Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0318 | 1 Gnome | 1 Gnumeric | 2009-04-15 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-5987 | 1 Gnome | 1 Eog | 2009-04-15 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-6621 | 1 Graphicsmagick | 1 Graphicsmagick | 2009-04-13 | 7.8 HIGH | N/A |
| Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4085 | 1 Alstrasoft | 1 Askme Pro | 2009-04-13 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php. | |||||
| CVE-2009-1286 | 1 Ibm | 1 Lotus Domino | 2009-04-13 | 5.0 MEDIUM | N/A |
| The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities. | |||||
| CVE-2002-1919 | 1 Virtual Programming | 1 Vp-asp | 2009-04-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields. | |||||
| CVE-2009-1281 | 1 Glfusion | 1 Glfusion | 2009-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1073 | 1 Debian | 1 Nss-ldap | 2009-04-07 | 4.9 MEDIUM | N/A |
| nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field. | |||||
| CVE-2009-1264 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2009-04-07 | 4.0 MEDIUM | N/A |
| Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. | |||||
| CVE-2009-0795 | 2009-04-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0796, CVE-2009-1265. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a different issue. Notes: All CVE users should consult CVE-2009-0796 and CVE-2009-1265 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-1249 | 1 Drupal | 2 Drupal, Feedapi Mapper | 2009-04-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map. | |||||
| CVE-2008-6596 | 1 Phpcredo | 1 Phcdownload | 2009-04-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6597 | 1 Phpcredo | 1 Phcdownload | 2009-04-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6600 | 1 Xmlportal | 1 Xmlportal | 2009-04-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2009-1205 | 2009-04-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-4475. Reason: This candidate is a duplicate of CVE-2007-4475. Notes: All CVE users should reference CVE-2007-4475 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2001-1527 | 1 Easyscripts | 1 Easynews | 2009-04-02 | 2.1 LOW | N/A |
| easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access. | |||||
| CVE-2001-1060 | 1 Phpmyadmin | 1 Phpmyadmin | 2009-04-02 | 7.5 HIGH | N/A |
| phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. | |||||
| CVE-2002-1978 | 1 Darren Reed | 1 Ipfilter | 2009-04-02 | 7.5 HIGH | N/A |
| IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server. | |||||
| CVE-2002-1979 | 1 Watchguard | 3 Legacy Rssa, Soho, Vclass | 2009-04-02 | 7.5 HIGH | N/A |
| WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server. | |||||
| CVE-2004-2717 | 1 Php Heaven | 1 Phpmychat | 2009-04-02 | 2.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters. | |||||