Total
266245 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2905 | 1 Fedorahosted | 1 Newt | 2024-02-28 | 4.6 MEDIUM | N/A |
| Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box. | |||||
| CVE-2008-6788 | 1 Minddezign | 1 Photo Gallery | 2024-02-28 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php. | |||||
| CVE-2008-4015 | 1 Oracle | 1 Database 10g | 2024-02-28 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_STREAMS_AUTH. | |||||
| CVE-2009-1135 | 1 Microsoft | 1 Isa Server | 2024-02-28 | 9.0 HIGH | N/A |
| Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." | |||||
| CVE-2008-1858 | 1 724cms | 1 724cms | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-5820 | 1 Edreamers | 1 Ednews | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2008-5663 | 1 Kusaba | 1 Kusaba | 2024-02-28 | 9.0 HIGH | N/A |
| Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory. | |||||
| CVE-2009-0773 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 10.0 HIGH | N/A |
| The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | |||||
| CVE-2008-3401 | 1 Hscripts | 1 Hiox Random Ad | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | |||||
| CVE-2009-3815 | 1 Runcms | 1 Runcms | 2024-02-28 | 5.0 MEDIUM | N/A |
| RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a call to the preg_match function. | |||||
| CVE-2008-2801 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 7.5 HIGH | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files. | |||||
| CVE-2009-0651 | 1 Symantec | 1 Veritas Netbackup Server \/enterprise Server | 2024-02-28 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Veritas network daemon (aka vnetd) in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup." | |||||
| CVE-2009-0760 | 1 Team5 | 1 Team Board | 2024-02-28 | 5.0 MEDIUM | N/A |
| Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb. | |||||
| CVE-2008-6950 | 1 Webhost-panel | 1 Bankoi Webhosting Control Panel | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. | |||||
| CVE-2008-4707 | 1 Sylvain Pasquet | 1 Bbzl Php | 2024-02-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a .. (dot dot) in the lien_2 parameter. | |||||
| CVE-2009-2740 | 1 Ca | 1 Host-based Intrusion Prevention System | 2024-02-28 | 5.0 MEDIUM | N/A |
| kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet. | |||||
| CVE-2009-0644 | 1 Swannsecurity | 1 Dvr4-securanet | 2024-02-28 | 5.0 MEDIUM | N/A |
| The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access. | |||||
| CVE-2008-3778 | 1 Avaya | 3 Communication Manager, S8300c Server, Sip Enablement Services | 2024-02-28 | 7.5 HIGH | N/A |
| The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request. | |||||
| CVE-2009-3445 | 1 Code-crafters | 1 Ability Mail Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (daemon crash) via an IMAP4 FETCH command. | |||||
| CVE-2008-2666 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. | |||||