Total
266168 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3333 | 2 Alibasta, Mambo | 2 Com Koesubmit, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-4428 | 1 Phlatline | 1 Personal Information Manager | 2024-02-28 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory. | |||||
| CVE-2009-0841 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2024-02-28 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2007-5474 | 2 Atheros, Linksys | 2 Ar5416-ac1e Chipset, Wrt350n | 2024-02-28 | 6.3 MEDIUM | N/A |
| The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. | |||||
| CVE-2009-2819 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 9.3 HIGH | N/A |
| AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. | |||||
| CVE-2008-6425 | 1 Comicshout | 1 Comicshout | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456. | |||||
| CVE-2008-3100 | 1 Owl | 1 Intranet Knowledgebase | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php. | |||||
| CVE-2009-0649 | 1 Nokia | 2 N95, Symbian S60 Browser | 2024-02-28 | 7.8 HIGH | N/A |
| The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method. | |||||
| CVE-2008-6891 | 1 Codetoad | 1 Asp Forum Script | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp. | |||||
| CVE-2008-7072 | 1 Chipmunk-scripts | 1 Chipmunk Topsites | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||||
| CVE-2009-0082 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." | |||||
| CVE-2009-2435 | 1 Ibm | 1 Lotus Instant Messaging And Web Conferencing | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2009-2612 | 1 Prosmdr | 1 Prosmdr | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3859 | 1 Davlin | 1 Thickbox Gallery | 2024-02-28 | 5.0 MEDIUM | N/A |
| Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php. | |||||
| CVE-2009-2779 | 1 Ajsquare | 1 Aj Matrix Dna | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action. | |||||
| CVE-2003-1566 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
| Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. | |||||
| CVE-2008-5907 | 2 Debian, Libpng | 2 Debian Linux, Libpng | 2024-02-28 | 5.0 MEDIUM | N/A |
| The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability. | |||||
| CVE-2008-5155 | 1 Smsclient | 1 Smsclient | 2024-02-28 | 9.3 HIGH | N/A |
| mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file. | |||||
| CVE-2008-2695 | 1 Phpinv | 1 Phpinv | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||||
| CVE-2008-2433 | 1 Trendmicro | 3 Client Server Messaging Suite, Officescan, Worry-free Business Security | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration." | |||||