Total
266158 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5705 | 1 Verlihub-project | 1 Verlihub | 2024-02-28 | 9.3 HIGH | N/A |
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument. | |||||
CVE-2008-4009 | 1 Oracle | 1 Bea Product Suite | 2024-02-28 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configuring multiple authorizers, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2009-3987 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 7.8 HIGH | N/A |
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. | |||||
CVE-2009-3558 | 1 Php | 1 Php | 2024-02-28 | 6.8 MEDIUM | N/A |
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. | |||||
CVE-2009-1534 | 1 Microsoft | 5 Biztalk Server, Isa Server, Office and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." | |||||
CVE-2008-2136 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 7.8 HIGH | N/A |
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. | |||||
CVE-2008-6087 | 1 Camera Life | 1 Camera Life | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
CVE-2008-1337 | 1 Netopia | 1 Timbuktu Pro | 2024-02-28 | 5.0 MEDIUM | N/A |
The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message. | |||||
CVE-2008-5241 | 1 Xine | 1 Xine-lib | 2024-02-28 | 4.3 MEDIUM | N/A |
Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM). | |||||
CVE-2008-4611 | 1 Php Arsivimiz | 1 Php Ziyaretci Defteri | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. | |||||
CVE-2009-0388 | 2 Tightvnc, Ultravnc | 2 Tightvnc, Ultravnc | 2024-02-28 | 10.0 HIGH | N/A |
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp. | |||||
CVE-2008-2853 | 1 Easy Webstore | 1 Easy Webstore | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. | |||||
CVE-2008-1398 | 1 Auracms | 1 Auracms | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | |||||
CVE-2008-4145 | 1 Addalink | 1 Addalink | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
CVE-2008-4674 | 1 Conkurent | 1 Real Estate | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode. | |||||
CVE-2008-0047 | 2 Apple, Cups | 3 Mac Os X, Mac Os X Server, Cups | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. | |||||
CVE-2009-0548 | 1 Eset | 1 Remote Administrator | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-2392 | 1 Virtuenetz | 1 Virtue Online Test Generator | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
CVE-2008-6905 | 1 Babbleboard | 1 Babbleboard | 2024-02-28 | 6.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page. | |||||
CVE-2008-3714 | 1 Awstats | 1 Awstats | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945. |