Total
266783 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3507 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter. | |||||
| CVE-2009-2600 | 1 Akiva | 1 Webboard | 2024-02-28 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. | |||||
| CVE-2009-4206 | 1 Cmsnx | 1 Million Dollar Text Links | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0545 | 1 Zeroshell | 1 Zeroshell | 2024-02-28 | 10.0 HIGH | N/A |
| cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. | |||||
| CVE-2008-5627 | 1 Activewebsoftwares | 1 Active Trade | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3275 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. | |||||
| CVE-2009-3041 | 1 Spip | 1 Spip | 2024-02-28 | 7.5 HIGH | N/A |
| SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009. | |||||
| CVE-2009-0894 | 1 Xvid | 1 Xvid | 2024-02-28 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1725 | 1 Nsoftware | 1 Ibiz E-banking Integrator | 2024-02-28 | 9.0 HIGH | N/A |
| The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-7131 | 1 Peter Kohlmann | 1 Db2 Monitoring Console | 2024-02-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to gain access to a database via a link to a victim who is already connected to the database. | |||||
| CVE-2009-1972 | 1 Oracle | 1 Database Server | 2024-02-28 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL and DBMS_SQL. | |||||
| CVE-2008-5560 | 1 Dazzlindonna | 1 Postecards | 2024-02-28 | 5.0 MEDIUM | N/A |
| PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb. | |||||
| CVE-2009-2325 | 1 Clicknet | 1 Clicknet Cms | 2024-02-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter. | |||||
| CVE-2008-1156 | 1 Cisco | 2 Cisco Ios, Ios | 2024-02-28 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. | |||||
| CVE-2008-5785 | 1 V3chat | 1 V3 Chat Profiles Dating Script | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||||
| CVE-2009-1863 | 1 Adobe | 3 Air, Flash Player, Flex | 2024-02-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." | |||||
| CVE-2007-3651 | 1 Fascript | 1 Faname | 2024-02-28 | 4.3 MEDIUM | N/A |
| class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message. | |||||
| CVE-2008-4614 | 1 Portalapp | 1 Portalapp | 2024-02-28 | 7.5 HIGH | N/A |
| PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies. | |||||
| CVE-2008-5456 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2024-02-28 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2008-5701 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 4.7 MEDIUM | N/A |
| Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table. | |||||