Total
266744 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3731 | 3 Microsoft, Vmware, Webworks | 11 Windows, Esx Server, Lab Manager and 8 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. | |||||
CVE-2009-0854 | 1 Dash | 1 Dash | 2024-02-28 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. | |||||
CVE-2008-6956 | 1 Infireal | 1 Mxcamarchive | 2024-02-28 | 6.5 MEDIUM | N/A |
Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-3445 | 1 Phpmyrealty | 1 Phpmyrealty | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter. | |||||
CVE-2009-3578 | 1 Autodesk | 2 Alias Wavefront Maya, Autodesk Maya | 2024-02-28 | 9.3 HIGH | N/A |
Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes." | |||||
CVE-2008-2342 | 1 News Manager | 1 News Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
CVE-2009-2078 | 2 Drupal, Heine.familiedeelstra | 2 Drupal, Booktree | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page. | |||||
CVE-2009-3370 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. | |||||
CVE-2008-2075 | 1 Astrocam | 1 Astrocam | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter. | |||||
CVE-2008-6975 | 1 Dd-wrt | 1 Dd-wrt | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. NOTE: This issue reportedly exists because of a "weak ... anti-CSRF fix" implemented in 24 sp2. | |||||
CVE-2008-1691 | 1 Seattle Lab Software | 1 Slmail Pro | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-6294 | 1 Accscripts | 1 Acc Statistics | 2024-02-28 | 7.5 HIGH | N/A |
admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin." | |||||
CVE-2009-4040 | 2 Microsoft, Phpmyfaq | 2 Internet Explorer, Phpmyfaq | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page. | |||||
CVE-2009-3756 | 1 Kreotek | 1 Phpbms | 2024-02-28 | 5.0 MEDIUM | N/A |
phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message. | |||||
CVE-2008-4366 | 1 Camera Life | 1 Camera Life | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload. | |||||
CVE-2009-2469 | 1 Mozilla | 1 Firefox | 2024-02-28 | 10.0 HIGH | N/A |
Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. | |||||
CVE-2008-6819 | 1 Microsoft | 2 Windows 2003 Server, Windows Vista | 2024-02-28 | 4.7 MEDIUM | N/A |
win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-4615 | 1 Portalapp | 1 Portalapp | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors. | |||||
CVE-2008-4134 | 1 Phprealty | 1 Phprealty | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter. | |||||
CVE-2008-2190 | 1 Romedchim International Srl | 1 Online Rent Property Script | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected. |