Total
266102 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5959 | 1 Active Web Softwares | 1 Active Test | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-4995 | 1 Jose M.vidal | 1 Bk2site | 2024-02-28 | 6.9 MEDIUM | N/A |
redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default. | |||||
CVE-2009-2661 | 1 Strongswan | 1 Strongswan | 2024-02-28 | 5.0 MEDIUM | N/A |
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. | |||||
CVE-2009-2434 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | |||||
CVE-2009-4179 | 1 Hp | 1 Openview Network Node Manager | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action. | |||||
CVE-2008-4074 | 1 Zanfi Solutions | 1 Autodealers Cms Autonline | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||||
CVE-2009-4240 | 1 Ibm | 1 Infosphere Information Server | 2024-02-28 | 10.0 HIGH | N/A |
Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors. | |||||
CVE-2009-4302 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.0 MEDIUM | N/A |
login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | |||||
CVE-2008-5371 | 1 Marc Gloor | 1 Screenie | 2024-02-28 | 6.9 MEDIUM | N/A |
screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. | |||||
CVE-2009-1306 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 4.3 MEDIUM | N/A |
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | |||||
CVE-2009-2181 | 1 Campware.org | 1 Campsite | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter. | |||||
CVE-2009-1035 | 2 Drupal, Jake Gordon | 2 Drupal, Tasks | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS). | |||||
CVE-2008-3089 | 1 Xpoze | 1 Xpoze Pro | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
CVE-2008-5927 | 1 China-on-site | 1 Flexphpnews | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-1688 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method." | |||||
CVE-2008-1772 | 1 Iscripts | 1 Socialware | 2024-02-28 | 5.0 MEDIUM | N/A |
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. | |||||
CVE-2009-0715 | 1 Hp | 1 Storage Essentials | 2024-02-28 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors. | |||||
CVE-2009-2995 | 1 Adobe | 1 Acrobat | 2024-02-28 | 4.3 MEDIUM | N/A |
Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2008-2920 | 1 Ezcms | 1 Eztechhelp Ezcms | 2024-02-28 | 7.5 HIGH | N/A |
admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files. | |||||
CVE-2009-1275 | 1 Apache | 2 Struts, Tiles | 2024-02-28 | 6.8 MEDIUM | N/A |
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags. |