Total
267710 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1241 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 4.3 MEDIUM | N/A |
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. | |||||
CVE-2009-2915 | 1 2fly | 1 Gift Delivery System | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action. | |||||
CVE-2008-6926 | 2 Cpanel, Netenberg | 2 Cpanel, Fantastico De Luxe | 2024-02-28 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory. | |||||
CVE-2009-3468 | 1 Sun | 1 Solaris | 2024-02-28 | 6.9 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Common Desktop Environment (CDE) in Sun Solaris 10, when Trusted Extensions is enabled, allow local users to execute arbitrary commands or bypass the Mandatory Access Control (MAC) policy via unknown vectors, related to a menu typo and the Style Manager. | |||||
CVE-2009-0448 | 1 Syntax Desktop | 1 Syntax Desktop | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the synTarget parameter. | |||||
CVE-2009-0439 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. | |||||
CVE-2008-3798 | 1 Cisco | 1 Ios | 2024-02-28 | 7.8 HIGH | N/A |
Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session. | |||||
CVE-2008-5762 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2024-02-28 | 5.0 MEDIUM | N/A |
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt. | |||||
CVE-2008-4682 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | |||||
CVE-2008-2792 | 1 Erocms | 1 Erocms | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter. | |||||
CVE-2008-0070 | 1 Orb Networks | 1 Orb | 2024-02-28 | 4.6 MEDIUM | N/A |
Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow. | |||||
CVE-2008-6654 | 1 Structum | 1 Infobiz Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search_results.php in InfoBiz Server allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||||
CVE-2009-1807 | 1 Baofeng | 1 Storm | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009. | |||||
CVE-2008-6847 | 1 Preproject | 1 Pre Asp Job Board | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
CVE-2009-1422 | 1 Hp | 3 Procurve Switch 5400zl, Procurve Switch 8200zl, Procurve Threat Management Services Zl Module | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209. | |||||
CVE-2008-2762 | 1 Xigla | 1 Absolute Form Processor Xe | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | |||||
CVE-2008-3205 | 1 Easy-script | 1 Wysi Wiki Wyg | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in Easy-Script Wysi Wiki Wyg 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. | |||||
CVE-2008-2696 | 1 Exiv2 | 1 Exiv2 | 2024-02-28 | 4.3 MEDIUM | N/A |
Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function. | |||||
CVE-2009-2114 | 1 Skybluecanvas | 1 Skybluecanvas | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters. | |||||
CVE-2009-0743 | 1 Cisco | 1 Unified Meetingplace | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. |