Total
266248 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5537 | 2 Microsoft, Pctools | 2 Internet Explorer, Pctools Antivirus | 2024-02-28 | 9.3 HIGH | N/A |
PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-5325 | 1 Ibm | 1 Rational Clearquest | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-6362 | 1 Ezonelink | 1 Multiple Membership Script | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-5123 | 1 Castillocentral | 1 Ccleague | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter. | |||||
CVE-2009-2590 | 1 Resalecode | 1 Hutscripts Php Website Script | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
CVE-2008-1334 | 1 Bt | 1 Home Hub | 2024-02-28 | 7.5 HIGH | N/A |
cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). NOTE: the '/' (slash) vector is already covered by CVE-2007-5383. | |||||
CVE-2008-5771 | 1 Phpweather | 1 Phpweather | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
CVE-2009-3389 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 9.3 HIGH | N/A |
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. | |||||
CVE-2009-0339 | 1 Dmxready | 1 Blog Manager | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action. | |||||
CVE-2009-1416 | 1 Gnu | 1 Gnutls | 2024-02-28 | 7.5 HIGH | N/A |
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. | |||||
CVE-2008-1648 | 1 Sympa | 1 Sympa | 2024-02-28 | 5.0 MEDIUM | N/A |
Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-6542 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files. | |||||
CVE-2009-0053 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2024-02-28 | 4.3 MEDIUM | N/A |
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error." | |||||
CVE-2009-2230 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter. | |||||
CVE-2008-4993 | 1 Xen | 1 Xen | 2024-02-28 | 6.9 MEDIUM | N/A |
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. | |||||
CVE-2008-4938 | 1 Aegis | 2 Aegis, Aegis-web | 2024-02-28 | 6.9 MEDIUM | N/A |
aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts. | |||||
CVE-2008-4709 | 1 Pilot Group | 1 Etraining | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2009-3344 | 2 Microsoft, Sap | 2 Windows Xp, Crystal Reports Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2008-2120 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | |||||
CVE-2008-1920 | 1 Icq | 1 Mirabilis Icq | 2024-02-28 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message. |