Total
266150 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0291 | 1 Openx | 1 Openx | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter. | |||||
CVE-2009-0584 | 2 Argyllcms, Ghostscript | 2 Cms, Ghostscript | 2024-02-28 | 9.3 HIGH | N/A |
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. | |||||
CVE-2008-6728 | 1 Phpnuke | 1 Php-nuke | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php. | |||||
CVE-2008-6175 | 1 K2sxs | 1 Silvershield | 2024-02-28 | 5.0 MEDIUM | N/A |
SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command. | |||||
CVE-2008-2960 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/. | |||||
CVE-2008-6097 | 1 Wikyblog | 1 Wikyblog | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php. | |||||
CVE-2009-3038 | 2 Ibm, Rim | 2 Lotus Notes Connector, Blackberry Desktop Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element. | |||||
CVE-2008-3348 | 1 Myiosoft | 1 Easydynamicpages | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the year parameter. | |||||
CVE-2008-2174 | 1 Shelter Manager | 1 Animal Shelter Manager | 2024-02-28 | 6.5 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 have unknown impact and attack vectors, related to "various areas where security was missing." | |||||
CVE-2008-1924 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 3.5 LOW | N/A |
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. | |||||
CVE-2008-3661 | 1 Drupal | 1 Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | |||||
CVE-2008-5579 | 1 Mini-pub | 1 Mini-pub | 2024-02-28 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter. | |||||
CVE-2009-2334 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2024-02-28 | 4.9 MEDIUM | N/A |
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service. | |||||
CVE-2009-1769 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2024-02-28 | 5.0 MEDIUM | N/A |
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames. | |||||
CVE-2008-2142 | 1 Gnu | 2 Emacs, Xemacs | 2024-02-28 | 6.8 MEDIUM | N/A |
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. | |||||
CVE-2008-3836 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | N/A |
feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions. | |||||
CVE-2009-1387 | 3 Canonical, Openssl, Redhat | 3 Ubuntu Linux, Openssl, Openssl | 2024-02-28 | 5.0 MEDIUM | N/A |
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." | |||||
CVE-2008-4636 | 3 Novell, Opensuse, Suse | 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more | 2024-02-28 | 7.2 HIGH | N/A |
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. | |||||
CVE-2009-0418 | 1 Hp | 1 Hp-ux | 2024-02-28 | 9.3 HIGH | N/A |
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | |||||
CVE-2008-4646 | 1 Websense | 1 Enterpise | 2024-02-28 | 2.1 LOW | N/A |
The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database. |