Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2665 | 1 Mozilla | 1 Firefox | 2009-09-03 | 10.0 HIGH | N/A |
| The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper. | |||||
| CVE-2009-3057 | 1 Aom-software | 1 Beex | 2009-09-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php. | |||||
| CVE-2009-3059 | 1 Allpublication | 1 Jboard | 2009-09-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php. | |||||
| CVE-2009-3061 | 1 Alqa6ari | 1 Script Q R | 2009-09-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3067 | 1 Webformatique | 1 Reservation Manager | 2009-09-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter. | |||||
| CVE-2007-6275 | 1 Bcoos | 1 Bcoos | 2009-09-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266. | |||||
| CVE-2008-1217 | 1 Ibm | 1 Lotus Notes | 2009-09-02 | 9.3 HIGH | N/A |
| Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706. | |||||
| CVE-2008-7147 | 1 Intralearn | 1 Intralearn | 2009-09-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline and (2) course parameters to library/description_link.cfm, or the (3) records_to_display and (4) the_start parameters to library/courses_catalog.cfm. | |||||
| CVE-2008-7148 | 1 Synfig | 1 Synfigstudio | 2009-09-02 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file. | |||||
| CVE-2009-2286 | 1 James Ashton | 1 Compface | 2009-09-01 | 4.3 MEDIUM | N/A |
| Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch. | |||||
| CVE-2009-2739 | 1 Freenas | 1 Freenas | 2009-09-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2009-2054 | 1 Cisco | 1 Unified Communications Manager | 2009-09-01 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689. | |||||
| CVE-2009-0179 | 1 Igno Saitz | 1 Libmikmod | 2009-09-01 | 4.3 MEDIUM | N/A |
| libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. | |||||
| CVE-2008-5102 | 1 Zope | 1 Zope | 2009-08-31 | 4.0 MEDIUM | N/A |
| PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. | |||||
| CVE-2008-1485 | 1 Punbb | 1 Punbb | 2009-08-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php. | |||||
| CVE-2009-3012 | 1 Mozilla | 1 Firefox | 2009-08-31 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. | |||||
| CVE-2009-3000 | 1 Sun | 2 Opensolaris, Solaris | 2009-08-30 | 7.1 HIGH | N/A |
| The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling." | |||||
| CVE-2009-3004 | 1 Avant Force | 1 Avant Browser | 2009-08-30 | 4.3 MEDIUM | N/A |
| Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. | |||||
| CVE-2008-7120 | 1 Mrcgiguy | 1 Hot Links Sql-php | 2009-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter. | |||||
| CVE-2008-7121 | 1 Mrcgiguy | 1 Hot Links Sql-php | 2009-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar. | |||||