Total
266239 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5451 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
CVE-2009-1026 | 1 Kimwebsites | 1 Kim Websites | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
CVE-2008-4556 | 1 Sun | 1 Solaris | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. | |||||
CVE-2009-1779 | 1 Frax | 1 Php Recommend | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter. | |||||
CVE-2009-1037 | 1 Drupal | 2 Drupal, Print | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API. | |||||
CVE-2009-0441 | 1 Technote | 1 Technote | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138. | |||||
CVE-2009-0417 | 1 Agavi | 1 Agavi | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not properly handled by web browsers that do not strictly follow RFC 3986, such as Internet Explorer 6 and 7. | |||||
CVE-2008-5273 | 1 Toddwoolums | 1 Todd Woolums Asp News Management | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter. | |||||
CVE-2009-2338 | 1 Freewebshop | 1 Freewebshop | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter. | |||||
CVE-2009-1732 | 1 Richard Ellerbrock | 1 Ipplan | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin/usermanager in IPplan 4.91a allows remote attackers to inject arbitrary web script or HTML via the grp parameter. | |||||
CVE-2008-4304 | 1 Phpcollab | 1 Phpcollab | 2024-02-28 | 10.0 HIGH | N/A |
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells. | |||||
CVE-2008-5072 | 1 K-lite | 1 Mega Codec Pack | 2024-02-28 | 4.3 MEDIUM | N/A |
vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file. | |||||
CVE-2008-6439 | 1 Abledating | 1 Abledating | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
CVE-2008-2109 | 1 Media-libs | 1 Libid3tag | 2024-02-28 | 5.0 MEDIUM | N/A |
field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop. | |||||
CVE-2009-1714 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. | |||||
CVE-2009-1602 | 1 Pablosoftwaresolutions | 1 Quick\'n Easy Mail Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote attackers to cause a denial of service (daemon outage or CPU consumption) via multiple long SMTP commands, as demonstrated by HELO commands. | |||||
CVE-2008-6214 | 1 Harlandscripts | 1 Pro Traffic One | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2009-3396 | 1 Oracle | 1 Bea Product Suite | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2.3, 10.0.1, and 10.3 allows remote attackers to affect integrity, related to WLS Console. | |||||
CVE-2009-2236 | 1 Yourarticlesdirectory | 1 Your Articles Directory | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2753 | 1 Paridel | 1 Pooya Site Builder | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/. |