Total
266242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2341 | 1 Avalonnet | 1 News Manager | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter. | |||||
| CVE-2008-2897 | 1 Pagesquid | 1 Pagesquid Cms | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-5100 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 10.0 HIGH | N/A |
| The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs. | |||||
| CVE-2009-1737 | 1 Diqiye | 1 Mypic | 2024-02-28 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
| CVE-2008-4546 | 1 Adobe | 1 Flash Player | 2024-02-28 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers. | |||||
| CVE-2008-3488 | 1 Novell | 1 Imanager | 2024-02-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors. | |||||
| CVE-2009-0777 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | |||||
| CVE-2008-6644 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2009-1579 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-28 | 6.8 MEDIUM | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. | |||||
| CVE-2009-1409 | 1 E107 | 1 E107 | 2024-02-28 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320. | |||||
| CVE-2008-1428 | 1 Drupal | 1 Ubercart Module | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product. | |||||
| CVE-2009-0220 | 1 Microsoft | 1 Office Powerpoint | 2024-02-28 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability." | |||||
| CVE-2008-5617 | 1 Rsyslog | 1 Rsyslog | 2024-02-28 | 8.5 HIGH | N/A |
| The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | |||||
| CVE-2009-3888 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
| The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory. | |||||
| CVE-2008-1445 | 1 Microsoft | 3 Windows-nt, Windows 2003 Server, Windows Xp | 2024-02-28 | 7.1 HIGH | N/A |
| Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. | |||||
| CVE-2008-4577 | 4 Canonical, Dovecot, Fedoraproject and 1 more | 4 Ubuntu Linux, Dovecot, Fedora and 1 more | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
| The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2009-2561 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors. | |||||
| CVE-2008-1677 | 1 Redhat | 2 Directory Server, Fedora Directory Server | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression. | |||||
| CVE-2008-4999 | 1 Nortel | 1 Unistim Ip Phone | 2024-02-28 | 7.8 HIGH | N/A |
| Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue. | |||||
| CVE-2009-2682 | 1 Hp | 1 Hp-ux | 2024-02-28 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors. | |||||