Total
266170 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4334 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.6 MEDIUM | N/A |
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. | |||||
CVE-2009-0705 | 1 Powerscripts | 1 Powernews | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
CVE-2008-2563 | 1 Samtodo | 1 Samtodo | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.php and (2) dsp_task_editor.php in SamTodo 1.1 allow remote attackers to inject arbitrary web script or HTML via the (a) tid parameter in a main.taskeditor edit action, and the (b) completed parameter in a main.default action, to index.php. | |||||
CVE-2008-4639 | 1 Sentex | 1 Jhead | 2024-02-28 | 4.6 MEDIUM | N/A |
jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2008-5360 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-02-28 | 6.4 MEDIUM | N/A |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. | |||||
CVE-2009-2233 | 1 Awscripts | 1 Gallery Search Engine | 2024-02-28 | 7.5 HIGH | N/A |
The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. | |||||
CVE-2008-6373 | 1 Nagios | 1 Nagios | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." | |||||
CVE-2009-0746 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. | |||||
CVE-2009-1778 | 1 Bigace | 1 Bigace Cms | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2008-6332 | 1 Simplecustomer | 1 Simple Customer | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
CVE-2008-3846 | 1 Aquagardensoft | 1 Mysql-lists | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-2154 | 1 Sappy.dk | 1 Impleo Music Collection | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2008-3247 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors. | |||||
CVE-2009-1213 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing. | |||||
CVE-2009-2104 | 2 Typo3, Udo Von Eynern | 2 Typo3, Modern Guest Book Commenting System | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-5307 | 1 Pilot Group | 1 Pg Real Roommate Finder Solution | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2506 | 1 Simpel Side | 1 Weblosning | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php. | |||||
CVE-2009-4063 | 2 Drupal, Ezra Barnett Gildesgame | 2 Drupal, Og Subgroups | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles. | |||||
CVE-2009-2843 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. | |||||
CVE-2008-1833 | 1 Clam Anti-virus | 1 Clamav | 2024-02-28 | 7.5 HIGH | N/A |
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary. |