Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4868 | 1 Ibm | 1 Db2 Universal Database | 2017-08-16 | 2.1 LOW | N/A |
| Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | |||||
| CVE-2005-4878 | 2 Acid, Secureideas | 2 Analysis Console For Intrusion Databases, Basic Analysis And Security Engine | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to inject arbitrary web script or HTML via the sig[1] parameter and possibly other parameters, a different vulnerability than CVE-2007-6156. | |||||
| CVE-2005-4879 | 1 Jax Scripts | 1 Jax Guestbook | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected. | |||||
| CVE-2005-4889 | 1 Rpm | 1 Rpm | 2017-08-16 | 7.2 HIGH | N/A |
| lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059. | |||||
| CVE-2008-6568 | 1 Yehe | 1 Yehe | 2017-08-16 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6569 | 1 Cybozu | 1 Garoon | 2017-08-16 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page. | |||||
| CVE-2008-6570 | 1 Cybozu | 1 Garoon | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | |||||
| CVE-2008-6573 | 1 Avaya | 1 Communication Manager | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server. | |||||
| CVE-2008-6574 | 1 Avaya | 1 Communication Manager | 2017-08-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials. | |||||
| CVE-2008-6575 | 1 Avaya | 1 Communication Manager | 2017-08-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors. | |||||
| CVE-2008-6576 | 1 Nortel | 1 Cs1000 | 2017-08-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions. | |||||
| CVE-2008-6577 | 1 Nortel | 1 Cs1000 | 2017-08-16 | 10.0 HIGH | N/A |
| Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. | |||||
| CVE-2008-6578 | 1 Nortel | 1 Cs1000 | 2017-08-16 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors. | |||||
| CVE-2008-6579 | 1 Nortel | 1 Cs1000 | 2017-08-16 | 5.0 MEDIUM | N/A |
| Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." | |||||
| CVE-2008-6588 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2017-08-16 | 10.0 HIGH | N/A |
| Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. | |||||
| CVE-2008-6595 | 1 Typo3 | 1 Pmk Rssnewsexport Extension | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6598 | 1 Sangoma | 1 Wanpipe | 2017-08-16 | 10.0 HIGH | N/A |
| Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic." | |||||
| CVE-2009-0659 | 1 Tptest | 1 Tptest | 2017-08-16 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0660 | 1 Mahara | 1 Mahara | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487. | |||||
| CVE-2009-0661 | 1 Flashtux | 1 Weechat | 2017-08-16 | 5.0 MEDIUM | N/A |
| Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read. | |||||