Total
266766 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1684 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. | |||||
CVE-2008-7155 | 1 Phprisk | 1 Netrisk | 2024-02-28 | 7.5 HIGH | N/A |
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. | |||||
CVE-2008-5555 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." | |||||
CVE-2008-3347 | 1 Myiosoft | 1 Easydynamicpages | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter. | |||||
CVE-2008-1532 | 1 Perlbal | 1 Perlbal | 2024-02-28 | 5.0 MEDIUM | N/A |
Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload. | |||||
CVE-2009-1492 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-28 | 9.3 HIGH | N/A |
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments. | |||||
CVE-2008-5606 | 1 Gazatem Technologies | 1 Qmail Mailing List Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb. | |||||
CVE-2008-4461 | 1 Vastal I-tech | 1 Dating Zone | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter. | |||||
CVE-2008-6114 | 2 E107, Mytipper | 2 E107, Zogo Shop | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter. | |||||
CVE-2008-7070 | 1 Kvirc | 1 Kvirc | 2024-02-28 | 9.3 HIGH | N/A |
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951. | |||||
CVE-2008-6172 | 2 Joomla, Weberr | 2 Joomla, Rwcards | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. | |||||
CVE-2008-4793 | 1 Drupal | 1 Drupal | 2024-02-28 | 7.5 HIGH | N/A |
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | |||||
CVE-2009-3073 | 1 Mozilla | 1 Firefox | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2008-2330 | 1 Apple | 1 Mac Os X Server | 2024-02-28 | 4.9 MEDIUM | N/A |
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | |||||
CVE-2009-0883 | 1 Amunak | 1 Blue Eye Cms | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter. | |||||
CVE-2008-4667 | 1 Arabcms | 1 Arabcms | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter. | |||||
CVE-2008-5841 | 1 Igamingcms | 1 Igaming Cms | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action. | |||||
CVE-2009-2228 | 1 Kasseler-cms | 1 Kasseler Cms | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action. | |||||
CVE-2008-5229 | 1 Microsoft | 1 Windows Vista | 2024-02-28 | 6.9 MEDIUM | N/A |
Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. | |||||
CVE-2008-2943 | 1 Ibm | 1 Tivoli Directory Server | 2024-02-28 | 6.0 MEDIUM | N/A |
Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server. |