Total
266768 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3961 | 1 Adobe | 1 Illustrator | 2024-02-28 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file. | |||||
CVE-2008-5897 | 1 Codeavalanche | 1 Freewallpaper | 2024-02-28 | 7.5 HIGH | N/A |
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0709 | 4 Hp, Microsoft, Redhat and 1 more | 6 Hp-ux, Select Identity, Windows 2003 Server and 3 more | 2024-02-28 | 5.5 MEDIUM | N/A |
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. | |||||
CVE-2008-2679 | 1 Realm Project | 1 Realm Cms | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI. | |||||
CVE-2008-3161 | 1 Ibm | 1 Maximo | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-2870 | 1 Cisco | 1 Ios | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880. | |||||
CVE-2008-6182 | 1 Joomla | 2 Ignitegallery, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php. | |||||
CVE-2008-4358 | 1 Spaw Editor | 1 Spaw Php | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name. | |||||
CVE-2008-0706 | 2 Compaq, Hp | 4 Presario A900, Presario C700, G7000 and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password. | |||||
CVE-2008-6325 | 1 Softbizscripts | 1 Classifieds Script | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306. | |||||
CVE-2008-3903 | 2 Asterisk, Trixbox | 2 P B X, Pbx | 2024-02-28 | 3.5 LOW | N/A |
Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames. | |||||
CVE-2009-0129 | 1 Perl-openssl | 1 Libcrypt-openssl-dsa-perl | 2024-02-28 | 5.0 MEDIUM | N/A |
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
CVE-2009-3852 | 1 Ibm | 1 Runtimes For Java Technology | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17." | |||||
CVE-2008-4864 | 1 Python | 1 Python | 2024-02-28 | 7.5 HIGH | N/A |
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. | |||||
CVE-2009-0319 | 1 Sun | 2 Opensolaris, Solaris | 2024-02-28 | 6.9 MEDIUM | N/A |
Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems." | |||||
CVE-2008-5920 | 1 Tigris | 1 Websvn | 2024-02-28 | 7.5 HIGH | N/A |
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. | |||||
CVE-2008-7217 | 1 Microsoft | 1 Office | 2024-02-28 | 4.6 MEDIUM | N/A |
Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories. | |||||
CVE-2009-3869 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. | |||||
CVE-2008-2111 | 1 Yahoo | 1 Yahoo Assistant | 2024-02-28 | 9.3 HIGH | N/A |
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption. | |||||
CVE-2008-4647 | 1 Sweetcms | 1 Sweetcms | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. |