Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1166 | 1 Cisco | 1 Catalyst | 2009-08-06 | 7.8 HIGH | N/A |
| The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708. | |||||
| CVE-2002-0388 | 1 Gnu | 1 Mailman | 2009-07-21 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. | |||||
| CVE-2007-2807 | 1 Eggheads | 1 Eggdrop Irc Bot | 2009-07-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message. | |||||
| CVE-2009-0667 | 1 Ocsinventory-ng | 2 Ocs Inventory Ng, Ocsinventory-agent | 2009-07-09 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory. | |||||
| CVE-2009-2165 | 1 Serendipitynz | 1 Serene Bach | 2009-06-25 | 7.5 HIGH | N/A |
| SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | |||||
| CVE-2004-2181 | 1 Wowbb | 1 Wowbb Web Forum | 2009-06-24 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65. | |||||
| CVE-2009-2146 | 1 Sugarcrm | 1 Sugarcrm | 2009-06-24 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name. | |||||
| CVE-2009-2174 | 1 Gupnp | 1 Gupnp | 2009-06-24 | 5.0 MEDIUM | N/A |
| GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message. | |||||
| CVE-2009-1708 | 1 Apple | 1 Safari | 2009-06-18 | 9.3 HIGH | N/A |
| Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call. | |||||
| CVE-2007-5614 | 1 Mortbay Jetty | 1 Jetty | 2009-06-09 | 7.5 HIGH | N/A |
| Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors. | |||||
| CVE-2009-1906 | 1 Ibm | 1 Db2 | 2009-06-09 | 4.3 MEDIUM | N/A |
| The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. | |||||
| CVE-2001-1209 | 1 Abe Timmerman | 1 Zml.cgi | 2009-04-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2009-1275 | 1 Apache | 2 Struts, Tiles | 2009-04-28 | 6.8 MEDIUM | N/A |
| Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags. | |||||
| CVE-2009-1157 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-27 | 7.8 HIGH | N/A |
| Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet. | |||||
| CVE-2009-0318 | 1 Gnome | 1 Gnumeric | 2009-04-15 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-5987 | 1 Gnome | 1 Eog | 2009-04-15 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2007-4085 | 1 Alstrasoft | 1 Askme Pro | 2009-04-13 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php. | |||||
| CVE-2009-1286 | 1 Ibm | 1 Lotus Domino | 2009-04-13 | 5.0 MEDIUM | N/A |
| The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities. | |||||
| CVE-2002-1919 | 1 Virtual Programming | 1 Vp-asp | 2009-04-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields. | |||||
| CVE-2001-1527 | 1 Easyscripts | 1 Easynews | 2009-04-02 | 2.1 LOW | N/A |
| easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access. | |||||