Total
266147 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5005 | 1 University Of Washington | 2 Alpine, Imap Toolkit | 2024-02-28 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program. | |||||
CVE-2009-2141 | 1 Tbdev | 1 Tbdev.net | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php. | |||||
CVE-2008-4216 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." | |||||
CVE-2008-3604 | 1 Zeescripts | 1 Zeebuddy | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||||
CVE-2009-3590 | 1 Vspanel | 1 Vs Panel | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter. | |||||
CVE-2008-6125 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2024-02-28 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. | |||||
CVE-2008-6483 | 2 Joomla, Virtuemart-solutions | 2 Joomla, Com Googlebase | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2008-6769 | 1 Peterselie | 1 Yourplace | 2024-02-28 | 6.0 MEDIUM | N/A |
Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||||
CVE-2008-7223 | 1 Linpha | 1 Linpha | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php. | |||||
CVE-2008-6918 | 1 Theportal2.pl | 1 Theportal2 | 2024-02-28 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/. | |||||
CVE-2009-3090 | 2 Ibm, Linux | 2 Tivoli Directory Server, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2008-6146 | 1 Deluxebb | 1 Deluxebb | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989. | |||||
CVE-2008-2824 | 1 Xerox | 1 Workcentre | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors. | |||||
CVE-2008-3131 | 1 Powie | 1 Psys | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter. | |||||
CVE-2008-2521 | 1 Yabsoft | 1 Mega File Hosting Script | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter. | |||||
CVE-2008-1368 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection. | |||||
CVE-2008-2963 | 1 Myblog | 1 Myblog | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php. | |||||
CVE-2008-6743 | 1 Shock-therapy | 1 Rsmscript | 2024-02-28 | 7.5 HIGH | N/A |
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php. | |||||
CVE-2008-1873 | 2 Microsoft, Tru-zone | 2 Internet Explorer, Nukeet | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-5790 | 2 Joomla, Recly | 2 Joomla, Competitions | 2024-02-28 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. |