Total
10777 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6948 | 1 Collabtive | 1 Collabtive | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature. | |||||
| CVE-2008-6752 | 1 Revou | 1 Revou | 2025-04-09 | 7.5 HIGH | N/A |
| adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation. | |||||
| CVE-2008-3936 | 1 Dreambox | 1 Dm500c | 2025-04-09 | 7.8 HIGH | N/A |
| The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. | |||||
| CVE-2007-5130 | 1 Boesch-it | 1 Simpgb | 2025-04-09 | 4.3 MEDIUM | N/A |
| SimpGB 1.46.02 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php or (2) a direct request to admin/trailer.php, which reveals the path in various error messages. | |||||
| CVE-2009-0093 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Server 2008 | 2025-04-09 | 3.5 LOW | N/A |
| Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. | |||||
| CVE-2009-4494 | 1 Aol | 1 Aolserver | 2025-04-09 | 5.0 MEDIUM | N/A |
| AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | |||||
| CVE-2008-6676 | 1 Quickersite | 1 Quickersite | 2025-04-09 | 5.0 MEDIUM | N/A |
| QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message. | |||||
| CVE-2008-6084 | 1 .matteoiammarrone | 1 Iamma Simple Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. | |||||
| CVE-2009-2583 | 1 Ibm | 1 Tivoli Identity Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces. | |||||
| CVE-2008-5693 | 1 Ipswitch | 1 Ws Ftp | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | |||||
| CVE-2009-1669 | 1 Smarty | 1 Smarty | 2025-04-09 | 10.0 HIGH | N/A |
| The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2654 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. | |||||
| CVE-2008-2545 | 1 Skype Technologies | 1 Skype | 2025-04-09 | 9.3 HIGH | N/A |
| Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. | |||||
| CVE-2008-4930 | 1 Mybb | 1 Mybb | 2025-04-09 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks. | |||||
| CVE-2009-1062 | 1 Adobe | 3 Acrobat, Acrobat Reader, Reader | 2025-04-09 | 9.3 HIGH | N/A |
| Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061. | |||||
| CVE-2008-5937 | 1 Zkesoft | 1 Ayeview | 2025-04-09 | 7.8 HIGH | N/A |
| AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values. | |||||
| CVE-2007-6325 | 1 Fastpublish | 1 Fastpublish Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726. | |||||
| CVE-2008-3208 | 1 Simpledns | 1 Simple Dns Plus | 2025-04-09 | 5.0 MEDIUM | N/A |
| Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 allows remote attackers to cause a denial of service via multiple DNS reply packets. | |||||
| CVE-2008-6793 | 1 Dflabs | 1 Ptk | 2025-04-09 | 6.8 MEDIUM | N/A |
| The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. | |||||
| CVE-2008-3239 | 1 Phpizabi | 1 Phpizabi | 2025-04-09 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter. | |||||