Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3197 | 1 Jce-tech | 1 Php Calendars Script | 2009-09-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2009-3198 | 1 Jce-tech | 1 Affiliate Master Datafeed Parser | 2009-09-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser Script 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2008-4975 | 1 Debian | 1 Newsgate | 2009-09-14 | 6.9 MEDIUM | N/A |
| mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file. | |||||
| CVE-2008-4979 | 1 Shrubbery | 1 Rancid | 2009-09-14 | 6.9 MEDIUM | N/A |
| getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/ipacct.#####.prefixes, (2) /tmp/ipacct.#####.sorted, (3) /tmp/ipacct.#####.pl, and (4) /tmp/ipacct.##### temporary files. | |||||
| CVE-2008-4980 | 1 Zak B Elep | 1 Rccp | 2009-09-14 | 6.9 MEDIUM | N/A |
| delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file. | |||||
| CVE-2007-6729 | 1 Zyxel | 1 P-330w Router | 2009-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors. | |||||
| CVE-2007-6730 | 1 Zyxel | 1 P-330w Router | 2009-09-14 | 9.3 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup. | |||||
| CVE-2008-0131 | 1 Instantsoftwares | 1 Dating Site | 2009-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6263 | 1 Netkit-ftp | 1 Netkit Ftp | 2009-09-14 | 9.3 HIGH | N/A |
| The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769. | |||||
| CVE-2007-4146 | 1 Webevents | 1 Webevents | 2009-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7223 | 1 Linpha | 1 Linpha | 2009-09-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php. | |||||
| CVE-2008-7227 | 1 Geoserver | 1 Geoserver | 2009-09-14 | 5.0 MEDIUM | N/A |
| PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors. | |||||
| CVE-2008-7230 | 1 Chris Buccella | 1 Small Footprint Cim Broker | 2009-09-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and attack vectors. | |||||
| CVE-2009-3021 | 2 Geeklog, Yoshinori Tahara | 2 Geeklog, Mycaljp | 2009-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3179 | 1 Symantec | 1 Altiris Deployment Solution | 2009-09-14 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-7229 | 1 Greensql | 1 Greensql Firewall | 2009-09-14 | 7.5 HIGH | N/A |
| GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20). | |||||
| CVE-2007-6731 | 1 Claudio Matsuoka | 1 Extended Module Player | 2009-09-13 | 10.0 HIGH | N/A |
| Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow. | |||||
| CVE-2007-6732 | 1 Claudio Matsuoka | 1 Extended Module Player | 2009-09-13 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays. | |||||
| CVE-2008-7217 | 1 Microsoft | 1 Office | 2009-09-13 | 4.6 MEDIUM | N/A |
| Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories. | |||||
| CVE-2009-3169 | 1 Hitachi | 1 Jp1 File Transmission Server | 2009-09-13 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors. | |||||