Total
266147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3945 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. | |||||
| CVE-2008-1609 | 1 Jaf Cms | 1 Jaf Cms | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127. | |||||
| CVE-2009-0296 | 1 Gempar | 1 Script Toko Online | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2009-2555 | 1 Google | 2 Chrome, V8 | 2024-02-28 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression. | |||||
| CVE-2008-2486 | 1 Emule | 1 Emule Plus | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in eMule Plus before 1.2d has unknown impact and attack vectors related to "staticservers.dat processing." | |||||
| CVE-2008-0948 | 1 Mit | 1 Kerberos 5 | 2024-02-28 | 9.3 HIGH | N/A |
| Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors. | |||||
| CVE-2008-4415 | 1 Hp | 1 Service Manager | 2024-02-28 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
| CVE-2009-3725 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
| The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems. | |||||
| CVE-2008-1235 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." | |||||
| CVE-2008-5240 | 1 Xine | 1 Xine-lib | 2024-02-28 | 4.3 MEDIUM | N/A |
| xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value. | |||||
| CVE-2008-1028 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. | |||||
| CVE-2008-1102 | 1 Blender | 1 Blender | 2024-02-28 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image. | |||||
| CVE-2008-3237 | 1 Itechscripts | 1 Itechbids | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter. | |||||
| CVE-2009-3219 | 1 The-ghost | 1 Ar Web Content Manager | 2024-02-28 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter. | |||||
| CVE-2009-1247 | 1 Acutecp.rediscussed | 1 Acutecp | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-6041 | 1 Dataspade | 1 Dataspade | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (4) FilterField parameters. | |||||
| CVE-2009-1884 | 2 Bzip, Perl | 2 Compress-raw-bzip2, Perl | 2024-02-28 | 4.3 MEDIUM | N/A |
| Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. | |||||
| CVE-2008-3773 | 1 Vbulletin | 1 Vbulletin | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). | |||||
| CVE-2008-6640 | 1 Aspindir | 1 Batmanportal | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6013 | 1 Openfreeway | 1 Freeway | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 allow remote attackers to execute arbitrary SQL commands via unspecified vectors involving the (1) advanced search result and (2) service resource pages. | |||||