Total
266251 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1356 | 1 Sun | 1 Solaris | 2024-02-28 | 6.3 MEDIUM | N/A |
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash. | |||||
CVE-2008-4457 | 1 Memht | 1 Memht Portal | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php. | |||||
CVE-2009-0111 | 1 Goople Cms | 1 Goople Cms | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2009-3243 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. | |||||
CVE-2009-2957 | 1 Thekelleys | 1 Dnsmasq | 2024-02-28 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. | |||||
CVE-2008-4047 | 1 Novell | 1 Novell Forum | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515. | |||||
CVE-2008-1834 | 1 Swfdec | 1 Swfdec | 2024-02-28 | 4.3 MEDIUM | N/A |
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file. | |||||
CVE-2008-4692 | 1 Ibm | 1 Db2 | 2024-02-28 | 10.0 HIGH | N/A |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | |||||
CVE-2008-1371 | 1 Drake Team | 1 Drake Cms | 2024-02-28 | 3.6 LOW | N/A |
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-1794 | 1 Drupal | 1 Webform Module | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-0713 | 1 Hp | 1 Systems Insight Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
CVE-2009-2415 | 1 Memcachedb | 1 Memcached | 2024-02-28 | 10.0 HIGH | N/A |
Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows. | |||||
CVE-2009-1497 | 1 Gomlab | 1 Gom Player | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file. | |||||
CVE-2008-2691 | 1 Jiro | 1 Faq Manager Experience | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter. | |||||
CVE-2008-6471 | 1 Mountaingrafix | 1 Easylink | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action. | |||||
CVE-2008-3963 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-28 | 4.0 MEDIUM | N/A |
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. | |||||
CVE-2009-1942 | 1 Drupal | 1 Quiz | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-1712 | 1 Apple | 1 Safari | 2024-02-28 | 9.3 HIGH | N/A |
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. | |||||
CVE-2008-4261 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | |||||
CVE-2009-0107 | 1 Phpauctions | 1 Phpauctions | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. |