Total
266684 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-7001 | 1 Creative Mind | 1 Creator Cms | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2009-3653 | 2 Darren Oh, Drupal | 2 Xml Sitemap, Drupal | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output. | |||||
CVE-2008-4339 | 1 Symantec | 2 Netbackup Enterprise Server, Netbackup Server | 2024-02-28 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to "bpjava* binaries." | |||||
CVE-2008-3311 | 1 Adam Scheinberg | 1 Flip | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | |||||
CVE-2008-7201 | 1 Lantronix | 1 Mss485-t | 2024-02-28 | 7.8 HIGH | N/A |
Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap. | |||||
CVE-2008-6726 | 1 Cmscout | 1 Cmscout | 2024-02-28 | 6.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415. | |||||
CVE-2009-3823 | 1 Ac4p | 1 Mobilelib Gold | 2024-02-28 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter. | |||||
CVE-2008-6931 | 1 Phpstore | 1 Phpcareers | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images. | |||||
CVE-2008-4414 | 1 Hp | 1 Tru64 | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors. | |||||
CVE-2009-1930 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. | |||||
CVE-2008-6131 | 1 Mozilo | 1 Mozilowiki | 2024-02-28 | 6.0 MEDIUM | N/A |
Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
CVE-2008-1411 | 1 Acronis | 1 Snap Deploy | 2024-02-28 | 5.0 MEDIUM | N/A |
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference. | |||||
CVE-2009-3395 | 1 Oracle | 1 E-business Suite | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the AutoVue component in Oracle E-Business Suite 19.3.2 allows remote attackers to affect availability via unknown vectors. | |||||
CVE-2008-5090 | 1 Anelectron | 1 Advanced Electron Forum | 2024-02-28 | 10.0 HIGH | N/A |
Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch. | |||||
CVE-2008-4176 | 1 Asp Indir | 1 Fot Video Scripti | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter. | |||||
CVE-2009-3172 | 1 Hitachi | 3 Groupmax Groupware Server, Groupmax Scheduler Server Set, Groupmax Server Set | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights. | |||||
CVE-2008-2586 | 1 Oracle | 2 Application Object Library, E-business Suite | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2606. | |||||
CVE-2009-3085 | 1 Pidgin | 2 Libpurple, Pidgin | 2024-02-28 | 5.0 MEDIUM | N/A |
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. | |||||
CVE-2008-7130 | 1 Peter Kohlmann | 1 Db2 Monitoring Console | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to upload arbitrary files via unknown vectors. | |||||
CVE-2009-2036 | 1 Geekbill | 1 Open Biller | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. |