Total
266775 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1088 | 1 Hannonhill | 1 Cascade | 2024-02-28 | 9.0 HIGH | N/A |
Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime. | |||||
CVE-2008-3389 | 3 Hp, Ingres, Linux | 3 Hp-ux, Ingres, Linux Kernel | 2024-02-28 | 4.6 MEDIUM | N/A |
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. | |||||
CVE-2009-3364 | 1 Ftpshell | 1 Ftpshell | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | |||||
CVE-2008-5048 | 1 Isecsoft | 1 Anti-trojan Elite | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL. | |||||
CVE-2008-3162 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors. | |||||
CVE-2009-2669 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | |||||
CVE-2007-6729 | 1 Zyxel | 1 P-330w Router | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors. | |||||
CVE-2009-3367 | 1 Plohni | 1 An Image Gallery | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-2192 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.5 HIGH | N/A |
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue." | |||||
CVE-2009-2158 | 1 Torrenttrader Project | 1 Torrenttrader | 2024-02-28 | 7.5 HIGH | 7.5 HIGH |
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. | |||||
CVE-2009-0527 | 1 Adaptcms | 1 Adaptcms | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | |||||
CVE-2008-1944 | 2 Redhat, Xensource | 4 Desktop, Enterprise Linux, Virtualization Server and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." | |||||
CVE-2009-3944 | 1 Rim | 2 Blackberry 8800, Blackberry Browser | 2024-02-28 | 5.0 MEDIUM | N/A |
Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. | |||||
CVE-2008-4921 | 1 Chipmunk Scripts | 1 Chipmunk Cms | 2024-02-28 | 7.5 HIGH | N/A |
board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-6598 | 1 Sangoma | 1 Wanpipe | 2024-02-28 | 10.0 HIGH | N/A |
Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic." | |||||
CVE-2008-2754 | 1 Efiction | 1 Efiction | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter. | |||||
CVE-2008-6846 | 1 Avast | 1 Avast Antivirus | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file. | |||||
CVE-2009-0300 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2636. Reason: This candidate is a duplicate of CVE-2006-2636. Notes: All CVE users should reference CVE-2006-2636 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2008-5858 | 1 Knowledgetree Document Management | 1 Knowledgetree Document Management | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-4281. | |||||
CVE-2008-4722 | 1 Sun | 37 Blade 6000 Modular System With Chassis, Blade 6048 Modular System With Chassis, Blade 8000 Modular System and 34 more | 2024-02-28 | 9.0 HIGH | N/A |
Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors. |