Total
266163 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3709 | 1 Hotscripts | 1 Cyboards Php Lite | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php. | |||||
| CVE-2008-5884 | 1 Zkesoft | 1 Ayeview | 2024-02-28 | 4.3 MEDIUM | N/A |
| AyeView 2.20 allows user-assisted attackers to cause a denial of service (application crash) via a GIF file with a malformed header. | |||||
| CVE-2009-1883 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.4 MEDIUM | N/A |
| The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage. | |||||
| CVE-2008-7132 | 1 Nuked-klan | 1 Nuked-klan | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.3 beta allows remote attackers to inject arbitrary web script or HTML via the nuked_nude parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1936 | 1 Cpcommerce Project | 1 Cpcommerce | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| _functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500. | |||||
| CVE-2008-4822 | 1 Adobe | 1 Flash Player | 2024-02-28 | 6.8 MEDIUM | N/A |
| Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy. | |||||
| CVE-2008-3021 | 1 Microsoft | 3 Office, Office Converter Pack, Works | 2024-02-28 | 9.3 HIGH | N/A |
| Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018. | |||||
| CVE-2008-1871 | 1 Scriptsagent | 1 Links Directory | 2024-02-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-2793 | 1 Clip-share | 1 Clipshare | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2008-7209 | 1 Insane Visions | 1 Onecms | 2024-02-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2009-2531 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2024-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530. | |||||
| CVE-2009-2273 | 1 Huawei | 2 D100, D100 Firmware | 2024-02-28 | 5.0 MEDIUM | N/A |
| The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2008-4370 | 1 Availscript | 1 Availscript Photo Album | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php. | |||||
| CVE-2009-0200 | 1 Openoffice | 1 Openoffice.org | 2024-02-28 | 9.3 HIGH | N/A |
| Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. | |||||
| CVE-2009-2444 | 1 Adbnewssender | 1 Adbnewssender | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php. | |||||
| CVE-2008-6660 | 1 Ozerov | 1 Bigdump | 2024-02-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2800 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 6.8 MEDIUM | N/A |
| Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. | |||||
| CVE-2008-3623 | 2 Apple, Microsoft | 3 Safari, Windows, Windows Vista | 2024-02-28 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. | |||||
| CVE-2009-4019 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-28 | 4.0 MEDIUM | N/A |
| mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. | |||||
| CVE-2009-2285 | 1 Libtiff | 1 Libtiff | 2024-02-28 | 4.3 MEDIUM | N/A |
| Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. | |||||