Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1247 | 1 Apache | 1 Jserv | 2017-08-28 | 2.1 LOW | N/A |
| The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI. | |||||
| CVE-2002-2436 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-08-28 | 4.3 MEDIUM | N/A |
| The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | |||||
| CVE-2003-1598 | 1 Wordpress | 1 Wordpress | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. | |||||
| CVE-2003-1599 | 1 Wordpress | 1 Wordpress | 2017-08-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable. | |||||
| CVE-2007-6751 | 2 H-fj, Sixapart | 2 Mailform Plugin, Movable Type | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-7301 | 1 Sclek | 1 Jsite | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7312 | 1 Websense | 1 Enterprise | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address. | |||||
| CVE-2009-5092 | 1 Microsoft | 2 Fast Esp, Sharepoint Server | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-5096 | 2 Drupal, Khalid Baheyeldin | 2 Drupal, Flag Content | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter. | |||||
| CVE-2009-5113 | 1 Iwork | 1 Webglimpse | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the DOC parameter. | |||||
| CVE-2009-5115 | 1 Mcafee | 1 Common Management Agent | 2017-08-28 | 6.5 MEDIUM | N/A |
| McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object. | |||||
| CVE-2009-5117 | 1 Mcafee | 1 Host Data Loss Prevention | 2017-08-28 | 1.9 LOW | N/A |
| The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files. | |||||
| CVE-2009-5118 | 1 Mcafee | 1 Virusscan Enterprise | 2017-08-28 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share. | |||||
| CVE-2009-5122 | 1 Websense | 1 Websense Email Security | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Personal Email Manager component in Websense Email Security before 7.2 allows remote attackers to obtain potentially sensitive information from the JBoss status page via an unspecified query. | |||||
| CVE-2009-5132 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 106 and 7.x before 7.1 allow remote attackers to cause a denial of service (filtering outage) via a crafted URL. | |||||
| CVE-2010-4808 | 1 Valarsoft | 1 Webmatic | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2010-4809 | 1 Liberologico | 1 Dbsite | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2010-4810 | 1 Awcm-cms | 1 Ar Web Content Manager | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php. | |||||
| CVE-2010-4811 | 1 6kbbs | 1 6kbbs | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone] parameters in a modifyDetails action. | |||||
| CVE-2010-4812 | 1 6kbbs | 1 6kbbs | 2017-08-28 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php. | |||||