Total
266772 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5783 | 1 V3chat | 1 V3 Chat Live Support | 2024-02-28 | 7.5 HIGH | N/A |
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
CVE-2009-4028 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-28 | 6.8 MEDIUM | N/A |
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. | |||||
CVE-2008-5549 | 1 Sun | 1 Java System Portal Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet." | |||||
CVE-2009-3042 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040. | |||||
CVE-2008-6069 | 2 123flashchat, E107 | 2 Echat Plugin, E107 | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. | |||||
CVE-2008-5568 | 1 Ipn-mate | 1 Ipn Pro 3 | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters. | |||||
CVE-2008-4726 | 1 Goodtechsystems | 1 Goodtech Ssh | 2024-02-28 | 9.0 HIGH | N/A |
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters. | |||||
CVE-2008-7063 | 1 Ocean12tech | 1 Faq Manager Pro | 2024-02-28 | 5.0 MEDIUM | N/A |
Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb. | |||||
CVE-2008-4143 | 1 Razorecommerce | 1 Shopping Cart | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-6399 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-28 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors. | |||||
CVE-2009-2075 | 2 Angrydonuts, Drupal | 2 Nodequeue, Drupal | 2024-02-28 | 7.5 HIGH | N/A |
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. | |||||
CVE-2009-3651 | 2 Drupal, Mikeryan | 2 Drupal, Browscap | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
CVE-2009-1783 | 1 F-prot | 3 F-prot Antivirus, F-prot Aves, F-prot Milter | 2024-02-28 | 10.0 HIGH | N/A |
Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. | |||||
CVE-2008-5315 | 2 Apple, Microsoft | 2 Iphone Configuration Web Utility, Windows | 2024-02-28 | 7.8 HIGH | N/A |
Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2008-0924 | 1 Novell | 1 Edirectory | 2024-02-28 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. | |||||
CVE-2008-3456 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 6.4 MEDIUM | N/A |
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. | |||||
CVE-2008-1579 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. | |||||
CVE-2008-4218 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt. | |||||
CVE-2009-3222 | 1 Freewebscriptz | 1 Honest Traffic | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
CVE-2008-5683 | 1 Opera | 1 Opera Browser | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. |