Total
266147 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-6946 | 1 Collabtive | 1 Collabtive | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php. | |||||
CVE-2009-1707 | 1 Apple | 1 Safari | 2024-02-28 | 1.2 LOW | N/A |
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. | |||||
CVE-2009-0016 | 2 Apple, Microsoft | 2 Itunes, Windows | 2024-02-28 | 5.0 MEDIUM | N/A |
Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | |||||
CVE-2008-4500 | 1 Solarwinds | 1 Serv-u File Server | 2024-02-28 | 4.0 MEDIUM | N/A |
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1". | |||||
CVE-2009-1385 | 2 Intel, Linux | 3 E1000, Kernel, Linux Kernel | 2024-02-28 | 7.8 HIGH | N/A |
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. | |||||
CVE-2008-1773 | 1 Dragoon | 1 Dragoon | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
CVE-2009-0031 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree." | |||||
CVE-2009-3746 | 1 Sun | 1 Solaris | 2024-02-28 | 1.9 LOW | N/A |
XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711. | |||||
CVE-2008-5874 | 2 Joomla, Joomlahbs | 4 Joomla, Com 5starhotels, Com Allhotels and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2411 | 1 Sazcart | 1 Sazcart | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action. | |||||
CVE-2009-1019 | 1 Oracle | 1 Database Server | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2009-0252 | 1 Enthrallweb | 1 Ereservations | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-4472 | 1 Autodesk | 3 Design Review, Dwf Viewer, Revit Architecture | 2024-02-28 | 9.3 HIGH | N/A |
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. | |||||
CVE-2009-1014 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2024-02-28 | 5.8 MEDIUM | N/A |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1013. | |||||
CVE-2008-1783 | 1 Prozilla | 1 Reviews | 2024-02-28 | 6.4 MEDIUM | N/A |
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. | |||||
CVE-2008-1756 | 1 Sun | 1 N1 Grid Engine | 2024-02-28 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors. | |||||
CVE-2008-6530 | 1 Ezonescripts | 1 Living Local | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | |||||
CVE-2009-0599 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. | |||||
CVE-2008-2739 | 1 Cisco | 1 Ios | 2024-02-28 | 7.8 HIGH | N/A |
The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447. | |||||
CVE-2008-5063 | 1 Otmanager | 1 Otmanager | 2024-02-28 | 10.0 HIGH | N/A |
PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter. |