Total
266790 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4818 | 1 Adobe | 1 Flash Player | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers. | |||||
| CVE-2008-1522 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2024-02-28 | 7.5 HIGH | N/A |
| ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2008-3713 | 1 Phpbasket | 1 Phpbasket | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter. | |||||
| CVE-2009-0845 | 1 Mit | 2 Kerberos, Kerberos 5 | 2024-02-28 | 5.0 MEDIUM | N/A |
| The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. | |||||
| CVE-2009-2846 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.8 HIGH | N/A |
| The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. | |||||
| CVE-2009-3972 | 2 Joomla, Qproje | 2 Joomla\!, Com Siirler | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php. | |||||
| CVE-2008-2566 | 1 Php-address Book | 1 Php-address Book | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI. | |||||
| CVE-2008-1892 | 1 Blogator Script | 1 Blogator Script | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bs_auth.php in Blogator-script 0.95 and 1.01 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5523 | 2 Avast, Microsoft | 2 Avast Antivirus, Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
| avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-2531 | 1 Buildanichestore3 | 1 Bans | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2008-6000 | 1 Gdata | 3 Antivirus 2008, Internetsecurity 2008, Totalcare 2008 | 2024-02-28 | 7.2 HIGH | N/A |
| The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents. | |||||
| CVE-2008-4670 | 1 Ed Putal | 1 Clickbank Portal | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Clickbank Portal allows remote attackers to inject arbitrary web script or HTML via the search box. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1469 | 1 Gallarific | 1 Gallarific | 2024-02-28 | 6.4 MEDIUM | N/A |
| Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4303 | 1 Php-collab | 1 Php-collab | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors. | |||||
| CVE-2009-3868 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2024-02-28 | 9.3 HIGH | N/A |
| Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. | |||||
| CVE-2008-6121 | 1 Socialengine | 1 Socialengine | 2024-02-28 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. | |||||
| CVE-2009-0391 | 1 Ibm | 2 Websphere Application Server, Zos | 2024-02-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2008-4341 | 1 Myblog | 1 Myblog | 2024-02-28 | 7.5 HIGH | N/A |
| add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin. | |||||
| CVE-2008-2755 | 1 Jamm-media | 1 Jamm Cms | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1082 | 1 Sun | 1 Java System Identity Manager | 2024-02-28 | 9.0 HIGH | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs. | |||||