Total
266700 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3289 | 1 Storcentric | 1 Retrospect Backup Client | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet. | |||||
| CVE-2009-3509 | 1 Cj-design | 1 Cj Dynamic Poll | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2009-2640 | 1 Interlogy | 1 Profile Manager | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action. | |||||
| CVE-2008-4055 | 1 Texmedia | 1 Million Pixel Script | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter. | |||||
| CVE-2009-0716 | 1 Hp | 1 Storageworks Storage Mirroring | 2024-02-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors. | |||||
| CVE-2009-1456 | 1 Stephane Rajalu | 1 Malleo | 2024-02-28 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2008-2122 | 1 Ibm | 1 Rational Build Forge | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets. | |||||
| CVE-2009-2021 | 1 Virtuenetz | 1 Virtue Classifieds | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-4359 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2024-02-28 | 7.5 HIGH | N/A |
| lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. | |||||
| CVE-2008-6451 | 1 Jportal | 1 Jportal | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509. | |||||
| CVE-2009-1312 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | |||||
| CVE-2008-3602 | 1 Psychdaily | 1 Php Ring Webring System | 2024-02-28 | 7.5 HIGH | N/A |
| admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
| CVE-2009-1675 | 1 Electrasoft | 1 32bit Ftp | 2024-02-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command. | |||||
| CVE-2009-0174 | 1 Vuplayer | 1 Vuplayer | 2024-02-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file. | |||||
| CVE-2008-4016 | 1 Oracle | 1 Collaboration Suite | 2024-02-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2008-1624 | 1 Whorl Ltd | 1 Jshop Server | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter. | |||||
| CVE-2009-2633 | 2 Joomla, Ordasoft | 2 Joomla, Com Vehiclemanager | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2009-0569 | 1 Rimarts | 1 Becky\! Internet Mail | 2024-02-28 | 9.3 HIGH | N/A |
| Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request. | |||||
| CVE-2009-4065 | 2 Drupal, Jeff Miccolis | 2 Drupal, Strongarm Module | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables. | |||||
| CVE-2008-2899 | 1 J00lean-cms | 1 J00lean-cms | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors. | |||||