Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1525 | 1 Jbmc-software | 1 Directadmin | 2017-08-17 | 8.5 HIGH | N/A |
| CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action. | |||||
| CVE-2009-0912 | 1 Mandriva | 3 Linux, Linux Corporate Server, Multi Network Firewall | 2017-08-17 | 7.2 HIGH | N/A |
| perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors. | |||||
| CVE-2009-2043 | 1 Mozilla | 1 Firefox | 2017-08-17 | 4.3 MEDIUM | N/A |
| nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE. | |||||
| CVE-2009-0868 | 3 Fujitsu, Microsoft, Sun | 3 Jasmine2000, Windows, Solaris | 2017-08-17 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2009-0943 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | |||||
| CVE-2009-0905 | 1 Ibm | 1 Websphere Mq | 2017-08-17 | 1.7 LOW | N/A |
| IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring. | |||||
| CVE-2009-2425 | 1 Tor | 1 Tor | 2017-08-17 | 5.0 MEDIUM | N/A |
| Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor. | |||||
| CVE-2009-0942 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | |||||
| CVE-2008-7205 | 1 Virtuemart | 1 Virtuemart | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file. | |||||
| CVE-2008-7135 | 1 Icq | 1 Icq Toolbar | 2017-08-17 | 4.3 MEDIUM | N/A |
| toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136. | |||||
| CVE-2008-7037 | 2 Itn, Microsoft | 2 Itn News Gadget, Windows Vista | 2017-08-17 | 7.5 HIGH | N/A |
| The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response. | |||||
| CVE-2008-6962 | 1 Avira | 4 Antivir, Antivir Personal, Antivir Professional and 1 more | 2017-08-17 | 7.2 HIGH | N/A |
| Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer. | |||||
| CVE-2008-6298 | 1 Rocketeer.dip | 1 Sisapilocation | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function." | |||||
| CVE-2008-6676 | 1 Quickersite | 1 Quickersite | 2017-08-17 | 5.0 MEDIUM | N/A |
| QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message. | |||||
| CVE-2008-6171 | 1 Drupal | 1 Drupal | 2017-08-17 | 9.3 HIGH | N/A |
| includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||||
| CVE-2009-0651 | 1 Symantec | 1 Veritas Netbackup Server \/enterprise Server | 2017-08-17 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Veritas network daemon (aka vnetd) in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup." | |||||
| CVE-2008-7112 | 1 Kyoceramita | 1 Scanner File Utility | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to cause a denial of service (hang or crash) via invalid field length values in a malformed (1) document or (2) request. | |||||
| CVE-2008-6504 | 2 Apache, Opensymphony | 2 Struts, Xwork | 2017-08-17 | 5.0 MEDIUM | N/A |
| ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character. | |||||
| CVE-2008-6568 | 1 Yehe | 1 Yehe | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6547 | 1 Formencode | 1 Formencode | 2017-08-17 | 7.5 HIGH | N/A |
| schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors. | |||||