 10.0 HIGH | N/A |
The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request. | |||||
CVE-2008-2662 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2024-02-28 | 10.0 HIGH | N/A |
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change. | |||||
CVE-2009-1433 | 1 Silverstripe | 1 Silverstripe | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter. | |||||
CVE-2008-4660 | 1 Typo3 | 2 M1 Intern, Typo3 | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-2493 | 1 Badongo | 1 Campus Bulletin Board | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus Bulletin Board 3.4 allows remote attackers to inject arbitrary web script or HTML via the review parameter. |