Total
266711 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0812 | 1 Bpsoft | 1 Hex Workshop | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-6067 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5838. Reason: This candidate is a duplicate of CVE-2008-5838. Notes: All CVE users should reference CVE-2008-5838 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2009-3803 | 1 Amirocms | 1 Amiro.cms | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message parameter to (6) forum.php, (7) discussion.php, (8) guestbook.php, (9) blog.php, (10) news.php, (11) srv_updates.php, (12) srv_backups.php, (13) srv_twist_prevention.php, (14) srv_tags.php, (15) srv_tags_reindex.php, (16) google_sitemap.php, (17) sitemap_history.php, (18) srv_options.php, (19) locales.php and (20) plugins_wizard.php in _admin/; a crafted IMG BBcode tag in the message body of a (21) forum, (22) guestbook, or (23) comment; (24) the content of an avatar file, which is not properly handled by Internet Explorer; and (25) the loginname parameter (aka username) in _admin/index.php. | |||||
CVE-2008-4007 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2024-02-28 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2009-0206 | 1 Hp | 2 Hp-ux, Oncplus | 2024-02-28 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. | |||||
CVE-2009-3005 | 1 Lunascape | 1 Lunascape | 2024-02-28 | 4.3 MEDIUM | N/A |
Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. | |||||
CVE-2009-1574 | 1 Ipsec-tools | 1 Ipsec-tools | 2024-02-28 | 5.0 MEDIUM | N/A |
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. | |||||
CVE-2008-3716 | 1 Harmoni | 1 Harmoni | 2024-02-28 | 6.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. | |||||
CVE-2009-2786 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter. | |||||
CVE-2009-2375 | 1 Photo-dvd-maker | 1 Photo Dvd Maker | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earlier versions, allows remote attackers to execute arbitrary code via a long File_Name parameter in a .pdm file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-2606 | 1 Brainjar | 1 Asp Football Pool | 2024-02-28 | 5.0 MEDIUM | N/A |
ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb. | |||||
CVE-2008-6579 | 1 Nortel | 1 Cs1000 | 2024-02-28 | 5.0 MEDIUM | N/A |
Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." | |||||
CVE-2008-2643 | 1 Joomla | 1 Com Biblestudy | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php. | |||||
CVE-2008-5396 | 1 Asterisk | 1 Zaptel | 2024-02-28 | 7.2 HIGH | N/A |
Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl. | |||||
CVE-2009-0232 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." | |||||
CVE-2009-3890 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 6.0 MEDIUM | N/A |
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename. | |||||
CVE-2008-2308 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. | |||||
CVE-2008-4671 | 1 Wordpress | 1 Wordpress Mu | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters. | |||||
CVE-2009-1891 | 5 Apache, Canonical, Debian and 2 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2024-02-28 | 7.1 HIGH | N/A |
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). | |||||
CVE-2008-4187 | 1 Proactive Cms | 1 Proactive Cms | 2024-02-28 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. |