Total
266765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2847 | 1 Softdivision | 1 Maxtrade Aoi | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php. | |||||
CVE-2008-7065 | 1 Siemens | 2 Gigaset C450 Ip, Gigaset C475 Ip | 2024-02-28 | 7.8 HIGH | N/A |
Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060. | |||||
CVE-2008-1406 | 1 Exv2 | 1 Exv2 | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action. | |||||
CVE-2008-5915 | 1 Google | 1 Chrome | 2024-02-28 | 2.1 LOW | N/A |
An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2008-3151 | 2 Phpnuke, Warpspeed | 2 4ndvddb, 4ndvddb | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action. | |||||
CVE-2008-6949 | 1 Collabtive | 1 Collabtive | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. NOTE: these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication. | |||||
CVE-2009-2775 | 1 Phparcadescript | 1 Phparcadescript | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-3490 | 1 E-topbiz | 1 Online Dating | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action. | |||||
CVE-2009-1762 | 1 Novell | 1 Groupwise | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter. | |||||
CVE-2009-1730 | 1 Netmechanica | 1 Netdecision Tftp Server | 2024-02-28 | 10.0 HIGH | N/A |
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command. | |||||
CVE-2009-2788 | 1 Mobilelib | 1 Mobilelib Gold | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php. | |||||
CVE-2009-4098 | 1 Openx | 1 Openx | 2024-02-28 | 6.0 MEDIUM | N/A |
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory. | |||||
CVE-2008-2294 | 1 Mreaves | 1 Pet Grooming Management System | 2024-02-28 | 7.5 HIGH | N/A |
Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin." | |||||
CVE-2008-5528 | 2 Aladdin, Microsoft | 2 Esafe, Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-5766 | 1 Fascript | 1 Faupload | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-2837 | 1 Cms.brdconcept | 1 Cms-brd | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter. | |||||
CVE-2009-0515 | 1 Yanocc | 1 Yanocc | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
CVE-2008-6677 | 1 Quickersite | 1 Quickersite | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||||
CVE-2008-0071 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2024-02-28 | 4.3 MEDIUM | N/A |
The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. | |||||
CVE-2009-1178 | 1 Ibm | 1 Tivoli Storage Manager | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line." |