Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0211 | 1 Areva | 1 E-terrahabitat | 2018-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32018. | |||||
| CVE-2009-0212 | 1 Areva | 1 E-terrahabitat | 2018-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32020. | |||||
| CVE-2009-0213 | 1 Areva | 1 E-terrahabitat | 2018-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the NETIO application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32021. | |||||
| CVE-2009-0214 | 1 Areva | 1 E-terrahabitat | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote authenticated users to gain privileges via unknown vectors, aka PD32022. | |||||
| CVE-2009-0244 | 1 Microsoft | 1 Windows Mobile | 2018-10-11 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2009-0246 | 1 Easyhdr | 1 Easyhdr | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file. | |||||
| CVE-2009-0037 | 1 Curl | 2 Curl, Libcurl | 2018-10-11 | 6.8 MEDIUM | N/A |
| The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. | |||||
| CVE-2009-0038 | 1 Apache | 1 Geronimo | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/. | |||||
| CVE-2009-0039 | 1 Apache | 1 Geronimo | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown. | |||||
| CVE-2009-0040 | 1 Libpng | 1 Libpng | 2018-10-11 | 6.8 MEDIUM | N/A |
| The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | |||||
| CVE-2009-0041 | 1 Asterisk | 3 Asterisk Business Edition, Open Source, S800i Appliance | 2018-10-11 | 5.0 MEDIUM | N/A |
| IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2009-0043 | 1 Ca | 2 Service Level Management, Service Metric Analysis | 2018-10-11 | 10.0 HIGH | N/A |
| The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2009-0046 | 1 Sun | 1 Grid Engine | 2018-10-11 | 5.0 MEDIUM | N/A |
| Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0047 | 1 Gale | 1 Gale | 2018-10-11 | 5.0 MEDIUM | N/A |
| Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0048 | 1 Openevidence | 1 Openevidence | 2018-10-11 | 5.0 MEDIUM | N/A |
| OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0049 | 1 Eid | 1 Eidlib | 2018-10-11 | 5.0 MEDIUM | N/A |
| Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0050 | 1 Entrouvert | 1 Lasso | 2018-10-11 | 4.3 MEDIUM | N/A |
| Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0051 | 1 Zxid | 1 Zxid | 2018-10-11 | 5.0 MEDIUM | N/A |
| ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0052 | 2 Atheros, Netgear | 3 Ar9160-bc1a Chipset, Wndap330, Wndap330 Firmware | 2018-10-11 | 5.5 MEDIUM | N/A |
| The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame. | |||||
| CVE-2009-0120 | 1 Ibm | 1 Websphere Datapower Xml Security Gateway Xs40 | 2018-10-11 | 7.8 HIGH | N/A |
| The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. | |||||
| CVE-2009-0135 | 1 Amarok | 1 Amarok | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow. | |||||
| CVE-2009-0136 | 1 Amarok | 1 Amarok | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure. | |||||
| CVE-2008-7005 | 1 Minb | 1 Minb Is Not A Blog | 2018-10-11 | 7.5 HIGH | N/A |
| include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential consequence of code execution. | |||||
| CVE-2008-7009 | 1 Checkpoint | 1 Zonealarm | 2018-10-11 | 6.9 MEDIUM | N/A |
| Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-7011 | 6 Digital Extreme, Epic Games, Groove Games and 3 more | 6 Pariah, Unreal Tournament, Warpath and 3 more | 2018-10-11 | 4.0 MEDIUM | N/A |
| The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set. | |||||
| CVE-2008-7013 | 1 Baidu | 1 Baidu Hi Im | 2018-10-11 | 5.0 MEDIUM | N/A |
| NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error. | |||||
| CVE-2008-7015 | 2 Epic Games, Frontlines | 2 Unreal Tournament, Fuel Of War | 2018-10-11 | 5.0 MEDIUM | N/A |
| Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure. | |||||
| CVE-2008-7023 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2018-10-11 | 10.0 HIGH | N/A |
| Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | |||||
| CVE-2008-7024 | 1 Arzdev | 2 Gemini Lite, Gemini Portal | 2018-10-11 | 6.8 MEDIUM | N/A |
| admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users." | |||||
| CVE-2008-7025 | 1 Checkpoint | 1 Zonealarm | 2018-10-11 | 4.3 MEDIUM | N/A |
| TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response. | |||||
| CVE-2008-7026 | 1 Efrontlearning | 1 Efront | 2018-10-11 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/. | |||||
| CVE-2008-7029 | 1 Alilg | 1 Aliboard | 2018-10-11 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in uploads/avatars/. | |||||
| CVE-2008-7030 | 1 Site2nite | 1 Real Estate Web | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
| CVE-2008-7031 | 1 Foxitsoftware | 1 Wac Server | 2018-10-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151. | |||||
| CVE-2008-7032 | 1 F5 | 1 Big-ip | 2018-10-11 | 6.8 MEDIUM | N/A |
| Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form. | |||||
| CVE-2008-7038 | 2 Maxdev, Phpnuke | 2 My Egallery, Php-nuke | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | |||||
| CVE-2008-7054 | 1 Visualshapers | 1 Ezcontents | 2018-10-11 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home parameters to modules/diary/showdiarydetail.php; (6) gsLanguage and (7) language_home parameters to modules/diary/submit_diary.php; (8) admin_home parameter to modules/news/news_summary.php; (9) nLink, (10) gsLanguage, and (11) language_home parameters to modules/news/inlinenews.php; and possibly other unspecified vectors in (12) diary/showeventlist.php, (13) gallery/showgallery.php, (14) reviews/showreviews.php, (15) gallery/showgallerydetails.php, (16) reviews/showreviewsdetails.php, (17) news/shownewsdetails.php, (18) gallery/submit_gallery.php, (19) guestbook/submit_guestbook.php, (20) reviews/submit_reviews.php, (21) news/submit_news.php, (22) diary/inlineeventlist.php, and (23) news/archivednews_summary.php in modules/, related to the lack of directory traversal protection in modules/moduleSec.php. | |||||
| CVE-2008-7055 | 1 Visualshapers | 1 Ezcontents | 2018-10-11 | 5.1 MEDIUM | N/A |
| module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace function. | |||||
| CVE-2008-7059 | 1 Aled Owen | 1 One-news | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter. | |||||
| CVE-2008-7060 | 1 One-news | 1 One-news | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the (1) title or (2) content parameters in a news item to add.php, and the (3) itemnum, (4) author, or (5) comment parameters in a comment to index.php. NOTE: vectors 1 and 2 require user authentication. | |||||
| CVE-2008-7061 | 1 Google | 1 Chrome | 2018-10-11 | 4.3 MEDIUM | N/A |
| The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists. | |||||
| CVE-2008-7065 | 1 Siemens | 2 Gigaset C450 Ip, Gigaset C475 Ip | 2018-10-11 | 7.8 HIGH | N/A |
| Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060. | |||||
| CVE-2008-7070 | 1 Kvirc | 1 Kvirc | 2018-10-11 | 9.3 HIGH | N/A |
| Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951. | |||||
| CVE-2008-7078 | 1 Maxum | 1 Rumpus | 2018-10-11 | 9.0 HIGH | N/A |
| Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component. | |||||
| CVE-2008-7082 | 1 Mybboard | 1 Mybb | 2018-10-11 | 6.8 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header. | |||||
| CVE-2008-7084 | 1 Hirschelectronics | 1 Velocity Security Management System | 2018-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2008-7087 | 1 Openpro | 1 Openpro | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter. | |||||
| CVE-2008-7089 | 1 Pligg | 1 Pligg Cms | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors. | |||||
| CVE-2008-7090 | 1 Pligg | 1 Pligg Cms | 2018-10-11 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php. | |||||
| CVE-2008-7091 | 1 Pligg | 1 Pligg Cms | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php. | |||||