Total
266140 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3580 | 1 Qsoft | 1 K-links | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/. | |||||
CVE-2008-2689 | 1 Browsercrm | 1 Browsercrm | 2024-02-28 | 10.0 HIGH | N/A |
PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter. | |||||
CVE-2008-4871 | 1 My Little Forum | 1 My Little Forum | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags. | |||||
CVE-2009-0728 | 2 Maxdev, Postnuke | 3 Md-pro, My Egallery, Postnuke | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php. | |||||
CVE-2008-1994 | 1 Ahmed Abdel-hamid Mohamed | 1 Acon | 2024-02-28 | 7.2 HIGH | N/A |
Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns. | |||||
CVE-2008-6100 | 1 Berlios | 1 Discussion Forum 2k | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php. | |||||
CVE-2009-1220 | 1 Cisco | 2 Adaptive Security Appliance, Ios | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header. | |||||
CVE-2008-3589 | 1 Mozilo | 1 Mozilocms | 2024-02-28 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter. | |||||
CVE-2008-2313 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. | |||||
CVE-2008-1670 | 1 Kde | 1 Kde | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. | |||||
CVE-2009-2975 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol. | |||||
CVE-2008-3053 | 1 Typo3 | 1 Sql Frontend Extension | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2009-0735 | 1 Papoo | 1 Papoo | 2024-02-28 | 5.1 MEDIUM | N/A |
Directory traversal vulnerability in lib/classes/message_class.php in Papoo CMS 3.6, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-2260 | 1 Stardict | 1 Stardict | 2024-02-28 | 5.0 MEDIUM | N/A |
stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2008-2165 | 1 Cisco | 1 Building Broadband Service Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
CVE-2009-3229 | 1 Postgresql | 1 Postgresql | 2024-02-28 | 4.0 MEDIUM | N/A |
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory. | |||||
CVE-2008-1324 | 1 Leinir | 1 Travelsized Cms | 2024-02-28 | 7.5 HIGH | N/A |
Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters. NOTE: this might be the same issue as CVE-2008-1325. | |||||
CVE-2008-6155 | 1 Hispah | 1 Text Links Ads | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-5645 | 1 Orb Networks | 1 Orb | 2024-02-28 | 7.8 HIGH | N/A |
Directory traversal vulnerability in the media server in Orb Networks Orb before 2.01.0022 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP GET request. | |||||
CVE-2009-0618 | 1 Cisco | 1 Application Networking Manager | 2024-02-28 | 8.5 HIGH | N/A |
Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading configuration files. |