Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4892 | 1 Webjump | 1 Webjump\! | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) portfolio_genre.php and (2) news_id.php. | |||||
| CVE-2009-4927 | 1 Webmobo | 1 Wbnews | 2017-09-19 | 7.5 HIGH | N/A |
| WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. | |||||
| CVE-2009-4928 | 1 Sweetphp | 1 Totalcalendar | 2017-09-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055. | |||||
| CVE-2009-4929 | 1 Sweetphp | 1 Totalcalender | 2017-09-19 | 7.5 HIGH | N/A |
| admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. | |||||
| CVE-2009-4931 | 1 Bestwebsharing | 1 Groovy Media Player | 2017-09-19 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. | |||||
| CVE-2009-4932 | 1 Mpesch3.de1 | 1 1by1 | 2017-09-19 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. | |||||
| CVE-2009-4933 | 1 Winterwebs | 1 Ezwebitor | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4935 | 1 Esoftpro | 1 Online Guestbook Pro | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter. | |||||
| CVE-2009-4938 | 2 Joomla, Warphd | 2 Joomla\!, Com Jvideo | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. | |||||
| CVE-2009-4940 | 1 Zeuscart | 1 Zeuscart | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | |||||
| CVE-2009-4957 | 1 Interspire | 1 Activekb | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter. | |||||
| CVE-2009-4958 | 1 Emophp | 1 Emo Breeder Manager | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter. | |||||
| CVE-2009-4960 | 1 Lanai-core | 1 Lanai-core | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | |||||
| CVE-2009-4961 | 1 Lanai-core | 1 Lanai-core | 2017-09-19 | 5.0 MEDIUM | N/A |
| Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function. | |||||
| CVE-2009-4962 | 1 Adammo | 1 Fat Player | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4964 | 1 Ksplayer | 1 Ksp Sound Player | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file. | |||||
| CVE-2009-4973 | 1 Sweetphp | 1 Totalcalendar | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action. | |||||
| CVE-2009-4974 | 1 Sweetphp | 1 Totalcalendar | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter. | |||||
| CVE-2009-4977 | 1 Tufat | 1 Mybackup | 2017-09-19 | 6.5 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter. | |||||
| CVE-2009-4978 | 1 Tufat | 1 Mybackup | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2009-4982 | 1 Irokez | 1 Irokez Cms | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI. | |||||
| CVE-2009-4984 | 1 Websitesrus | 1 Accessories Me Php Affiliate Script | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php. | |||||
| CVE-2009-4985 | 1 Websitesrus | 1 Accessories Me Php Affiliate Script | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter. | |||||
| CVE-2009-4986 | 1 In-portal | 1 In-portal | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter. | |||||
| CVE-2009-4987 | 1 Scripteen | 1 Free Image Hosting Script | 2017-09-19 | 7.5 HIGH | N/A |
| admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211. | |||||
| CVE-2009-4992 | 1 Script-shop24 | 1 Lm Starmail Paidmail | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2009-4993 | 1 Script-shop24 | 1 Lm Starmail Paidmail | 2017-09-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2009-5088 | 1 Ideacart | 1 Ideacart | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter. | |||||
| CVE-2009-5089 | 1 Ideacart | 1 Ideacart | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2009-5090 | 1 Daman371 | 1 Bloggeruniverse | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors. | |||||
| CVE-2009-5091 | 1 Vlinks | 1 Vlinks | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-5094 | 1 Cmsfaethon | 1 Cms Faethon | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||||
| CVE-2009-5095 | 1 Ea-style | 1 Gbook | 2017-09-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter. | |||||
| CVE-2009-5134 | 1 Utorrent | 1 Utorrent | 2017-09-19 | 6.8 MEDIUM | N/A |
| Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a text file containing a large string. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0001 | 1 Gnu | 1 Gzip | 2017-09-19 | 6.8 MEDIUM | N/A |
| Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. | |||||
| CVE-2010-0013 | 2 Adium, Pidgin | 2 Adium, Pidgin | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. | |||||
| CVE-2010-0040 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. | |||||
| CVE-2010-0041 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-19 | 4.3 MEDIUM | N/A |
| ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. | |||||
| CVE-2010-0042 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-19 | 4.3 MEDIUM | N/A |
| ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. | |||||
| CVE-2010-0043 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-19 | 9.3 HIGH | N/A |
| ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | |||||
| CVE-2010-0044 | 1 Apple | 1 Safari | 2017-09-19 | 4.3 MEDIUM | N/A |
| PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. | |||||
| CVE-2010-0045 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-19 | 9.3 HIGH | N/A |
| Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. | |||||
| CVE-2010-0046 | 1 Apple | 1 Safari | 2017-09-19 | 9.3 HIGH | N/A |
| The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. | |||||
| CVE-2010-0047 | 1 Apple | 1 Safari | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." | |||||
| CVE-2010-0048 | 1 Apple | 1 Safari | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. | |||||
| CVE-2010-0049 | 1 Apple | 1 Safari | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. | |||||
| CVE-2010-0050 | 1 Apple | 1 Safari | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. | |||||
| CVE-2010-0051 | 1 Apple | 1 Safari | 2017-09-19 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. | |||||
| CVE-2010-0052 | 1 Apple | 1 Safari | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." | |||||
| CVE-2010-0053 | 1 Apple | 1 Safari | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. | |||||