Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7159 | 1 Silcnet | 1 Silc Toolkit | 2017-08-16 | 5.8 MEDIUM | N/A |
| The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string. | |||||
| CVE-2008-7162 | 1 Heroshare | 1 Hero Super Player 3000 | 2017-08-16 | 9.3 HIGH | N/A |
| Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504. | |||||
| CVE-2008-7164 | 1 Ryo-oh-ki | 1 Shareaza | 2017-08-16 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor. | |||||
| CVE-2008-7168 | 1 Uusee | 2 Uusee, Uuupgrade.ocx | 2017-08-16 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009. | |||||
| CVE-2008-7183 | 1 Evacms | 1 Eva Cms | 2017-08-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php. | |||||
| CVE-2008-7194 | 1 Fujitsu | 1 Interstage Application Server | 2017-08-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request. | |||||
| CVE-2008-7195 | 1 Fujitsu | 1 Interstage Application Server | 2017-08-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server Enterprise Edition 7.0.1 for Solaris, allows attackers to cause a denial of service via unknown vectors related to SSL. | |||||
| CVE-2008-7204 | 1 Virtuemart | 1 Virtuemart | 2017-08-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2008-7205 | 1 Virtuemart | 1 Virtuemart | 2017-08-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file. | |||||
| CVE-2008-7206 | 1 Stefan Ritt | 1 Elog Web Logbook | 2017-08-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS). | |||||
| CVE-2008-7218 | 1 Horde | 7 Groupware, Groupware Webmail Edition, Horde and 4 more | 2017-08-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. | |||||
| CVE-2008-7231 | 1 Meridio | 1 Document And Records Management | 2017-08-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 allows remote authenticated users to inject arbitrary web script or HTML via the Title field in a (1) document (subGeneralProps:dmpvDocTitle:PROP_W_title) or (2) container (subGeneralProps:dmpvContainerTitle:PROP_W_title). | |||||
| CVE-2008-7232 | 1 Netplex-tech | 1 Xtacacsd | 2017-08-16 | 10.0 HIGH | N/A |
| Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command. | |||||
| CVE-2008-7256 | 1 Linux | 1 Linux Kernel | 2017-08-16 | 1.2 LOW | N/A |
| mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643. | |||||
| CVE-2009-0575 | 1 Drupal | 1 Views Bulk Operations | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0576 | 1 Sun | 1 Java System Directory Server | 2017-08-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests. | |||||
| CVE-2009-0591 | 1 Openssl | 1 Openssl | 2017-08-16 | 2.6 LOW | N/A |
| The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. | |||||
| CVE-2009-0603 | 1 Drupal | 2 Drupal, Link Module | 2017-08-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0619 | 1 Cisco | 1 Session Border Controller | 2017-08-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Session Border Controller (SBC) before 3.0(2) for Cisco 7600 series routers allows remote attackers to cause a denial of service (SBC card reload) via crafted packets to TCP port 2000. | |||||
| CVE-2009-0630 | 1 Cisco | 1 Ios | 2017-08-16 | 7.1 HIGH | N/A |
| The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets. | |||||