Total
266689 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3970 | 1 Phpdirsubmit | 1 Php Dir Submit | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action. | |||||
CVE-2009-1622 | 1 Ecshop | 1 Ecshop | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action. | |||||
CVE-2009-2449 | 1 Adbnewssender | 1 Adbnewssender | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter. | |||||
CVE-2008-1506 | 1 Peel | 1 Peel | 2024-02-28 | 5.0 MEDIUM | N/A |
PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
CVE-2009-2939 | 3 Debian, Postfix, Ubuntu | 3 Debian Linux, Postfix, Ubuntu Linux | 2024-02-28 | 6.9 MEDIUM | N/A |
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. | |||||
CVE-2009-2165 | 1 Serendipitynz | 1 Serene Bach | 2024-02-28 | 7.5 HIGH | N/A |
SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | |||||
CVE-2008-3283 | 2 Fedora, Redhat | 2 Directory Server, Directory Server | 2024-02-28 | 7.8 HIGH | N/A |
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. | |||||
CVE-2008-1526 | 1 Zyxel | 38 P-660h-61, P-660h-61 Firmware, P-660h-63 and 35 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords. | |||||
CVE-2008-5852 | 1 Emefa | 1 Emefa Guestbook | 2024-02-28 | 5.0 MEDIUM | N/A |
Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb. | |||||
CVE-2008-2051 | 1 Php | 1 Php | 2024-02-28 | 10.0 HIGH | N/A |
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." | |||||
CVE-2009-0741 | 1 Craftsilicon | 1 Banking\@home | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter. | |||||
CVE-2008-1108 | 1 Gnome | 1 Evolution | 2024-02-28 | 7.6 HIGH | N/A |
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. | |||||
CVE-2008-3262 | 1 Claroline | 1 Claroline | 2024-02-28 | 5.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password. | |||||
CVE-2008-1548 | 1 Aeries | 1 Aeries Student Information System | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr parameter to Login.asp. | |||||
CVE-2008-4725 | 1 Opera | 1 Opera Browser | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60. | |||||
CVE-2008-4230 | 1 Apple | 2 Iphone Os, Ipod Touch | 2024-02-28 | 1.9 LOW | N/A |
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. | |||||
CVE-2008-4157 | 1 Vastal | 1 Phpvid | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected. | |||||
CVE-2008-4756 | 1 Php-daily | 1 Php-daily | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter. | |||||
CVE-2008-4121 | 1 Cpcommerce | 1 Cpcommerce | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php. | |||||
CVE-2008-6154 | 1 Hispah | 1 Text Links Ads | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter. |