Total
266166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-6410 | 1 Brian Wilson | 1 Ol\'bookmarks | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. | |||||
CVE-2009-0284 | 1 Flaxweb | 1 Flax Article Manager | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
CVE-2009-1361 | 1 Gscripts | 1 Dns Tools | 2024-02-28 | 10.0 HIGH | N/A |
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-2263 | 1 Awesomephp | 1 Mega File Manager | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
CVE-2008-5961 | 1 Tribiq | 1 Tribiq Cms | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-0738 | 1 Frankmancuso | 1 Auth Php | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | |||||
CVE-2008-7120 | 1 Mrcgiguy | 1 Hot Links Sql-php | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter. | |||||
CVE-2009-0376 | 1 Realnetworks | 1 Realplayer | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin. | |||||
CVE-2008-6130 | 1 Mozilo | 1 Mozilowiki | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters. | |||||
CVE-2008-1508 | 1 Efestech | 1 E-kontor | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in EfesTech E-Kontör and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-2080 | 1 Nasa Goddard Space Flight Center | 1 Common Data Format | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags. | |||||
CVE-2009-2834 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.9 MEDIUM | N/A |
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | |||||
CVE-2009-0383 | 1 Mzbservices | 1 Max.blog | 2024-02-28 | 6.4 MEDIUM | N/A |
delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request. | |||||
CVE-2008-5275 | 1 Net2ftp | 1 Net2ftp | 2024-02-28 | 7.5 HIGH | N/A |
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file. | |||||
CVE-2008-1849 | 3 Joomla, Joomlacode, Mambo | 3 Joomla, Joomlaexplorer, Mambo | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action. | |||||
CVE-2008-6936 | 1 Jabber | 1 Exodus | 2024-02-28 | 9.3 HIGH | N/A |
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935. | |||||
CVE-2008-2216 | 1 Pbcs | 1 Project-based Calendaring System | 2024-02-28 | 9.0 HIGH | N/A |
Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads. | |||||
CVE-2008-1462 | 1 Runcms | 1 Runcms | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action. | |||||
CVE-2009-1107 | 1 Sun | 1 Java | 2024-02-28 | 4.3 MEDIUM | N/A |
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | |||||
CVE-2008-2648 | 1 Mebiblio | 1 Mebiblio | 2024-02-28 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory. |