Total
266128 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3403 | 1 Oracle | 1 Bea Product Suite | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, and CVE-2009-2676. | |||||
CVE-2009-3108 | 1 Symantec | 1 Altiris Deployment Solution | 2024-02-28 | 7.2 HIGH | N/A |
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program. | |||||
CVE-2008-1845 | 1 Mirbsd | 1 Miros | 2024-02-28 | 7.2 HIGH | N/A |
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option. | |||||
CVE-2008-3211 | 1 Scripteen | 1 Free Image Hosting Script | 2024-02-28 | 7.5 HIGH | N/A |
Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1. | |||||
CVE-2008-5554 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." | |||||
CVE-2009-0998 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2024-02-28 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefits component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
CVE-2008-3534 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count. | |||||
CVE-2008-3154 | 1 Webblizzard | 1 Content Management System | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
CVE-2009-3949 | 1 Vivaprograms | 1 Infinity Script | 2024-02-28 | 7.5 HIGH | N/A |
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters. | |||||
CVE-2008-4137 | 1 Php Crawler | 1 Php Crawler | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter. | |||||
CVE-2008-5013 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 9.3 HIGH | N/A |
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. | |||||
CVE-2008-5760 | 1 Kerio | 1 Kerio Mailserver | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-0028 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | N/A |
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. | |||||
CVE-2009-3455 | 1 Apple | 1 Safari | 2024-02-28 | 7.5 HIGH | N/A |
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
CVE-2008-2233 | 1 Openwsman | 1 Openwsman | 2024-02-28 | 7.5 HIGH | N/A |
The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors. | |||||
CVE-2008-7159 | 1 Silcnet | 1 Silc Toolkit | 2024-02-28 | 5.8 MEDIUM | N/A |
The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string. | |||||
CVE-2008-6683 | 1 Yourfreeworld | 1 Apartment Search Script | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter. | |||||
CVE-2009-3384 | 2 Apple, Microsoft | 2 Safari, Windows | 2024-02-28 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. | |||||
CVE-2008-5104 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2024-02-28 | 7.2 HIGH | N/A |
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. | |||||
CVE-2008-1760 | 1 Blogator-script | 1 Blogator-script | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include. |