Total
266166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4379 | 1 Mr. Cgi Guy | 1 Hot Links Sql Php | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
CVE-2008-6275 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. | |||||
CVE-2009-2486 | 1 Sun | 2 Opensolaris, Solaris | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets. | |||||
CVE-2008-2048 | 1 Aspindir | 1 Angelo-emlak | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. | |||||
CVE-2008-6777 | 1 Myphp | 1 Myphp Forum | 2024-02-28 | 5.1 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667. | |||||
CVE-2009-1857 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-28 | 9.3 HIGH | N/A |
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font. | |||||
CVE-2008-5997 | 1 Ocp2 | 1 Omnicom Content Platform | 2024-02-28 | 7.8 HIGH | N/A |
Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter. | |||||
CVE-2008-4416 | 1 Hp | 1 Hp-ux | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. | |||||
CVE-2009-2675 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 10.0 HIGH | N/A |
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | |||||
CVE-2009-2910 | 6 Canonical, Fedoraproject, Linux and 3 more | 13 Ubuntu Linux, Fedora, Linux Kernel and 10 more | 2024-02-28 | 2.1 LOW | N/A |
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. | |||||
CVE-2008-4895 | 1 Yourfreeworld | 1 Downline Builder Script | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-4170 | 1 Oscommerce | 1 Oscommerce | 2024-02-28 | 5.0 MEDIUM | N/A |
create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message. | |||||
CVE-2008-4476 | 1 Sympa | 1 Sympa | 2024-02-28 | 6.9 MEDIUM | N/A |
sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability. | |||||
CVE-2008-2667 | 2 Courier-mta, Suse | 2 Courtier-authlib, Open Suse | 2024-02-28 | 5.1 MEDIUM | N/A |
SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors. | |||||
CVE-2008-6882 | 2 Joomla, Joompolitan | 2 Joomla, Com Livechat | 2024-02-28 | 7.5 HIGH | N/A |
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. | |||||
CVE-2008-5626 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2024-02-28 | 4.0 MEDIUM | N/A |
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument. | |||||
CVE-2009-1979 | 1 Oracle | 1 Database Server | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution. | |||||
CVE-2008-6559 | 1 Sco | 2 Reliantha, Unixware | 2024-02-28 | 7.2 HIGH | N/A |
Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters. | |||||
CVE-2008-3029 | 1 Typo3 | 1 Wec Discussion Forum | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-2591 | 1 Oracle | 2 Database 9i, Database Server | 2024-02-28 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors. |