Total
266151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4175 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2024-02-28 | 5.0 MEDIUM | N/A |
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message. | |||||
CVE-2009-3623 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.8 HIGH | N/A |
The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request. | |||||
CVE-2008-6886 | 1 Rsa | 1 Envision | 2024-02-28 | 5.0 MEDIUM | N/A |
RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks. | |||||
CVE-2008-1790 | 1 Iscripts | 1 Socialware | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. | |||||
CVE-2008-7243 | 1 Modxcms | 1 Modxcms | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php. NOTE: due to the lack of details, it is not clear whether this is related to CVE-2008-5941. | |||||
CVE-2009-3071 | 1 Mozilla | 1 Firefox | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2009-0347 | 1 Autonomy | 1 Ultraseek | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | |||||
CVE-2008-2896 | 1 Getfireant | 1 Fireant | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
CVE-2008-5868 | 1 Intellitamper | 1 Intellitamper | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user-assisted attackers to execute arbitrary code via a long ProxyLogin value in a configuration (.cfg) file. | |||||
CVE-2009-3472 | 1 Ibm | 1 Db2 | 2024-02-28 | 6.5 MEDIUM | N/A |
IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors. | |||||
CVE-2008-0322 | 1 Microsoft | 1 Windows Xp | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. | |||||
CVE-2009-0755 | 1 Poppler | 1 Poppler | 2024-02-28 | 5.0 MEDIUM | N/A |
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. | |||||
CVE-2008-2949 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. | |||||
CVE-2008-6360 | 1 Impresscms | 1 Impresscms | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-3762 | 1 Turnkeywebtools | 1 Php Live Helper | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php. | |||||
CVE-2008-3459 | 1 Openvpn | 1 Openvpn | 2024-02-28 | 7.6 HIGH | N/A |
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | |||||
CVE-2008-5193 | 1 Philboard | 1 Philboard | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024. | |||||
CVE-2009-2898 | 1 Springsource | 3 Application Management Suite, Hyperic Hq, Tc Server | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-3562 | 1 Chupix | 2 Chupix Cms, Cms Contact Module | 2024-02-28 | 5.1 MEDIUM | N/A |
Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mods parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-6947 | 1 Collabtive | 1 Collabtive | 2024-02-28 | 7.5 HIGH | N/A |
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php. |