Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7001 | 1 Creative Mind | 1 Creator Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-7021 | 1 Availscript | 1 Jobs Portal Script | 2017-09-29 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2008-7022 | 1 Chilkatsoft | 1 Chilkat Imap Activex Control | 2017-09-29 | 9.3 HIGH | N/A |
| Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method. | |||||
| CVE-2009-0301 | 1 Grid2000 | 1 Flexcell Grid Control | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods. | |||||
| CVE-2009-0369 | 1 Microsoft | 1 Internet Explorer | 2017-09-29 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. | |||||
| CVE-2008-6822 | 1 Newearthpt | 1 Imgupload | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-7014 | 1 Fhttpd | 1 Fhttpd | 2017-09-29 | 5.0 MEDIUM | N/A |
| fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value. | |||||
| CVE-2008-6811 | 2 Instinct, Wordpress | 2 E-commerce Plugin, Wordpress | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/. | |||||
| CVE-2009-0134 | 1 Share2 | 1 Easy Grid Control | 2017-09-29 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6530 | 1 Ezonescripts | 1 Living Local | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | |||||
| CVE-2008-6768 | 1 Shopsystem-forum | 1 K\&s Shopsoftware | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/. | |||||
| CVE-2008-6769 | 1 Peterselie | 1 Yourplace | 2017-09-29 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||||
| CVE-2009-0389 | 1 Eztools-software | 1 Web On Windows Activex | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code. | |||||
| CVE-2009-0522 | 2 Adobe, Microsoft | 5 Air, Flash Player, Flash Player For Linux and 2 more | 2017-09-29 | 4.3 MEDIUM | N/A |
| Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." | |||||
| CVE-2008-4584 | 1 Chilkat Software | 1 Mail | 2017-09-29 | 6.8 MEDIUM | N/A |
| Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method. | |||||
| CVE-2008-4699 | 1 Microsoft | 1 Peachtree Accounting | 2017-09-29 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method. | |||||
| CVE-2008-4586 | 1 Acresso | 1 Flexnet Connect | 2017-09-29 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method. | |||||
| CVE-2008-4583 | 1 Chilkat Software | 1 Ftp | 2017-09-29 | 7.5 HIGH | N/A |
| Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname in the SavePkcs8File method. | |||||
| CVE-2008-5339 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. | |||||
| CVE-2008-4315 | 2 Openpegasus, Redhat | 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop | 2017-09-29 | 6.8 MEDIUM | N/A |
| tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. | |||||
| CVE-2008-4587 | 1 Acresso | 1 Flexnet Connect | 2017-09-29 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders. | |||||
| CVE-2008-5344 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. | |||||
| CVE-2008-5697 | 2 Mozilla, Skype | 2 Firefox, Skype Extension For Firefox | 2017-09-29 | 4.3 MEDIUM | N/A |
| The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument. | |||||
| CVE-2008-5913 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-29 | 4.9 MEDIUM | N/A |
| The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." | |||||
| CVE-2008-4728 | 1 Hummingbird | 1 Deployment Wizard | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders. | |||||
| CVE-2008-4749 | 1 Db Soft Lab | 1 Vimp X | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile method. | |||||
| CVE-2008-5086 | 1 Libvirt | 1 Libvirt | 2017-09-29 | 7.2 HIGH | N/A |
| Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions. | |||||
| CVE-2008-0470 | 2 Comodo, Microsoft | 2 Comodo Antivirus, Activex | 2017-09-29 | 9.3 HIGH | N/A |
| A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method. | |||||
| CVE-2008-1594 | 1 Ibm | 1 Aix | 2017-09-29 | 4.9 MEDIUM | N/A |
| The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size. | |||||
| CVE-2008-1116 | 1 Rising Antivirus International | 1 Rising Web Scan Object | 2017-09-29 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1274 | 1 Ibm | 1 Aix | 2017-09-29 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory. | |||||
| CVE-2008-0887 | 1 Gnome | 1 Screensaver | 2017-09-29 | 4.7 MEDIUM | N/A |
| gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859. | |||||
| CVE-2008-1619 | 1 Xensource Inc | 1 Xen | 2017-09-29 | 4.3 MEDIUM | N/A |
| The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. | |||||
| CVE-2008-1713 | 1 Noticeware | 1 Email Server | 2017-09-29 | 5.0 MEDIUM | N/A |
| MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp). | |||||
| CVE-2008-1725 | 1 Nsoftware | 1 Ibiz E-banking Integrator | 2017-09-29 | 9.0 HIGH | N/A |
| The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1153 | 1 Cisco | 2 Cisco Ios, Ios | 2017-09-29 | 7.1 HIGH | N/A |
| Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. | |||||
| CVE-2008-0236 | 1 Microsoft | 1 Visual Foxpro | 2017-09-29 | 5.8 MEDIUM | N/A |
| An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. | |||||
| CVE-2008-0177 | 1 Kame | 1 Ipcomp | 2017-09-29 | 7.8 HIGH | N/A |
| The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header. | |||||
| CVE-2007-6683 | 1 Videolan | 1 Vlc | 2017-09-29 | 5.0 MEDIUM | N/A |
| The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. | |||||
| CVE-2007-6682 | 1 Videolan | 1 Vlc | 2017-09-29 | 7.5 HIGH | N/A |
| Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | |||||
| CVE-2007-4502 | 1 Joomla | 1 Bibtex | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter. | |||||
| CVE-2007-3741 | 2 Gnu, Mandriva | 2 Gimp, Linux | 2017-09-29 | 4.3 MEDIUM | N/A |
| The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. | |||||
| CVE-2007-4370 | 1 Racer | 1 Racer | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000. | |||||
| CVE-2007-3469 | 1 Sun | 1 Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors. | |||||
| CVE-2007-4386 | 1 Getmyownarcade | 1 Getmyownarcade | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2007-3542 | 1 Pluxml | 1 Pluxml | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2007-3519 | 1 Wesmo | 1 Phpeventcalendar | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3520 | 1 Easybe | 1 1-2-3 Music Store | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | |||||
| CVE-2007-3521 | 1 Arcadebuilder | 1 Game Portal Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie. | |||||
| CVE-2007-3522 | 1 Sphpell | 1 Sphpell | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php. | |||||