Total
266239 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5987 | 1 Gnome | 1 Eog | 2024-02-28 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
CVE-2008-2285 | 1 Ubuntu | 1 Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool. | |||||
CVE-2008-3515 | 1 Adobe | 1 Presenter | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516. | |||||
CVE-2009-0337 | 1 Katywhitton | 1 Blogit\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-5052 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 10.0 HIGH | N/A |
The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. | |||||
CVE-2003-1569 | 2 Goahead, Microsoft | 4 Goahead Webserver, Windows 95, Windows 98 and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. | |||||
CVE-2008-4584 | 1 Chilkat Software | 1 Mail | 2024-02-28 | 6.8 MEDIUM | N/A |
Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method. | |||||
CVE-2008-6982 | 1 Devalcms | 1 Devalcms | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter. | |||||
CVE-2008-5724 | 1 Eset | 1 Smart Security | 2024-02-28 | 7.2 HIGH | N/A |
The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory. | |||||
CVE-2009-2211 | 1 Ibm | 1 Rational Clearquest | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-0019 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.5 HIGH | N/A |
Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access. | |||||
CVE-2008-3718 | 1 Cyberbb | 1 Cyberbb | 2024-02-28 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php. | |||||
CVE-2008-6138 | 1 Webbiscuits | 1 Modules Controller | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | |||||
CVE-2008-4491 | 1 Apple | 2 Mac Os X, Mail | 2024-02-28 | 5.0 MEDIUM | N/A |
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | |||||
CVE-2009-0043 | 1 Ca | 2 Service Level Management, Service Metric Analysis | 2024-02-28 | 10.0 HIGH | N/A |
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2009-1066 | 1 Getpixie | 1 Pixie Cms | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request. | |||||
CVE-2008-6832 | 1 Atlassian | 1 Jira | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-3764 | 1 Turnkeywebtools | 1 Php Live Helper | 2024-02-28 | 7.5 HIGH | N/A |
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php. | |||||
CVE-2009-1228 | 1 Arcadwy | 1 Arcadwy Arcade Script Cms | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter). | |||||
CVE-2008-3653 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. |