Total
266147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0523 | 1 Adobe | 2 Robohelp, Robohelp Server | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log. | |||||
| CVE-2009-2862 | 1 Cisco | 1 Ios | 2024-02-28 | 4.3 MEDIUM | N/A |
| The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252. | |||||
| CVE-2008-1606 | 1 Elastic Path | 1 Elastic Path | 2024-02-28 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp. | |||||
| CVE-2008-3292 | 1 Ezwebalbum | 1 Ezwebalbum | 2024-02-28 | 6.4 MEDIUM | N/A |
| constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php. | |||||
| CVE-2008-7129 | 1 Xyssl | 1 Xyssl | 2024-02-28 | 5.0 MEDIUM | N/A |
| XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification. | |||||
| CVE-2008-4943 | 1 Iglues | 1 Bulmages-servers | 2024-02-28 | 6.9 MEDIUM | N/A |
| bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4) installbulmages-db, and (5) actualizabulmafact scripts. | |||||
| CVE-2009-1787 | 1 Phpdirsubmit | 1 Php Dir Submit | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters. | |||||
| CVE-2009-3515 | 1 Marcin Manek | 1 D.net Cms | 2024-02-28 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter. | |||||
| CVE-2009-2769 | 1 Ultrize | 1 Timesheet | 2024-02-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter. | |||||
| CVE-2009-2124 | 1 Elvinbts | 1 Elvinbts | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. | |||||
| CVE-2008-3407 | 1 Phplinkat | 1 Phplinkat | 2024-02-28 | 5.0 MEDIUM | N/A |
| phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie. | |||||
| CVE-2008-3135 | 1 Secretwars | 1 Soldner Secret Wars | 2024-02-28 | 7.8 HIGH | N/A |
| Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a large numeric value in a 0x80 data block. | |||||
| CVE-2004-2763 | 1 Sun | 2 Iplanet Web Server, One Web Server | 2024-02-28 | 5.8 MEDIUM | N/A |
| The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | |||||
| CVE-2009-1484 | 1 Gecad | 1 Axigen Mail Server | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3898 | 2 F5, Nginx | 2 Nginx, Nginx | 2024-02-28 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. | |||||
| CVE-2009-0346 | 1 Sun | 2 Opensolaris, Solaris | 2024-02-28 | 4.9 MEDIUM | N/A |
| The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection. | |||||
| CVE-2008-6032 | 1 Wsn | 1 Links | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3408 | 1 Coolplayer | 1 Coolplayer | 2024-02-28 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file. | |||||
| CVE-2008-1557 | 1 Bolinos | 1 Bolinos | 2024-02-28 | 5.0 MEDIUM | N/A |
| BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function. | |||||
| CVE-2008-2176 | 1 Zomp | 1 Zomplog | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/category.php in Zomplog 3.8.2 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. | |||||