Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5996 | 2 Drupal, Link3 | 2 Drupal, Simplenews | 2017-08-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. | |||||
| CVE-2008-5997 | 1 Ocp2 | 1 Omnicom Content Platform | 2017-08-08 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter. | |||||
| CVE-2008-5999 | 1 Drupal | 2 Ajax Checklist, Drupal | 2017-08-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter. | |||||
| CVE-2008-6000 | 1 Gdata | 3 Antivirus 2008, Internetsecurity 2008, Totalcare 2008 | 2017-08-08 | 7.2 HIGH | N/A |
| The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents. | |||||
| CVE-2008-6013 | 1 Openfreeway | 1 Freeway | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 allow remote attackers to execute arbitrary SQL commands via unspecified vectors involving the (1) advanced search result and (2) service resource pages. | |||||
| CVE-2008-6015 | 1 Editeurscripts | 1 Esfaq | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6016 | 1 Editeurscripts | 1 Esfaq | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6019 | 1 Do-cms | 1 Do-cms | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6020 | 1 Drupal | 2 Drupal, Views | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields." | |||||
| CVE-2008-6021 | 1 Attachmate | 1 Reflection For Secure It | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd party analysis." | |||||
| CVE-2008-6024 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-08 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and OpenSolaris before snv_37, when automountd is used, allows user-assisted remote attackers to cause a denial of service (unresponsive NFS filesystems) via unknown vectors. | |||||
| CVE-2008-6026 | 1 Bluecube | 1 Bluecube Cms | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6034 | 1 Achievo | 1 Achievo | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6035 | 1 Achievo | 1 Achievo | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter. | |||||
| CVE-2008-6052 | 1 Preprojects | 1 Pre E-learning Portal | 2017-08-08 | 5.0 MEDIUM | N/A |
| PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
| CVE-2008-6053 | 1 Preprojects | 1 Pre Resume Submitter | 2017-08-08 | 5.0 MEDIUM | N/A |
| PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
| CVE-2008-6054 | 1 Preprojects.com | 1 Pre Courier And Cargo Business | 2017-08-08 | 5.0 MEDIUM | N/A |
| PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
| CVE-2008-6059 | 1 Webkit | 1 Webkit | 2017-08-08 | 5.0 MEDIUM | N/A |
| xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. | |||||
| CVE-2008-6066 | 1 Meet\#web | 1 Meet\#web | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6070 | 1 Graphicsmagick | 1 Graphicsmagick | 2017-08-08 | 9.3 HIGH | N/A |
| Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6071 | 1 Graphicsmagick | 1 Graphicsmagick | 2017-08-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6073 | 1 Magic2003 | 1 Storagecrypt | 2017-08-08 | 4.9 MEDIUM | N/A |
| StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6075 | 1 Rasihbahar | 1 Bahar Download Script | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 allows remote attackers to execute arbitrary SQL commands via the kid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6079 | 1 Enlightenment | 1 Imlib2 | 2017-08-08 | 10.0 HIGH | N/A |
| imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows." | |||||
| CVE-2008-6085 | 1 F-secure | 17 F-secure Anti-virus, F-secure Anti-virus For Citrix Servers, F-secure Anti-virus For Microsoft Exchange and 14 more | 2017-08-08 | 7.6 HIGH | N/A |
| Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow. | |||||
| CVE-2008-6094 | 1 Celoxis | 1 Celoxis | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technologies Celoxis allows remote attackers to inject arbitrary web script or HTML via the ni.smessage parameter. | |||||
| CVE-2008-6095 | 1 Opennms | 1 Opennms | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter. | |||||
| CVE-2008-6097 | 1 Wikyblog | 1 Wikyblog | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php. | |||||
| CVE-2008-6098 | 1 Mozilla | 1 Bugzilla | 2017-08-08 | 4.0 MEDIUM | N/A |
| Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." | |||||
| CVE-2008-6103 | 1 A4desk | 1 A4desk Flash Event Calendar | 2017-08-08 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter. | |||||
| CVE-2008-6107 | 1 Linux | 1 Linux Kernel | 2017-08-08 | 4.9 MEDIUM | N/A |
| The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel before 2.6.25.4, omit some virtual-address range (aka span) checks when the mremap MREMAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mremap calls, a related issue to CVE-2008-2137. | |||||
| CVE-2008-6109 | 1 Shelter Manager | 1 Animal Shelter Manager | 2017-08-08 | 4.6 MEDIUM | N/A |
| Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the "double click selector bug"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to "change permissions" and the "new UI." | |||||
| CVE-2008-6113 | 1 Semanticscuttle | 1 Semanticscuttle | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.90 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the (1) username and (2) profile page. | |||||
| CVE-2008-6119 | 1 Goople Cms | 1 Goople Cms | 2017-08-08 | 7.5 HIGH | N/A |
| Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6120 | 1 Socialengine | 1 Socialengine | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter. | |||||
| CVE-2008-6121 | 1 Socialengine | 1 Socialengine | 2017-08-08 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. | |||||
| CVE-2008-6122 | 1 Netgear | 1 Wgr614 | 2017-08-08 | 7.8 HIGH | N/A |
| The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). | |||||
| CVE-2009-0009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption. | |||||
| CVE-2009-0011 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.2 HIGH | N/A |
| Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. | |||||
| CVE-2009-0013 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 2.1 LOW | N/A |
| dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. | |||||
| CVE-2009-0032 | 2 Apple, Mandriva | 4 Cups, Corporate Server, Linux and 1 more | 2017-08-08 | 6.9 MEDIUM | N/A |
| CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. | |||||
| CVE-2009-0057 | 1 Cisco | 1 Unified Communications Manager | 2017-08-08 | 4.3 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely." | |||||
| CVE-2009-0063 | 1 Symantec | 1 Brightmail Gateway Appliance | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-0064 | 1 Symantec | 1 Brightmail Gateway Appliance | 2017-08-08 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions. | |||||
| CVE-2009-0069 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-08 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client in the kernel in Sun Solaris 10 and OpenSolaris before snv_102 allows local users to cause a denial of service (recursive mutex_enter and panic) via unspecified vectors. | |||||
| CVE-2009-0072 | 1 Microsoft | 1 Internet Explorer | 2017-08-08 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. | |||||
| CVE-2009-0112 | 1 Expinion | 1 Poll Pro | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. | |||||
| CVE-2009-0123 | 2 Apple, Microsoft | 3 Mac Os X, Safari, Windows | 2017-08-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-0141 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 2.1 LOW | N/A |
| XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. | |||||
| CVE-2009-0144 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections. | |||||