Total
266352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1090 | 1 Microsoft | 2 Office, Visio | 2024-02-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." | |||||
| CVE-2009-0546 | 1 Newsgator | 1 Feeddemon | 2024-02-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file. | |||||
| CVE-2008-4672 | 1 Goodlyrics | 1 Lyrics Script | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows remote attackers to inject arbitrary web script or HTML via the k parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1507 | 1 Peel | 1 Peel | 2024-02-28 | 7.5 HIGH | N/A |
| PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account with password admin, and (2) a default contact@peel.fr account with password cinema, which allows remote attackers to gain administrative access. | |||||
| CVE-2008-3948 | 1 Xrms | 1 Xrms Crm | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors. | |||||
| CVE-2008-6407 | 1 Brian Wilson | 1 Ol\'bookmarks | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter. | |||||
| CVE-2008-4278 | 2 Microsoft, Vmware | 3 Windows, Virtual Infrastructure Client, Virtualcenter | 2024-02-28 | 2.1 LOW | N/A |
| VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. | |||||
| CVE-2009-2093 | 1 Ibm | 1 Websphere Partner Gateway | 2024-02-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1656 | 1 Xerox | 1 Workcentre | 2024-02-28 | 10.0 HIGH | N/A |
| Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." | |||||
| CVE-2008-3838 | 1 Sun | 2 Opensolaris, Solaris | 2024-02-28 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service. | |||||
| CVE-2008-6341 | 1 Typo3 | 2 Sb Universal Plugin, Typo3 | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1757 | 1 Transmissionbt | 1 Transmission | 2024-02-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2009-2556 | 1 Google | 1 Chrome | 2024-02-28 | 9.3 HIGH | N/A |
| Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation. | |||||
| CVE-2009-2893 | 1 Xzeroscripts | 1 Xzero Community Classifieds | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter. | |||||
| CVE-2008-4922 | 2 Djvu, Microsoft | 2 Activex Control For Microsoft Office 2000, Office | 2024-02-28 | 9.3 HIGH | N/A |
| Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties. | |||||
| CVE-2009-0680 | 1 Netgear | 1 Ssl312 | 2024-02-28 | 7.8 HIGH | N/A |
| cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. | |||||
| CVE-2009-1245 | 1 Cccp-common-clan-portal-pasterbin | 1 Cccp Pastebin | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4253 | 1 Microsoft | 5 Office Frontpage, Project, Visual Basic and 2 more | 2024-02-28 | 8.5 HIGH | N/A |
| The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." | |||||
| CVE-2008-5846 | 1 Sixapart | 1 Movable Type | 2024-02-28 | 4.0 MEDIUM | N/A |
| Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen." | |||||
| CVE-2008-6672 | 1 Vertex4 | 1 Sunage | 2024-02-28 | 5.0 MEDIUM | N/A |
| Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service ("runtime error") via a crafted join packet to UDP port 27960, probably related to an invalid nickname command. | |||||