Total
266701 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3240 | 2 Ohwada, Xoops | 2 Xf-section, Xoops | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-0842 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2024-02-28 | 4.3 MEDIUM | N/A |
| mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink. | |||||
| CVE-2009-4051 | 1 Downstairs.dnsalias | 1 Home Ftp Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via multiple invalid SITE INDEX commands. | |||||
| CVE-2009-0249 | 1 Katywhitton | 1 Rankem | 2024-02-28 | 5.0 MEDIUM | N/A |
| Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb. | |||||
| CVE-2008-6397 | 1 Alcovebook | 1 Sgml2x | 2024-02-28 | 4.4 MEDIUM | N/A |
| rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2008-2957 | 1 Pidgin | 1 Pidgin | 2024-02-28 | 6.4 MEDIUM | N/A |
| The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | |||||
| CVE-2009-2582 | 1 Akamai Technologies | 1 Download Manager | 2024-02-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. | |||||
| CVE-2009-3538 | 1 Allisclear | 1 Clear Content | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5903 | 1 Xrdp | 1 Xrdp | 2024-02-28 | 7.5 HIGH | N/A |
| Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member. | |||||
| CVE-2008-3663 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-28 | 5.0 MEDIUM | N/A |
| Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | |||||
| CVE-2008-6412 | 1 Vignette | 1 Vignette Content Management | 2024-02-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors. | |||||
| CVE-2008-6977 | 1 Fullrevolution | 1 Aspwebalbum | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action. | |||||
| CVE-2008-7136 | 1 Icq | 1 Icq Toolbar | 2024-02-28 | 4.3 MEDIUM | N/A |
| toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135. | |||||
| CVE-2008-2115 | 1 Scriptsez | 1 Power Editor | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action. | |||||
| CVE-2009-2945 | 1 Stanford | 1 Webauth | 2024-02-28 | 4.3 MEDIUM | N/A |
| weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||
| CVE-2009-0211 | 1 Areva | 1 E-terrahabitat | 2024-02-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32018. | |||||
| CVE-2008-2357 | 1 Matt Kimball And Roger Wolff | 1 Mtr | 2024-02-28 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. | |||||
| CVE-2009-3899 | 1 Sun | 2 Opensolaris, Solaris | 2024-02-28 | 7.8 HIGH | N/A |
| Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2009-3586 | 1 Frank Yaul | 1 Corehttp | 2024-02-28 | 7.5 HIGH | N/A |
| Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2007-4060. | |||||
| CVE-2008-3244 | 1 F-prot | 2 F-prot Antivirus, Scanning Engine | 2024-02-28 | 4.3 MEDIUM | N/A |
| The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read. | |||||