Total
266102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1595 | 1 Ibm | 1 Aix | 2024-02-28 | 4.9 MEDIUM | N/A |
| The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information. | |||||
| CVE-2009-3164 | 1 Sun | 2 Opensolaris, Solaris | 2024-02-28 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136. | |||||
| CVE-2008-2816 | 1 O2php | 1 Oxygen | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572. | |||||
| CVE-2009-0871 | 1 Digium | 1 Asterisk | 2024-02-28 | 3.5 LOW | N/A |
| The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions. | |||||
| CVE-2008-1478 | 1 Ari Pikivirta | 1 Home Ftp Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6264 | 1 E-topbiz | 1 Slide Popups | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2008-6604 | 1 Picoflat | 1 Picoflat Cms | 2024-02-28 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390. | |||||
| CVE-2008-2843 | 1 Doitlive | 1 Cms | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp. | |||||
| CVE-2008-5590 | 1 Kalptaru Infotech | 1 Product Sale Framework | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter. | |||||
| CVE-2009-3568 | 3 Dave Reid, Drupal, Gabor Hojtsy | 3 Commentrss, Drupal, Commentrss | 2024-02-28 | 5.0 MEDIUM | N/A |
| Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | |||||
| CVE-2009-2143 | 2 Firestats, Wordpress | 2 Firestats, Wordpress | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. | |||||
| CVE-2008-2272 | 1 Aruba Networks | 1 Aruba Mobility Controller | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4788 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900. | |||||
| CVE-2009-3543 | 1 Phenotype-cms | 1 Phenotype Cms | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name). | |||||
| CVE-2008-3582 | 1 Keld | 1 Php-mysql News Script | 2024-02-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-3813 | 1 Runcms | 1 Runcms | 2024-02-28 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php. | |||||
| CVE-2008-2424 | 1 Icdevgroup | 1 Interchange | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors. | |||||
| CVE-2008-6386 | 1 1scripts | 1 Z1exchange | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2008-1417 | 1 Axyl | 1 Axyl | 2024-02-28 | 6.9 MEDIUM | N/A |
| The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file. | |||||
| CVE-2009-1941 | 1 Phpeasycode | 1 Pad Site Scripts | 2024-02-28 | 5.0 MEDIUM | N/A |
| PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt. | |||||