Total
266734 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2311 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.6 HIGH | N/A |
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. | |||||
CVE-2008-3600 | 1 Menalto | 1 Gallery | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action. | |||||
CVE-2008-1630 | 1 Emedia Office Gmbh | 1 Cuteflow | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/. | |||||
CVE-2009-0522 | 2 Adobe, Microsoft | 5 Air, Flash Player, Flash Player For Linux and 2 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." | |||||
CVE-2009-1452 | 1 Bluevirus-design | 1 Sma-db | 2024-02-28 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450. | |||||
CVE-2008-7083 | 1 Revou | 1 Micro Blogging Twitter Clone | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||||
CVE-2008-1619 | 1 Xensource Inc | 1 Xen | 2024-02-28 | 4.3 MEDIUM | N/A |
The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. | |||||
CVE-2009-2481 | 2 Six Apart, Sixapart | 2 Movable Type, Movable Type | 2024-02-28 | 5.8 MEDIUM | N/A |
mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors. | |||||
CVE-2008-6783 | 1 Scripts-for-sites | 1 Ez Home Business Directory | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
CVE-2008-2429 | 1 Calendarix | 1 Basic | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2. | |||||
CVE-2008-3914 | 1 Clamav | 1 Clamav | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. | |||||
CVE-2008-5905 | 1 Ktorrent | 1 Ktorrent | 2024-02-28 | 4.3 MEDIUM | N/A |
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request. | |||||
CVE-2009-4121 | 1 Opensolution | 2 Quick.cms, Quick.cms.lite | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products or (3) delete orders via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-5444 | 1 Oracle | 1 Secure Backup | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5448 and CVE-2008-5449. | |||||
CVE-2009-1892 | 1 Isc | 1 Dhcp | 2024-02-28 | 5.0 MEDIUM | N/A |
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests. | |||||
CVE-2009-0188 | 1 Apple | 1 Quicktime | 2024-02-28 | 9.3 HIGH | N/A |
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file. | |||||
CVE-2008-6313 | 1 Phpaddedit | 1 Phpaddedit | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter. NOTE: PHP remote file inclusion attacks are also likely. | |||||
CVE-2009-1295 | 2 Apport, Ubuntu | 2 Apport, Ubuntu | 2024-02-28 | 1.9 LOW | N/A |
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors. | |||||
CVE-2009-0372 | 1 Memht | 1 Memht Portal | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/. | |||||
CVE-2008-4684 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. |