Total
266768 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5161 | 2 Openbsd, Ssh | 5 Openssh, Tectia Client, Tectia Connector and 2 more | 2024-02-28 | 2.6 LOW | N/A |
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | |||||
CVE-2009-3667 | 1 Adsdx | 1 Adsdx | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username. | |||||
CVE-2008-4406 | 1 Debian | 1 Xsabre | 2024-02-28 | 7.2 HIGH | N/A |
A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files. | |||||
CVE-2008-6576 | 1 Nortel | 1 Cs1000 | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions. | |||||
CVE-2009-4005 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. | |||||
CVE-2008-5906 | 1 Ktorrent | 1 Ktorrent | 2024-02-28 | 6.8 MEDIUM | N/A |
Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts. | |||||
CVE-2008-4898 | 1 Planetluc | 1 Rateme | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action. | |||||
CVE-2008-6446 | 1 Geniuscyber | 1 Maxsite | 2024-02-28 | 7.5 HIGH | N/A |
Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. | |||||
CVE-2009-1374 | 1 Pidgin | 1 Pidgin | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. | |||||
CVE-2008-4441 | 2 Linksys, Marvell | 2 Wap400n, 88w8361p-bem1 | 2024-02-28 | 7.1 HIGH | N/A |
The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197. | |||||
CVE-2008-2904 | 1 Phpmycart | 1 Phpmycart | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
CVE-2007-6020 | 4 Activepdf, Autonomy, Ibm and 1 more | 5 Docconverter, Keyview, Lotus Notes and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file. | |||||
CVE-2008-1473 | 1 Symantec | 1 Altiris Deployment Solution | 2024-02-28 | 7.2 HIGH | N/A |
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack. | |||||
CVE-2009-1804 | 1 Videoscript | 1 Youtube Video Script | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
CVE-2008-3044 | 1 Typo3 | 1 News Calendar Extension | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2009-0442 | 1 Phpbbbook | 1 Phpbbbook | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and 1.3h allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter. | |||||
CVE-2008-4753 | 1 Aj Square Inc | 1 Rss Reader | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter. | |||||
CVE-2008-5734 | 1 Icewarp | 1 Merak Mail Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message. | |||||
CVE-2008-6444 | 1 Baidu | 1 Baidu Hi | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value. | |||||
CVE-2009-0382 | 1 Drupal | 2 Drupal, Internationalization | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. |