Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0735 | 1 Newsscript.co.uk | 1 Newsscript | 2009-04-02 | 10.0 HIGH | N/A |
| newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin. | |||||
| CVE-2009-1225 | 1 Platinumprofitzone | 1 Turnkey Ebook Store | 2009-04-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. | |||||
| CVE-2009-0874 | 1 Sun | 2 Opensolaris, Solaris | 2009-04-01 | 4.9 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function. | |||||
| CVE-2009-0875 | 1 Sun | 2 Opensolaris, Solaris | 2009-04-01 | 6.9 MEDIUM | N/A |
| Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server. | |||||
| CVE-2009-1056 | 1 Ibm | 1 Rational Appscan | 2009-04-01 | 5.0 MEDIUM | N/A |
| IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing." | |||||
| CVE-2009-1175 | 1 Banshee-project | 1 Banshee | 2009-04-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message. | |||||
| CVE-2009-0364 | 1 Citadel | 1 Webcit | 2009-04-01 | 7.5 HIGH | N/A |
| Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2008-5718 | 1 Netatalk | 1 Netatalk | 2009-04-01 | 9.3 HIGH | N/A |
| The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title. | |||||
| CVE-2009-1047 | 1 Drupal | 2 Drupal, Print | 2009-03-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail. | |||||
| CVE-2009-1178 | 1 Ibm | 1 Tivoli Storage Manager | 2009-03-31 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line." | |||||
| CVE-2005-4880 | 1 Jax Scripts | 1 Jax Guestbook | 2009-03-31 | 5.0 MEDIUM | N/A |
| Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv. | |||||
| CVE-2008-6567 | 1 Gallarific | 1 Gallarific | 2009-03-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via (1) the e-mail address, (2) a comment, which is not properly handled during moderation, and (3) the tag parameter to gallery/tags.php. | |||||
| CVE-2008-6571 | 1 Linpha | 1 Linpha | 2009-03-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors. | |||||
| CVE-2008-4865 | 1 Valgrind | 1 Valgrind | 2009-03-29 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario. | |||||
| CVE-2008-6546 | 1 Alecwh | 1 Phpns | 2009-03-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpns before 2.1.3 has unknown impact and attack vectors related to "activation permissions." | |||||
| CVE-2008-6548 | 1 Moinmo | 1 Moinmoin | 2009-03-29 | 5.0 MEDIUM | N/A |
| The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors. | |||||
| CVE-2008-6549 | 1 Moinmo | 1 Moinmoin | 2009-03-29 | 5.0 MEDIUM | N/A |
| The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. | |||||
| CVE-2008-4312 | 2009-03-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2008-0004 | 2009-03-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2008-1378 | 2009-03-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2360, CVE-2008-2361, CVE-2008-2362. Reason: This candidate has been withdrawn by its CNA. It was SPLIT into separate candidates before publication. Notes: All CVE users should reference CVE-2008-2360, CVE-2008-2361, and CVE-2008-2362 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||