Max CVSS 10.0 Min CVSS 2.1 Total Count4279
IDCVSSSummaryLast (major) updatePublished
CVE-2014-8393 4.6
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.
28-08-2017 - 21:35 28-08-2017 - 21:35
CVE-2014-9558 7.5
Multiple SQL injection vulnerabilities in SmartCMS v.2.
28-08-2017 - 11:29 28-08-2017 - 11:29
CVE-2015-4181 5.0
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtain
25-08-2017 - 14:29 25-08-2017 - 14:29
CVE-2011-0108 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.
11-05-2017 - 10:29 11-05-2017 - 10:29
CVE-2009-3270 5.0
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
24-03-2017 - 21:59 18-09-2009 - 18:30
CVE-2009-0674 6.0
images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, an
19-02-2017 - 00:26 22-02-2009 - 17:30
CVE-2008-6996 5.0
Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that reference
19-02-2017 - 00:25 19-08-2009 - 01:24
CVE-2008-6282 6.5
SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php.
19-02-2017 - 00:25 25-02-2009 - 18:30
CVE-2008-5589 7.5
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some
19-02-2017 - 00:24 16-12-2008 - 14:07
CVE-2008-4902 7.5
SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
19-02-2017 - 00:24 03-11-2008 - 19:58
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
19-02-2017 - 00:21 08-07-2008 - 19:41
CVE-2009-0441 6.8
PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a diff
19-01-2017 - 21:59 10-02-2009 - 02:00
CVE-2008-4138 10.0
PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.
19-01-2017 - 21:59 24-09-2008 - 01:41
CVE-2015-0096 9.3
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to
02-01-2017 - 21:59 11-03-2015 - 06:59
CVE-2008-5753 9.3
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
30-12-2016 - 21:59 30-12-2008 - 12:30
CVE-2009-4032 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_sett
27-12-2016 - 21:59 29-11-2009 - 08:07
CVE-2006-1255 10.0
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT comm
19-12-2016 - 21:59 18-03-2006 - 20:02
CVE-2010-5301 7.5
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request.
07-12-2016 - 22:01 13-06-2014 - 10:55
CVE-2010-2343 9.3
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
07-12-2016 - 22:01 21-06-2010 - 11:30
CVE-2009-1632 5.0
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x
07-12-2016 - 22:01 14-05-2009 - 13:30
CVE-2009-1574 5.0
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
07-12-2016 - 22:01 06-05-2009 - 13:30
CVE-2009-1185 7.2
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
07-12-2016 - 22:01 17-04-2009 - 10:30
CVE-2008-3834 2.1
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
07-12-2016 - 22:01 07-10-2008 - 17:01
CVE-2001-0414 10.0
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
07-12-2016 - 21:59 18-06-2001 - 00:00
CVE-2010-3856 7.2
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain
06-12-2016 - 21:59 07-01-2011 - 14:00
CVE-2010-3847 6.9
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted d
06-12-2016 - 21:59 07-01-2011 - 14:00
CVE-2010-1622 6.0
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .ja
06-12-2016 - 21:59 21-06-2010 - 12:30
CVE-2010-4279 10.0
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in
02-12-2016 - 21:59 02-12-2010 - 12:15
CVE-2009-1330 9.3
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
29-11-2016 - 21:59 17-04-2009 - 10:08
CVE-2009-4219 9.3
Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obt
28-11-2016 - 14:07 07-12-2009 - 12:30
CVE-2006-4714 5.1
PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_pat
28-11-2016 - 14:06 12-09-2006 - 12:07
CVE-2008-3983 5.5
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a differen
23-11-2016 - 13:02 14-10-2008 - 17:11
CVE-2008-3984 5.5
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a differen
23-11-2016 - 13:00 14-10-2008 - 17:11
CVE-2009-0991 5.0
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-1970.
23-11-2016 - 13:00 15-04-2009 - 06:30
CVE-2008-5444 10.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5448 and CVE-
22-11-2016 - 11:14 13-01-2009 - 20:30
CVE-2008-1087 9.3
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflo
08-11-2016 - 13:13 08-04-2008 - 19:05
CVE-2008-1083 9.3
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a mal
08-11-2016 - 11:27 08-04-2008 - 19:05
CVE-2008-4510 4.9
Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.
07-11-2016 - 17:16 09-10-2008 - 14:00
CVE-2006-2407 7.5
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange
17-10-2016 - 23:39 16-05-2006 - 06:02
CVE-2005-4605 2.1
The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.
17-10-2016 - 23:38 31-12-2005 - 00:00
CVE-2005-2278 7.2
Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
17-10-2016 - 23:25 18-07-2005 - 00:00
CVE-2005-2062 7.5
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) adve
17-10-2016 - 23:24 29-06-2005 - 00:00
CVE-2005-1099 10.0
Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.
17-10-2016 - 23:17 12-04-2005 - 00:00
CVE-2005-1018 7.5
Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0952 5.0
Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0929 7.5
SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0581 4.6
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask v
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2005-0549 4.3
Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function.
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2005-0548 4.3
Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function.
17-10-2016 - 23:12 07-03-2005 - 00:00
CVE-2005-0491 10.0
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2004-1975 4.3
Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551.
17-10-2016 - 23:04 27-04-2004 - 00:00
CVE-2004-1595 7.5
Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field.
17-10-2016 - 22:57 13-10-2004 - 00:00
CVE-2004-1585 5.0
Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters.
17-10-2016 - 22:57 31-12-2004 - 00:00
CVE-2004-1580 7.5
SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
17-10-2016 - 22:56 31-12-2004 - 00:00
CVE-2004-1553 7.5
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum
17-10-2016 - 22:56 31-12-2004 - 00:00
CVE-2004-1552 7.5
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
17-10-2016 - 22:56 31-12-2004 - 00:00
CVE-2004-1551 4.3
Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.
17-10-2016 - 22:56 31-12-2004 - 00:00
CVE-2004-1520 4.6
Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.
17-10-2016 - 22:55 31-12-2004 - 00:00
CVE-2004-1388 7.5
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not proper
17-10-2016 - 22:53 31-12-2004 - 00:00
CVE-2004-1317 7.5
Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.
17-10-2016 - 22:53 27-12-2004 - 00:00
CVE-2004-1211 10.0
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS,
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1134 10.0
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
17-10-2016 - 22:51 10-01-2005 - 00:00
CVE-2004-1080 10.0
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS re
17-10-2016 - 22:51 10-01-2005 - 00:00
CVE-2004-0964 10.0
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
17-10-2016 - 22:50 09-02-2005 - 00:00
CVE-2004-0608 10.0
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f a
17-10-2016 - 22:46 06-12-2004 - 00:00
CVE-2004-0397 7.5
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
17-10-2016 - 22:45 07-07-2004 - 00:00
CVE-2004-0362 7.5
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI r
17-10-2016 - 22:44 15-04-2004 - 00:00
CVE-2004-0239 10.0
SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.
17-10-2016 - 22:42 23-11-2004 - 00:00
CVE-2004-0206 7.5
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or appl
17-10-2016 - 22:41 03-11-2004 - 00:00
CVE-2003-0822 7.5
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
17-10-2016 - 22:37 15-12-2003 - 00:00
CVE-2003-0818 7.5
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encod
17-10-2016 - 22:37 03-03-2004 - 00:00
CVE-2003-0812 7.5
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated
17-10-2016 - 22:37 15-12-2003 - 00:00
CVE-2003-0722 10.0
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
17-10-2016 - 22:36 22-09-2003 - 00:00
CVE-2003-0533 7.5
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and
17-10-2016 - 22:35 01-06-2004 - 00:00
CVE-2003-0349 7.5
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via
17-10-2016 - 22:32 24-07-2003 - 00:00
CVE-2003-0264 7.5
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 se
17-10-2016 - 22:31 27-05-2003 - 00:00
CVE-2003-0220 7.5
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
17-10-2016 - 22:30 12-05-2003 - 00:00
CVE-2003-0213 7.5
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
17-10-2016 - 22:30 12-05-2003 - 00:00
CVE-2003-0201 10.0
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
17-10-2016 - 22:30 05-05-2003 - 00:00
CVE-2003-0109 7.5
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
17-10-2016 - 22:29 31-03-2003 - 00:00
CVE-2003-0085 10.0
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
17-10-2016 - 22:29 31-03-2003 - 00:00
CVE-2002-1123 7.5
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
17-10-2016 - 22:23 24-09-2002 - 00:00
CVE-2002-1059 7.5
Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.
17-10-2016 - 22:23 04-10-2002 - 00:00
CVE-2002-0649 7.5
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04
17-10-2016 - 22:21 12-08-2002 - 00:00
CVE-2001-0797 10.0
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
17-10-2016 - 22:11 12-12-2001 - 00:00
CVE-2001-0333 7.5
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
17-10-2016 - 22:10 27-06-2001 - 00:00
CVE-2001-0241 10.0
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
17-10-2016 - 22:10 27-06-2001 - 00:00
CVE-2001-0168 10.0
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
17-10-2016 - 22:10 03-05-2001 - 00:00
CVE-2001-0167 7.6
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.
17-10-2016 - 22:10 03-05-2001 - 00:00
CVE-2000-1209 10.0
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compa
17-10-2016 - 22:09 12-08-2002 - 00:00
CVE-2000-0573 10.0
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
17-10-2016 - 22:07 07-07-2000 - 00:00
CVE-2008-5308 7.5
The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php.
11-10-2016 - 21:59 02-12-2008 - 07:00
CVE-2010-2685 7.5
siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request.
06-10-2016 - 21:59 12-07-2010 - 09:27
CVE-2010-1818 9.3
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted poi
30-09-2016 - 13:25 31-08-2010 - 16:00
CVE-2008-5619 10.0
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input tha
22-09-2016 - 21:59 16-12-2008 - 21:30
CVE-2009-5089 4.3
Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
20-09-2016 - 00:00 12-09-2011 - 08:40
CVE-2011-0708 4.3
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buf
22-08-2016 - 22:03 19-03-2011 - 22:00
CVE-2010-3709 4.3
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
22-08-2016 - 22:02 08-11-2010 - 20:00
CVE-2010-3573 5.1
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inform
22-08-2016 - 22:02 19-10-2010 - 18:00
CVE-2010-3563 10.0
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
22-08-2016 - 22:01 19-10-2010 - 18:00
CVE-2010-3552 10.0
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
22-08-2016 - 22:01 19-10-2010 - 18:00
CVE-2010-1157 2.6
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the re
22-08-2016 - 22:01 23-04-2010 - 10:30
CVE-2010-0886 10.0
Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
22-08-2016 - 22:01 20-04-2010 - 15:30
CVE-2010-0840 7.5
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
22-08-2016 - 22:00 01-04-2010 - 12:30
CVE-2010-0740 5.0
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor versi
22-08-2016 - 22:00 26-03-2010 - 14:30
CVE-2010-0094 7.5
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the p
22-08-2016 - 22:00 01-04-2010 - 12:30
CVE-2009-3869 9.3
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and S
22-08-2016 - 22:00 05-11-2009 - 11:30
CVE-2009-3867 9.3
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to
22-08-2016 - 22:00 05-11-2009 - 11:30
CVE-2009-3555 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
22-08-2016 - 21:59 09-11-2009 - 12:30
CVE-2009-3548 7.5
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
22-08-2016 - 21:59 12-11-2009 - 18:30
CVE-2009-1030 4.3
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
22-08-2016 - 21:59 19-03-2009 - 20:30
CVE-2008-5353 10.0
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows rem
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2011-5165 9.3
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
15-06-2016 - 08:26 15-09-2012 - 13:55
CVE-2009-1046 4.7
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a sma
31-05-2016 - 11:08 23-03-2009 - 12:30
CVE-2009-0714 7.2
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a de
19-05-2016 - 23:00 14-05-2009 - 13:30
CVE-2009-0696 4.3
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon ex
04-04-2016 - 11:50 29-07-2009 - 13:30
CVE-2008-2565 7.5
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
27-11-2015 - 12:16 06-06-2008 - 14:32
CVE-2008-4033 4.3
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the
10-08-2015 - 10:56 12-11-2008 - 18:30
CVE-2008-6844 7.5
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, Con
27-07-2015 - 14:36 02-07-2009 - 06:30
CVE-2010-0738 5.0
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attack
22-01-2015 - 08:59 28-04-2010 - 18:30
CVE-2011-5284 6.8
Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that p
12-01-2015 - 02:04 31-12-2014 - 17:59
CVE-2011-5283 4.3
Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action
09-01-2015 - 18:45 31-12-2014 - 17:59
CVE-2010-5318 4.3
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.
05-01-2015 - 13:27 03-01-2015 - 06:59
CVE-2010-5317 7.5
Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3)
05-01-2015 - 13:20 03-01-2015 - 06:59
CVE-2010-5315 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify creden
05-01-2015 - 13:20 03-01-2015 - 06:59
CVE-2011-5289 6.4
The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument.
02-01-2015 - 19:30 31-12-2014 - 21:59
CVE-2011-5313 7.5
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program.
02-01-2015 - 10:52 01-01-2015 - 06:59
CVE-2011-5318 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) mod
02-01-2015 - 10:43 01-01-2015 - 06:59
CVE-2010-5075 2.1
Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.
29-12-2014 - 11:14 27-12-2014 - 20:59
CVE-2010-2632 7.8
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a re
10-10-2014 - 00:26 19-01-2011 - 11:00
CVE-2010-1870 5.0
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side contex
24-07-2014 - 00:22 17-08-2010 - 16:00
CVE-2010-5299 6.8
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is
30-06-2014 - 14:07 22-05-2014 - 20:55
CVE-2010-5300 6.8
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
12-06-2014 - 09:08 11-06-2014 - 10:55
CVE-2009-1621 5.0
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter.
04-06-2014 - 23:34 12-05-2009 - 12:30
CVE-2008-5587 4.3
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
15-05-2014 - 23:22 16-12-2008 - 14:07
CVE-2011-0654 10.0
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and S
05-05-2014 - 00:53 15-02-2011 - 20:00
CVE-2009-4238 6.5
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
05-05-2014 - 00:36 10-12-2009 - 18:30
CVE-2009-4237 3.5
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or
05-05-2014 - 00:36 10-12-2009 - 18:30
CVE-2009-5141 4.0
Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.
01-04-2014 - 07:07 31-03-2014 - 23:24
CVE-2009-0689 6.8
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD
25-03-2014 - 23:51 01-07-2009 - 09:00
CVE-2011-0762 4.0
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions
20-02-2014 - 23:40 02-03-2011 - 15:00
CVE-2009-1667 9.3
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
07-01-2014 - 22:54 18-05-2009 - 14:30
CVE-2009-5137 7.5
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667.
06-01-2014 - 21:53 03-01-2014 - 14:55
CVE-2009-4663 9.3
Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX control allows remote attackers to execute arbitrary code via a long argument to the AddAttachment method.
12-12-2013 - 23:33 03-03-2010 - 15:30
CVE-2009-4140 7.5
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_global
12-12-2013 - 23:32 22-12-2009 - 17:30
CVE-2006-6199 7.5
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
12-12-2013 - 22:37 30-11-2006 - 20:28
CVE-2006-6184 10.0
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
12-12-2013 - 22:37 30-11-2006 - 19:28
CVE-2009-0927 9.3
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerabili
22-11-2013 - 13:19 19-03-2009 - 06:30
CVE-2010-1143 4.3
Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
02-11-2013 - 22:57 07-05-2010 - 14:24
CVE-2010-0187 4.3
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
02-11-2013 - 22:56 15-02-2010 - 13:30
CVE-2010-0013 5.0
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) requ
02-11-2013 - 22:55 09-01-2010 - 13:30
CVE-2009-1376 9.3
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remo
02-11-2013 - 22:49 26-05-2009 - 11:30
CVE-2009-0950 9.3
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
02-11-2013 - 22:48 02-06-2009 - 14:30
CVE-2010-1159 6.8
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.
29-10-2013 - 16:53 28-10-2013 - 18:55
CVE-2009-1955 7.8
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via
10-10-2013 - 23:14 07-06-2009 - 21:00
CVE-2010-2861 7.5
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/sett
23-09-2013 - 23:39 11-08-2010 - 14:47
CVE-2010-4258 6.2
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain pri
13-09-2013 - 02:38 30-12-2010 - 14:00
CVE-2010-1491 5.0
Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
13-09-2013 - 02:31 23-04-2010 - 10:30
CVE-2010-1049 7.5
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.
12-09-2013 - 02:08 22-03-2010 - 21:00
CVE-2009-2334 4.9
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensit
10-09-2013 - 02:00 10-07-2009 - 17:00
CVE-2010-4993 7.5
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
09-09-2013 - 02:06 01-11-2011 - 18:55
CVE-2010-1354 5.0
Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from
09-09-2013 - 01:58 12-04-2010 - 14:30
CVE-2010-0985 7.5
Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of the
08-09-2013 - 01:55 16-03-2010 - 15:30
CVE-2011-0420 5.0
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
07-09-2013 - 02:11 18-02-2011 - 20:00
CVE-2010-0976 7.5
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts
07-09-2013 - 02:02 16-03-2010 - 15:30
CVE-2010-5012 7.5
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
05-09-2013 - 11:48 02-11-2011 - 17:55
CVE-2010-4849 7.5
SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
04-09-2013 - 02:11 27-09-2011 - 06:55
CVE-2010-3490 6.5
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the use
03-09-2013 - 02:15 28-09-2010 - 14:00
CVE-2010-2315 7.5
PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.
03-09-2013 - 02:13 17-06-2010 - 12:30
CVE-2010-4330 6.8
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
31-08-2013 - 02:17 07-12-2010 - 08:53
CVE-2009-0443 9.3
Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL.
31-08-2013 - 01:58 10-02-2009 - 02:00
CVE-2010-4333 7.5
Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
30-08-2013 - 02:16 21-12-2010 - 22:00
CVE-2010-4940 7.5
SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-08-2013 - 02:26 09-10-2011 - 06:55
CVE-2010-2004 9.3
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vu
29-08-2013 - 02:20 20-05-2010 - 17:30
CVE-2010-5020 7.5
SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
28-08-2013 - 02:31 02-11-2011 - 17:55
CVE-2010-3595 7.8
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was o
28-08-2013 - 02:26 19-01-2011 - 11:00
CVE-2010-1713 7.5
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.
28-08-2013 - 02:20 04-05-2010 - 12:00
CVE-2009-4713 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.ph
28-08-2013 - 02:15 15-03-2010 - 17:30
CVE-2009-4456 7.5
SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.
28-08-2013 - 02:14 29-12-2009 - 19:30
CVE-2010-5289 7.5
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long s
27-08-2013 - 10:17 24-08-2013 - 23:27
CVE-2009-1169 9.3
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT trans
27-08-2013 - 02:19 26-03-2009 - 20:30
CVE-2008-6749 6.8
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.
27-08-2013 - 02:14 24-04-2009 - 10:30
CVE-2008-2992 9.3
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-20
27-08-2013 - 02:03 04-11-2008 - 13:29
CVE-2010-4350 5.1
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a fu
26-08-2013 - 23:07 03-01-2011 - 15:00
CVE-2010-4349 5.0
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a functi
26-08-2013 - 23:07 03-01-2011 - 15:00
CVE-2010-4348 4.3
Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADO
26-08-2013 - 23:06 03-01-2011 - 15:00
CVE-2010-3407 9.3
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long
24-08-2013 - 02:17 16-09-2010 - 17:00
CVE-2010-0759 7.5
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via d
24-08-2013 - 02:12 26-02-2010 - 19:30
CVE-2009-4817 6.8
Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.
22-08-2013 - 02:17 27-04-2010 - 11:30
CVE-2010-0288 7.5
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the
21-08-2013 - 23:27 15-02-2010 - 13:30
CVE-2010-0287 5.0
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
21-08-2013 - 23:27 15-02-2010 - 13:30
CVE-2010-2703 10.0
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe
21-08-2013 - 02:23 28-07-2010 - 08:48
CVE-2010-0696 5.0
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
21-08-2013 - 02:18 23-02-2010 - 13:30
CVE-2009-3547 6.9
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna
20-08-2013 - 02:34 04-11-2009 - 10:30
CVE-2010-1341 7.5
SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter.
19-08-2013 - 12:27 09-04-2010 - 14:30
CVE-2010-0832 6.9
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .
19-08-2013 - 12:18 12-07-2010 - 12:30
CVE-2010-4557 10.0
Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrar
19-08-2013 - 02:17 17-12-2010 - 14:00
CVE-2010-3962 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issu
19-08-2013 - 02:16 05-11-2010 - 13:00
CVE-2010-3313 7.5
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows
18-08-2013 - 02:14 22-09-2010 - 15:00
CVE-2010-0756 5.8
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
18-08-2013 - 02:09 26-02-2010 - 19:30
CVE-2010-2744 7.2
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges b
16-08-2013 - 03:06 13-10-2010 - 15:00
CVE-2010-1058 6.8
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter
14-08-2013 - 02:11 23-03-2010 - 13:30
CVE-2011-0503 6.8
Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) chang
13-08-2013 - 12:59 20-01-2011 - 14:00
CVE-2010-5284 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to
13-08-2013 - 12:58 26-11-2012 - 18:55
CVE-2009-4574 7.5
SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
13-08-2013 - 12:46 06-01-2010 - 17:00
CVE-2010-3134 9.3
Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .k
09-08-2013 - 02:24 26-08-2010 - 14:36
CVE-2010-2330 9.3
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header.
08-08-2013 - 02:18 18-06-2010 - 16:30
CVE-2009-2180 5.0
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.
07-08-2013 - 02:11 23-06-2009 - 17:30
CVE-2011-0903 6.8
Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.
06-08-2013 - 17:27 07-02-2011 - 16:00
CVE-2009-3314 7.5
SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.
06-08-2013 - 17:10 23-09-2009 - 08:08
CVE-2010-1350 7.5
SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
02-08-2013 - 02:32 12-04-2010 - 14:30
CVE-2010-3404 7.5
Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form rel
01-08-2013 - 02:21 16-09-2010 - 16:00
CVE-2010-1336 7.5
Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. N
30-07-2013 - 02:05 09-04-2010 - 14:30
CVE-2010-3456 5.0
Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
29-07-2013 - 12:31 17-09-2010 - 16:00
CVE-2010-2697 3.5
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details
29-07-2013 - 12:29 12-07-2010 - 13:30
CVE-2010-4275 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action
27-07-2013 - 02:18 21-12-2010 - 22:00
CVE-2010-3205 7.5
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
26-07-2013 - 02:27 03-09-2010 - 14:00
CVE-2011-0049 5.0
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted em
25-07-2013 - 12:29 03-02-2011 - 20:00
CVE-2010-4862 7.5
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
25-07-2013 - 12:28 05-10-2011 - 06:55
CVE-2010-1217 4.3
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NO
23-07-2013 - 04:57 30-03-2010 - 19:30
CVE-2010-4795 7.5
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are
21-07-2013 - 03:03 26-04-2011 - 20:55
CVE-2010-1205 7.5
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
21-07-2013 - 02:57 30-06-2010 - 14:30
CVE-2010-5060 7.5
SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
20-07-2013 - 03:01 22-11-2011 - 20:55
CVE-2010-0711 6.8
Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the del
20-07-2013 - 02:53 25-02-2010 - 15:30
CVE-2010-3138 9.3
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player o
18-07-2013 - 23:57 27-08-2010 - 15:00
CVE-2010-1534 5.0
Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
18-07-2013 - 11:10 26-04-2010 - 14:30
CVE-2010-0722 7.5
SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter.
18-07-2013 - 11:08 26-02-2010 - 15:30
CVE-2010-0425 10.0
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an
17-07-2013 - 12:12 05-03-2010 - 14:30
CVE-2010-4280 7.5
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter i
17-07-2013 - 02:21 02-12-2010 - 12:15
CVE-2010-0467 5.0
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
17-07-2013 - 02:13 02-02-2010 - 12:30
CVE-2009-3641 4.3
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
15-07-2013 - 01:57 28-10-2009 - 10:30
CVE-2011-0407 7.5
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.
14-07-2013 - 02:12 10-01-2011 - 22:00
CVE-2010-0249 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote
13-07-2013 - 02:41 15-01-2010 - 12:30
CVE-2009-3002 4.9
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to th
13-07-2013 - 02:36 28-08-2009 - 11:30
CVE-2008-4885 7.5
SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
11-07-2013 - 01:45 03-11-2008 - 19:57
CVE-2010-0642 5.0
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending
10-07-2013 - 15:49 17-02-2010 - 13:30
CVE-2010-5027 4.3
Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party
04-07-2013 - 03:14 02-11-2011 - 17:55
CVE-2010-1721 7.5
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php.
04-07-2013 - 03:05 04-05-2010 - 12:00
CVE-2010-3147 9.3
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to
07-06-2013 - 22:55 27-08-2010 - 15:00
CVE-2010-3143 9.3
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .
07-06-2013 - 22:55 27-08-2010 - 15:00
CVE-2010-2482 4.3
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than
14-05-2013 - 23:10 06-07-2010 - 13:17
CVE-2009-3732 10.0
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
14-05-2013 - 23:01 12-04-2010 - 14:30
CVE-2009-2267 6.9
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.
14-05-2013 - 22:57 02-11-2009 - 10:30
CVE-2010-2103 4.3
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other produc
09-05-2013 - 23:17 27-05-2010 - 18:30
CVE-2010-0219 10.0
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by u
09-05-2013 - 23:14 18-10-2010 - 13:00
CVE-2009-5135 5.0
The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) is
02-05-2013 - 00:00 02-05-2013 - 07:44
CVE-2009-1284 5.0
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
18-04-2013 - 22:49 09-04-2009 - 12:27
CVE-2010-1897 7.2
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback para
13-02-2013 - 00:00 11-08-2010 - 14:47
CVE-2010-2621 5.0
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
07-02-2013 - 00:00 02-07-2010 - 16:30
CVE-2009-3031 9.3
Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9
06-02-2013 - 23:21 03-11-2009 - 11:30
CVE-2009-2473 4.3
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large numbe
06-02-2013 - 23:20 21-08-2009 - 13:30
CVE-2009-1429 10.0
The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 bef
06-02-2013 - 23:17 29-04-2009 - 11:30
CVE-2010-5287 7.5
SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter.
31-01-2013 - 08:48 31-01-2013 - 00:43
CVE-2009-5067 4.3
Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps
30-01-2013 - 00:00 10-10-2012 - 14:55
CVE-2009-5134 6.8
Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly ex
29-01-2013 - 00:00 18-01-2013 - 18:55
CVE-2009-1480 7.5
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.
23-01-2013 - 00:00 29-04-2009 - 14:30
CVE-2009-2958 4.3
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option
22-01-2013 - 23:19 02-09-2009 - 11:30
CVE-2009-2957 6.8
Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) req
22-01-2013 - 23:19 02-09-2009 - 11:30
CVE-2009-2847 4.9
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive informati
22-01-2013 - 23:18 18-08-2009 - 17:00
CVE-2009-1386 5.0
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
22-01-2013 - 23:15 04-06-2009 - 12:30
CVE-2009-1379 5.0
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS
22-01-2013 - 23:15 19-05-2009 - 15:30
CVE-2011-0027 9.3
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a
21-01-2013 - 00:00 11-01-2011 - 20:00
CVE-2009-1049 7.5
SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.
03-01-2013 - 00:00 24-03-2009 - 10:30
CVE-2008-6953 9.3
Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.
03-01-2013 - 00:00 12-08-2009 - 06:30
CVE-2010-1797 9.3
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 o
18-12-2012 - 23:27 16-08-2010 - 14:39
CVE-2010-5285 6.8
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.
28-11-2012 - 23:27 26-11-2012 - 18:55
CVE-2010-5280 7.5
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a u
27-11-2012 - 00:00 26-11-2012 - 18:55
CVE-2008-2292 6.8
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in
26-11-2012 - 22:46 18-05-2008 - 10:20
CVE-2010-2204 9.3
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
05-11-2012 - 23:41 30-06-2010 - 14:30
CVE-2010-2201 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator,
05-11-2012 - 23:41 30-06-2010 - 14:30
CVE-2010-2168 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerabil
05-11-2012 - 23:41 30-06-2010 - 14:30
CVE-2010-2020 6.9
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mou
05-11-2012 - 23:41 28-05-2010 - 14:30
CVE-2010-1297 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a den
05-11-2012 - 23:39 08-06-2010 - 14:30
CVE-2010-1240 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arb
05-11-2012 - 23:38 05-04-2010 - 11:30
CVE-2010-1199 9.3
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for
05-11-2012 - 23:38 24-06-2010 - 08:30
CVE-2008-6132 6.8
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
05-11-2012 - 23:14 13-02-2009 - 13:30
CVE-2008-5063 10.0
PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.
05-11-2012 - 23:11 13-11-2008 - 06:30
CVE-2008-5053 10.0
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
05-11-2012 - 23:11 13-11-2008 - 06:30
CVE-2008-3598 7.5
Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.
05-11-2012 - 23:07 12-08-2008 - 15:41
CVE-2007-3340 7.8
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages.
05-11-2012 - 22:41 21-06-2007 - 18:30
CVE-2007-3162 5.0
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
05-11-2012 - 22:41 11-06-2007 - 18:30
CVE-2008-5132 7.5
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
30-10-2012 - 23:06 18-11-2008 - 06:30
CVE-2008-5000 6.8
SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.
30-10-2012 - 23:06 10-11-2008 - 09:12
CVE-2008-4864 7.5
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function,
30-10-2012 - 23:06 31-10-2008 - 20:00
CVE-2008-4250 10.0
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during p
30-10-2012 - 23:04 23-10-2008 - 18:00
CVE-2008-4037 9.3
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as
30-10-2012 - 23:03 12-11-2008 - 18:30
CVE-2008-4029 4.3
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external
30-10-2012 - 23:03 12-11-2008 - 18:30
CVE-2007-3336 10.0
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at diffe
30-10-2012 - 22:38 22-06-2007 - 14:30
CVE-2007-3137 4.3
Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the page
30-10-2012 - 22:37 08-06-2007 - 12:30
CVE-2007-3061 7.8
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
30-10-2012 - 22:37 05-06-2007 - 21:30
CVE-2007-2446 10.0
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notif
30-10-2012 - 22:34 14-05-2007 - 17:19
CVE-2008-4653 7.5
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party infor
29-10-2012 - 23:17 21-10-2008 - 20:11
CVE-2008-4627 7.5
SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.
29-10-2012 - 23:17 20-10-2008 - 21:18
CVE-2008-4558 6.8
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
29-10-2012 - 23:17 14-10-2008 - 20:00
CVE-2008-4361 7.8
Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI.
29-10-2012 - 23:17 30-09-2008 - 19:24
CVE-2008-4210 4.6
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspec
29-10-2012 - 23:16 29-09-2008 - 13:17
CVE-2008-4113 4.7
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit
29-10-2012 - 23:16 16-09-2008 - 19:00
CVE-2008-1858 7.5
SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
29-10-2012 - 23:10 16-04-2008 - 15:05
CVE-2008-1647 9.3
The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary f
29-10-2012 - 23:09 02-04-2008 - 13:44
CVE-2008-0016 10.0
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
29-10-2012 - 23:04 24-09-2008 - 16:37
CVE-2010-5193 9.3
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit pa
26-10-2012 - 00:00 31-08-2012 - 17:55
CVE-2009-4118 2.1
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of servi
25-10-2012 - 00:00 30-11-2009 - 19:30
CVE-2009-4554 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element
24-10-2012 - 00:00 04-01-2010 - 16:30
CVE-2009-4117 9.3
Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain t
24-10-2012 - 00:00 30-11-2009 - 19:30
CVE-2009-2220 5.1
Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the tem
24-10-2012 - 00:00 26-06-2009 - 11:30
CVE-2008-6804 7.5
** DISPUTED ** Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party reports that the vendor disputes the
24-10-2012 - 00:00 11-05-2009 - 16:30
CVE-2008-4894 5.1
Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary loc
24-10-2012 - 00:00 03-11-2008 - 19:58
CVE-2008-4893 2.6
Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the template_path p
24-10-2012 - 00:00 03-11-2008 - 19:58
CVE-2008-0135 5.0
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
24-10-2012 - 00:00 08-01-2008 - 14:46
CVE-2010-0453 4.9
The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_V
22-10-2012 - 23:19 03-02-2010 - 13:30
CVE-2009-3076 9.3
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbit
22-10-2012 - 23:10 10-09-2009 - 17:30
CVE-2009-2694 10.0
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory
22-10-2012 - 23:09 21-08-2009 - 07:02
CVE-2009-2692 7.2
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using
22-10-2012 - 23:09 14-08-2009 - 11:16
CVE-2009-1979 10.0
Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtaine
22-10-2012 - 23:07 22-10-2009 - 14:30
CVE-2009-1977 10.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the
22-10-2012 - 23:07 14-07-2009 - 19:30
CVE-2009-0981 4.0
Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has
22-10-2012 - 23:04 15-04-2009 - 06:30
CVE-2009-0812 9.3
Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained
22-10-2012 - 23:03 04-03-2009 - 12:30
CVE-2008-5457 10.0
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrit
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-3979 5.5
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Ja
22-10-2012 - 22:53 13-01-2009 - 20:30
CVE-2007-4734 4.3
Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
22-10-2012 - 22:34 06-09-2007 - 15:17
CVE-2008-4652 9.3
Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property.
04-10-2012 - 00:00 21-10-2008 - 20:11
CVE-2008-6031 7.5
SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable.
24-09-2012 - 22:59 03-02-2009 - 06:30
CVE-2010-1807 9.3
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (applic
14-09-2012 - 00:00 10-09-2010 - 15:00
CVE-2009-0553 9.3
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that trig
14-09-2012 - 00:00 15-04-2009 - 04:00
CVE-2009-2608 6.8
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are alre
12-09-2012 - 22:45 27-07-2009 - 14:30
CVE-2009-2259
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2608. Reason: This candidate is a duplicate of CVE-2009-2608. Notes: All CVE users should reference CVE-2009-2608 instead of this candidate. All references and descriptions in t
12-09-2012 - 22:44 30-06-2009 - 06:30
CVE-2010-5239 6.9
Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory, as demonstrated by a directory that cont
07-09-2012 - 12:27 07-09-2012 - 06:32
CVE-2010-5227 6.9
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .x
07-09-2012 - 11:07 07-09-2012 - 06:32
CVE-2010-5241 6.9
Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 2010 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) IBFS32.DLL file in the current working directory, as demonstrated by a directory that contains a .dw
07-09-2012 - 00:00 07-09-2012 - 06:32
CVE-2010-5240 6.9
Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a direc
07-09-2012 - 00:00 07-09-2012 - 06:32
CVE-2010-5236 6.9
Untrusted search path vulnerability in Roxio Easy Media Creator Home 9.0.136 allows local users to gain privileges via a Trojan horse homeutils9.dll file in the current working directory, as demonstrated by a directory that contains a .roxio, .c2d, o
07-09-2012 - 00:00 07-09-2012 - 06:32
CVE-2010-5195 6.9
Untrusted search path vulnerability in Roxio MyDVD 9 allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory, as demonstrated by a directory that contains a .dmsd or .dmsm file. NOTE: some of the
06-09-2012 - 00:00 06-09-2012 - 06:41
CVE-2010-5194 9.3
Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long st
05-09-2012 - 00:00 31-08-2012 - 17:55
CVE-2010-4538 9.3
Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with
13-08-2012 - 23:21 07-01-2011 - 14:00
CVE-2010-4301 5.0
epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.
13-08-2012 - 23:20 26-11-2010 - 14:00
CVE-2010-4300 7.5
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly
13-08-2012 - 23:20 26-11-2010 - 14:00
CVE-2009-1831 9.3
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer
13-08-2012 - 23:01 29-05-2009 - 18:30
CVE-2009-0833 9.3
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from thir
13-08-2012 - 22:58 05-03-2009 - 15:30
CVE-2009-0263 10.0
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 fil
13-08-2012 - 22:57 23-01-2009 - 14:00
CVE-2008-4682 5.0
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
13-08-2012 - 22:49 22-10-2008 - 14:00
CVE-2010-4170 7.2
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
27-07-2012 - 23:14 07-12-2010 - 17:00
CVE-2009-0695 7.5
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
26-06-2012 - 00:00 19-06-2012 - 16:55
CVE-2010-4409 5.0
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
22-06-2012 - 23:25 06-12-2010 - 15:13
CVE-2011-1021 3.6
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of a
22-06-2012 - 00:00 21-06-2012 - 19:55
CVE-2009-3898 4.9
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination
08-06-2012 - 23:14 24-11-2009 - 12:30
CVE-2008-5680 9.3
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this
07-06-2012 - 13:27 19-12-2008 - 11:30
CVE-2009-1234 4.3
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.
07-06-2012 - 00:00 02-04-2009 - 13:30
CVE-2010-3714 7.1
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote a
31-05-2012 - 23:33 25-10-2010 - 16:01
CVE-2010-5099 6.8
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restricti
31-05-2012 - 00:00 30-05-2012 - 16:55
CVE-2012-2344
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5099. Reason: This candidate is a duplicate of CVE-2010-5099. Notes: All CVE users should reference CVE-2010-5099 instead of this candidate. All references and descriptions in t
21-05-2012 - 16:55 21-05-2012 - 16:55
CVE-2010-4846 7.5
SQL injection vulnerability in view_item.php in MH Products Pay Pal Shop Digital allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
21-05-2012 - 00:00 27-09-2011 - 06:55
CVE-2010-4845 7.5
Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php.
21-05-2012 - 00:00 27-09-2011 - 06:55
CVE-2010-4842 7.5
SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party in
21-05-2012 - 00:00 27-09-2011 - 06:55
CVE-2010-4967 7.5
SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter.
14-05-2012 - 00:00 21-10-2011 - 06:55
CVE-2010-4948 7.5
PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4947 4.3
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4946 7.5
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4944 7.5
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4943 7.5
Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4939 7.5
PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4935 7.5
SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4934 7.5
SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4931 10.0
** DISPUTED ** Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable th
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4929 7.5
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4924 7.5
** DISPUTED ** PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable t
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4920 7.5
SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter.
14-05-2012 - 00:00 08-10-2011 - 06:55
CVE-2010-4919 7.5
SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter.
14-05-2012 - 00:00 08-10-2011 - 06:55
CVE-2010-4914 7.5
PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter.
14-05-2012 - 00:00 08-10-2011 - 06:55
CVE-2010-4905 7.5
SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter.
14-05-2012 - 00:00 08-10-2011 - 06:55
CVE-2010-4904 7.5
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details ar
14-05-2012 - 00:00 08-10-2011 - 06:55
CVE-2010-4898 7.5
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
14-05-2012 - 00:00 08-10-2011 - 06:55
CVE-2010-4893 4.3
Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action.
14-05-2012 - 00:00 08-10-2011 - 06:55
CVE-2010-4879 7.5
PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.
14-05-2012 - 00:00 07-10-2011 - 06:55
CVE-2010-4878 7.5
PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
14-05-2012 - 00:00 07-10-2011 - 06:55
CVE-2010-4876 7.5
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter.
14-05-2012 - 00:00 07-10-2011 - 06:55
CVE-2010-4869 7.5
SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter.
14-05-2012 - 00:00 05-10-2011 - 06:55
CVE-2010-4856 7.5
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.
14-05-2012 - 00:00 05-10-2011 - 06:55
CVE-2009-5103 4.3
Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable.
14-05-2012 - 00:00 21-10-2011 - 06:55
CVE-2009-5102 7.5
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
14-05-2012 - 00:00 21-10-2011 - 06:55
CVE-2008-7301 7.5
SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third part
14-05-2012 - 00:00 04-10-2011 - 22:56
CVE-2010-4798 6.8
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter.
01-05-2012 - 00:00 26-04-2011 - 20:55
CVE-2010-1813 6.8
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
30-03-2012 - 00:00 09-09-2010 - 18:00
CVE-2012-1913
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0754. Reason: This candidate is a reservation duplicate of CVE-2010-0754. Notes: All CVE users should reference CVE-2010-0754 instead of this candidate. All references and descr
28-03-2012 - 06:55 28-03-2012 - 06:55
CVE-2010-4347 6.9
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_i
19-03-2012 - 00:00 22-12-2010 - 16:00
CVE-2010-4249 4.9
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via
19-03-2012 - 00:00 29-11-2010 - 11:00
CVE-2010-4243 4.9
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a cr
19-03-2012 - 00:00 22-01-2011 - 17:00
CVE-2010-4165 4.9
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small v
19-03-2012 - 00:00 22-11-2010 - 08:00
CVE-2010-3904 7.2
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privile
19-03-2012 - 00:00 06-12-2010 - 15:13
CVE-2010-3858 4.9
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit pl
19-03-2012 - 00:00 30-11-2010 - 16:38
CVE-2010-3437 6.6
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dere
19-03-2012 - 00:00 04-10-2010 - 17:00
CVE-2010-3301 7.2
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users
19-03-2012 - 00:00 22-09-2010 - 15:00
CVE-2010-3081 7.2
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to
19-03-2012 - 00:00 24-09-2010 - 16:00
CVE-2010-2963 6.2
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kerne
19-03-2012 - 00:00 26-11-2010 - 14:00
CVE-2010-2959 7.2
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code o
19-03-2012 - 00:00 08-09-2010 - 16:00
CVE-2010-2943 7.9
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assign
19-03-2012 - 00:00 30-09-2010 - 11:00
CVE-2010-1146 6.9
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonst
19-03-2012 - 00:00 12-04-2010 - 14:30
CVE-2009-3726 7.8
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect
19-03-2012 - 00:00 09-11-2009 - 14:30
CVE-2009-3001 4.9
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC
19-03-2012 - 00:00 28-08-2009 - 11:30
CVE-2009-2698 7.2
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
19-03-2012 - 00:00 27-08-2009 - 13:30
CVE-2009-1527 6.9
Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to
19-03-2012 - 00:00 05-05-2009 - 16:30
CVE-2009-1337 4.4
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies
19-03-2012 - 00:00 22-04-2009 - 11:30
CVE-2009-0065 10.0
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large
19-03-2012 - 00:00 07-01-2009 - 14:30
CVE-2008-5079 4.9
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, relat
19-03-2012 - 00:00 08-12-2008 - 19:30
CVE-2010-4969 7.5
SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2012 - 00:00 01-11-2011 - 18:55
CVE-2010-5083 7.5
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
29-02-2012 - 00:00 14-02-2012 - 15:55
CVE-2010-4975 7.5
SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php.
16-02-2012 - 00:00 01-11-2011 - 18:55
CVE-2010-2543 4.3
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an
15-02-2012 - 23:05 23-08-2010 - 18:00
CVE-2010-1431 7.5
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.
15-02-2012 - 23:02 04-05-2010 - 12:00
CVE-2010-3024 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative pass
15-02-2012 - 00:00 16-08-2010 - 16:00
CVE-2010-4982 7.5
SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter.
14-02-2012 - 00:00 01-11-2011 - 18:55
CVE-2010-4981 7.5
SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
14-02-2012 - 00:00 01-11-2011 - 18:55
CVE-2010-5037 7.5
SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5036 7.5
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5035 4.3
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third p
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5034 7.5
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5033 7.5
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5029 7.5
SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5026 6.8
SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5023 7.5
SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5021 7.5
SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5013 7.5
SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5011 7.5
SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5010 4.3
Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5009 7.5
SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5008 7.5
SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5007 4.3
Cross-site scripting (XSS) vulnerability in pages/match_report.php in UTStats Beta 4 and earlier allows remote attackers to inject arbitrary web script or HTML via the mid parameter.
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-5003 7.5
SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details a
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-5000 7.5
SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obta
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-4998 7.5
PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained fr
13-02-2012 - 23:02 02-11-2011 - 17:55
CVE-2010-4995 7.5
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4992 7.5
SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4985 4.3
Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to inject arbitrary web script or HTML via vectors involving the "Enter Reference Number Below" text box.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4984 7.5
SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the "Enter Reference Number Below" text box.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4983 7.5
SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4980 7.5
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4976 4.3
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third part
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4974 7.5
SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4972 7.5
SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncat_id parameter.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4970 7.5
SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0.28 allows remote attackers to execute arbitrary SQL commands via the id parameter.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4968 7.5
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
13-02-2012 - 23:02 01-11-2011 - 18:55
CVE-2010-4959 7.5
SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4955 7.5
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4954 7.5
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4945 7.5
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4942 7.5
SQL injection vulnerability in location.php in the eCal module in E-Xoopport Samsara 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4941 7.5
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4937 7.5
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4933 7.5
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4928 4.3
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4927 7.5
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4926 7.5
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4925 7.5
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
13-02-2012 - 23:02 09-10-2011 - 06:55
CVE-2010-4921 7.5
SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4918 7.5
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4917 7.5
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4916 7.5
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4915 7.5
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4913 4.3
Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party informa
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4912 7.5
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4911 7.5
SQL injection vulnerability in classi/detail.php in PHP Classifieds Ads allows remote attackers to execute arbitrary SQL commands via the sid parameter.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4910 7.5
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4902 7.5
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4895 4.3
Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third part
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4894 7.5
SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
13-02-2012 - 23:02 08-10-2011 - 06:55
CVE-2010-4884 7.5
PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
13-02-2012 - 23:02 07-10-2011 - 06:55
CVE-2010-4874 4.3
Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter.
13-02-2012 - 23:02 07-10-2011 - 06:55
CVE-2010-4872 7.5
SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter.
13-02-2012 - 23:02 07-10-2011 - 06:55
CVE-2010-4870 7.5
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
13-02-2012 - 23:02 07-10-2011 - 06:55
CVE-2010-4866 7.5
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4865 7.5
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4861 7.5
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4860 7.5
SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4858 5.0
Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4857 7.5
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4855 7.5
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4853 7.5
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
13-02-2012 - 23:02 05-10-2011 - 06:55
CVE-2010-4852 4.3
Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action.
13-02-2012 - 23:02 27-09-2011 - 06:55
CVE-2010-4851 7.5
Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php.
13-02-2012 - 23:02 27-09-2011 - 06:55
CVE-2010-4850 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin
13-02-2012 - 23:02 27-09-2011 - 06:55
CVE-2010-4847 7.5
SQL injection vulnerability in view_item.php in MH Products MHP Downloadshop allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
13-02-2012 - 23:02 27-09-2011 - 06:55
CVE-2010-4844 7.5
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
13-02-2012 - 23:02 27-09-2011 - 06:55
CVE-2010-4843 7.5
SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
13-02-2012 - 23:02 27-09-2011 - 06:55
CVE-2010-4838 6.0
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs
13-02-2012 - 23:02 13-09-2011 - 22:56
CVE-2010-4837 4.3
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: so
13-02-2012 - 23:02 13-09-2011 - 22:56
CVE-2010-4835 4.0
Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.
13-02-2012 - 23:02 13-09-2011 - 22:56
CVE-2010-4834 6.5
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_type
13-02-2012 - 23:02 13-09-2011 - 22:56
CVE-2009-5098 5.4
The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a flo
13-02-2012 - 22:52 13-09-2011 - 15:59
CVE-2010-4988 7.5
PHP remote file inclusion vulnerability in mod_chatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to execute arbitrary PHP code via a URL in the TMPL[path] parameter.
07-02-2012 - 00:00 01-11-2011 - 18:55
CVE-2010-4987 7.5
SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter.
07-02-2012 - 00:00 01-11-2011 - 18:55
CVE-2010-4986 7.5
SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.
07-02-2012 - 00:00 01-11-2011 - 18:55
CVE-2009-0304 7.8
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrat
07-02-2012 - 00:00 27-01-2009 - 15:30
CVE-2008-6236 7.5
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is
07-02-2012 - 00:00 21-02-2009 - 18:30
CVE-2008-6220 7.5
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.
07-02-2012 - 00:00 20-02-2009 - 16:30
CVE-2008-4654 9.3
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted
27-01-2012 - 00:33 21-10-2008 - 20:11
CVE-2010-0364 9.3
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
27-01-2012 - 00:32 21-01-2010 - 15:30
CVE-2008-3732 9.3
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based bu
27-01-2012 - 00:31 20-08-2008 - 12:41
CVE-2009-2484 9.3
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execut
27-01-2012 - 00:30 16-07-2009 - 12:30
CVE-2009-1045 5.0
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
27-01-2012 - 00:00 23-03-2009 - 12:30
CVE-2008-5032 9.3
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier orig
27-01-2012 - 00:00 10-11-2008 - 11:15
CVE-2008-4686 9.3
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654
27-01-2012 - 00:00 22-10-2008 - 14:00
CVE-2010-3631 9.3
Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
26-01-2012 - 22:54 06-10-2010 - 13:00
CVE-2010-1029 5.0
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (ap
26-01-2012 - 22:49 19-03-2010 - 17:30
CVE-2011-0536 6.9
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain
26-01-2012 - 00:00 08-04-2011 - 11:17
CVE-2010-4989 7.5
SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.
12-01-2012 - 00:00 01-11-2011 - 18:55
CVE-2010-5059 7.5
SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.
10-01-2012 - 00:00 22-11-2011 - 20:55
CVE-2009-4365 4.3
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via
10-01-2012 - 00:00 21-12-2009 - 11:30
CVE-2009-3565 4.3
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node p
10-01-2012 - 00:00 13-11-2009 - 10:30
CVE-2008-4844 9.3
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2)
10-01-2012 - 00:00 11-12-2008 - 10:30
CVE-2009-1210 10.0
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details ar
29-12-2011 - 00:00 01-04-2009 - 06:30
CVE-2010-5081 9.3
Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.
28-12-2011 - 00:00 24-12-2011 - 20:55
CVE-2009-5109 9.3
Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.
28-12-2011 - 00:00 24-12-2011 - 20:55
CVE-2010-4990 7.5
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php.
21-12-2011 - 00:00 01-11-2011 - 18:55
CVE-2009-3825 7.5
Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php.
14-12-2011 - 00:00 28-10-2009 - 06:30
CVE-2009-3823 4.3
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter.
14-12-2011 - 00:00 28-10-2009 - 06:30
CVE-2011-4275 4.3
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a cr
12-12-2011 - 23:09 25-11-2011 - 22:57
CVE-2009-4086 5.0
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obt
12-12-2011 - 00:00 29-11-2009 - 08:07
CVE-2009-4085 7.5
PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; t
12-12-2011 - 00:00 29-11-2009 - 08:07
CVE-2009-3972 7.5
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.
12-12-2011 - 00:00 18-11-2009 - 18:30
CVE-2009-3971 7.5
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
12-12-2011 - 00:00 18-11-2009 - 18:30
CVE-2009-3964 7.5
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
12-12-2011 - 00:00 18-11-2009 - 18:30
CVE-2009-3843 10.0
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.cata
12-12-2011 - 00:00 23-11-2009 - 19:30
CVE-2009-3577 9.3
Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."
12-12-2011 - 00:00 24-11-2009 - 12:30
CVE-2010-5062 7.5
SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter.
28-11-2011 - 00:00 22-11-2011 - 20:55
CVE-2010-5056 7.5
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
28-11-2011 - 00:00 22-11-2011 - 20:55
CVE-2010-5053 7.5
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.
28-11-2011 - 00:00 22-11-2011 - 20:55
CVE-2010-5055 7.5
SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
23-11-2011 - 10:05 22-11-2011 - 20:55
CVE-2010-5047 7.5
SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
23-11-2011 - 08:53 22-11-2011 - 20:55
CVE-2010-5058 7.5
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third p
23-11-2011 - 00:00 22-11-2011 - 20:55
CVE-2010-5057 7.5
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.
23-11-2011 - 00:00 22-11-2011 - 20:55
CVE-2010-5001 7.5
SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
21-11-2011 - 00:00 01-11-2011 - 18:55
CVE-2010-4999 7.5
SQL injection vulnerability in index.php in esoftpro Online Photo Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the section parameter.
21-11-2011 - 00:00 01-11-2011 - 18:55
CVE-2010-4996 7.5
SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
21-11-2011 - 00:00 01-11-2011 - 18:55
CVE-2010-4991 7.5
SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to index.php.
21-11-2011 - 00:00 01-11-2011 - 18:55
CVE-2010-5028 7.5
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5022 7.5
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5019 7.5
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5018 4.3
Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5017 7.5
SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5016 7.5
SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5014 7.5
SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5004 7.5
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-4997 7.5
SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action.
17-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5045 4.3
Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter.
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5044 6.0
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5043 6.0
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5042 4.3
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOT
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5041 7.5
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5040 6.8
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtaine
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5039 7.5
SQL injection vulnerability in control/admin_login.php in ScriptsFeed Recipes Listing Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter (aka the UserName field). NOTE: some of these details are obtained f
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2010-5032 7.5
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
16-11-2011 - 00:00 02-11-2011 - 17:55
CVE-2009-3976 9.3
Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message).
16-11-2011 - 00:00 18-11-2009 - 18:30
CVE-2010-1301 7.5
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.
10-11-2011 - 00:00 07-04-2010 - 14:30
CVE-2009-3418 6.5
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands vi
10-11-2011 - 00:00 25-09-2009 - 18:30
CVE-2008-3013 9.3
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint
18-10-2011 - 00:00 10-09-2008 - 21:11
CVE-2006-6576 7.5
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affe
18-10-2011 - 00:00 15-12-2006 - 14:28
CVE-2008-2245 9.3
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
17-10-2011 - 00:00 12-08-2008 - 20:41
CVE-2007-5348 9.3
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerP
17-10-2011 - 00:00 10-09-2008 - 21:01
CVE-2010-2456 6.8
Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type param
12-10-2011 - 00:00 25-06-2010 - 17:30
CVE-2010-3146 9.3
Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contai
06-10-2011 - 00:00 27-08-2010 - 15:00
CVE-2011-0096 4.3
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for cont
04-10-2011 - 22:51 31-01-2011 - 15:00
CVE-2010-4701 7.6
Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote
04-10-2011 - 22:50 20-01-2011 - 14:00
CVE-2010-3148 9.3
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file
04-10-2011 - 22:48 27-08-2010 - 15:00
CVE-2010-2746 7.6
Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer i
04-10-2011 - 22:47 13-10-2010 - 15:00
CVE-2010-2745 9.3
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka
04-10-2011 - 22:47 13-10-2010 - 15:00
CVE-2010-2743 7.2
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated
04-10-2011 - 22:47 20-01-2011 - 16:00
CVE-2010-2549 7.2
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUs
04-10-2011 - 22:46 02-07-2010 - 15:00
CVE-2010-3329 9.3
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Cor
04-10-2011 - 00:00 13-10-2010 - 15:00
CVE-2010-3332 5.0
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt
03-10-2011 - 00:00 22-09-2010 - 15:00
CVE-2011-1047 7.5
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is
22-09-2011 - 00:00 21-02-2011 - 14:00
CVE-2009-3249 7.5
Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/
22-09-2011 - 00:00 18-09-2009 - 16:30
CVE-2011-0887 4.3
The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack o
21-09-2011 - 23:29 08-02-2011 - 17:00
CVE-2011-0886 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for
21-09-2011 - 23:29 08-02-2011 - 17:00
CVE-2011-0885 10.0
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) we
21-09-2011 - 23:29 08-02-2011 - 17:00
CVE-2011-0535 6.8
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to ind
21-09-2011 - 23:28 08-02-2011 - 17:00
CVE-2011-0522 6.8
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a su
21-09-2011 - 23:28 07-02-2011 - 16:00
CVE-2011-0517 9.3
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
21-09-2011 - 23:28 20-01-2011 - 14:00
CVE-2011-0406 10.0
Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.
21-09-2011 - 23:28 10-01-2011 - 22:00
CVE-2011-0354 10.0
The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an uns
21-09-2011 - 23:28 03-02-2011 - 11:00
CVE-2011-0063 5.0
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which caus
21-09-2011 - 23:27 15-03-2011 - 13:55
CVE-2010-4830 7.5
SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.
21-09-2011 - 23:27 24-08-2011 - 06:55
CVE-2010-4801 6.0
Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filepath parameter.
21-09-2011 - 23:27 26-04-2011 - 20:55
CVE-2010-4800 7.5
SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
21-09-2011 - 23:27 26-04-2011 - 20:55
CVE-2010-4799 6.8
Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter
21-09-2011 - 23:27 26-04-2011 - 20:55
CVE-2010-4797 7.5
Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
21-09-2011 - 23:27 26-04-2011 - 20:55
CVE-2010-4794 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a js
21-09-2011 - 23:27 26-04-2011 - 20:55
CVE-2010-4793 7.5
SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.
21-09-2011 - 23:27 26-04-2011 - 20:55
CVE-2010-4791 7.5
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter
21-09-2011 - 23:27 26-04-2011 - 20:55
CVE-2010-4782 7.5
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed
21-09-2011 - 23:27 07-04-2011 - 10:23
CVE-2010-4781 5.0
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.
21-09-2011 - 23:27 07-04-2011 - 10:23
CVE-2010-4780 7.5
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the ema
21-09-2011 - 23:27 07-04-2011 - 10:23
CVE-2010-4776 7.5
SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.
21-09-2011 - 23:27 23-03-2011 - 18:00
CVE-2010-4770 7.5
SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
21-09-2011 - 23:27 23-03-2011 - 18:00
CVE-2010-4750 6.8
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
21-09-2011 - 23:27 01-03-2011 - 17:00
CVE-2010-4749 4.3
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admi
21-09-2011 - 23:27 01-03-2011 - 17:00
CVE-2010-4740 9.3
Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message.
21-09-2011 - 23:27 15-02-2011 - 22:00
CVE-2010-4738 7.5
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.
21-09-2011 - 23:27 15-02-2011 - 22:00
CVE-2010-4737 7.5
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
21-09-2011 - 23:27 15-02-2011 - 22:00
CVE-2010-4736 7.5
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.
21-09-2011 - 23:27 15-02-2011 - 22:00
CVE-2010-4734 2.6
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters.
21-09-2011 - 23:27 15-02-2011 - 22:00
CVE-2010-4566 9.3
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows
21-09-2011 - 23:26 14-01-2011 - 18:00
CVE-2010-4328 7.5
Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes.
21-09-2011 - 23:26 18-02-2011 - 20:00
CVE-2010-4323 7.5
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request.
21-09-2011 - 23:26 18-02-2011 - 20:00
CVE-2010-4227 10.0
The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-bas
21-09-2011 - 23:26 25-02-2011 - 14:00
CVE-2010-4107 7.8
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the dev
21-09-2011 - 23:25 17-11-2010 - 11:00
CVE-2010-2709 9.3
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
21-09-2011 - 23:22 05-08-2010 - 14:17
CVE-2010-1964 7.5
Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.
21-09-2011 - 23:21 17-06-2010 - 12:30
CVE-2010-1554 10.0
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.
21-09-2011 - 23:20 13-05-2010 - 13:30
CVE-2010-1553 10.0
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.
21-09-2011 - 23:20 13-05-2010 - 13:30
CVE-2010-0480 9.3
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a craft
21-09-2011 - 23:17 14-04-2010 - 12:00
CVE-2009-5087 5.0
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
21-09-2011 - 23:16 12-09-2011 - 08:40
CVE-2009-1028 9.3
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
21-09-2011 - 23:07 19-03-2009 - 20:30
CVE-2009-0932 6.4
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image
21-09-2011 - 23:07 17-03-2009 - 17:30
CVE-2008-3922 9.3
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.
21-09-2011 - 22:58 04-09-2008 - 14:41
CVE-2011-0045 7.2
The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain pr
21-09-2011 - 00:00 08-02-2011 - 20:00
CVE-2010-4435 10.0
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the Jan
21-09-2011 - 00:00 19-01-2011 - 12:00
CVE-2010-4321 9.3
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.
21-09-2011 - 00:00 30-12-2010 - 14:00
CVE-2008-6189 7.5
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
21-09-2011 - 00:00 19-02-2009 - 13:30
CVE-2007-0449 10.0
Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote
20-09-2011 - 00:00 23-01-2007 - 16:28
CVE-2010-4221 10.0
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
14-09-2011 - 23:18 09-11-2010 - 16:00
CVE-2010-4839 7.5
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
14-09-2011 - 00:00 13-09-2011 - 22:56
CVE-2009-5095 6.8
PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter.
14-09-2011 - 00:00 12-09-2011 - 08:40
CVE-2009-5094 7.5
SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter.
14-09-2011 - 00:00 12-09-2011 - 08:40
CVE-2009-5093 5.0
Directory traversal vulnerability in gastbuch.php in G?stebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.
14-09-2011 - 00:00 12-09-2011 - 08:40
CVE-2009-5091 7.5
SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
14-09-2011 - 00:00 12-09-2011 - 08:40
CVE-2009-5090 6.8
SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors.
14-09-2011 - 00:00 12-09-2011 - 08:40
CVE-2009-5088 7.5
SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter.
14-09-2011 - 00:00 12-09-2011 - 08:40
CVE-2006-0123 7.5
Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors.
08-09-2011 - 00:00 09-01-2006 - 06:03
CVE-2011-1137 5.0
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
06-09-2011 - 23:15 11-03-2011 - 12:55
CVE-2007-5082 10.0
Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to mi
06-09-2011 - 00:00 01-10-2007 - 16:17
CVE-2006-6183 10.0
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command.
06-09-2011 - 00:00 30-11-2006 - 19:28
CVE-2006-3838 10.0
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Net
06-09-2011 - 00:00 26-07-2006 - 21:04
CVE-2006-3459 7.5
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, incl
06-09-2011 - 00:00 02-08-2006 - 21:04
CVE-2006-1148 7.5
Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which trigge
06-09-2011 - 00:00 10-03-2006 - 06:02
CVE-2005-3817 7.5
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid paramet
06-09-2011 - 00:00 25-11-2005 - 21:03
CVE-2007-3216 10.0
Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserI
01-09-2011 - 00:00 14-06-2007 - 18:30
CVE-2008-4342 9.3
NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attacke
31-08-2011 - 00:00 30-09-2008 - 13:22
CVE-2010-4259 6.8
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
26-08-2011 - 23:45 07-12-2010 - 08:53
CVE-2010-4829 7.5
SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
25-08-2011 - 00:00 24-08-2011 - 06:55
CVE-2007-4652 4.4
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
23-08-2011 - 00:00 04-09-2007 - 15:17
CVE-2006-2685 4.0
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.p
23-08-2011 - 00:00 31-05-2006 - 06:06
CVE-2008-1358 6.5
Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.
10-08-2011 - 00:00 17-03-2008 - 13:44
CVE-2010-0317 7.8
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality i
08-08-2011 - 00:00 15-01-2010 - 13:30
CVE-2009-4613 7.5
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details
08-08-2011 - 00:00 14-01-2010 - 14:30
CVE-2009-4610 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter
08-08-2011 - 00:00 13-01-2010 - 15:30
CVE-2008-4623 7.5
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
05-08-2011 - 00:00 20-10-2008 - 21:18
CVE-2008-1918 6.0
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] paramete
05-08-2011 - 00:00 23-04-2008 - 09:05
CVE-2007-1034 7.5
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
05-08-2011 - 00:00 21-02-2007 - 06:28
CVE-2010-2883 9.3
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF documen
04-08-2011 - 00:00 09-09-2010 - 18:00
CVE-2007-6166 9.3
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Conten
04-08-2011 - 00:00 28-11-2007 - 20:46
CVE-2009-2479 7.8
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-bas
02-08-2011 - 00:00 16-07-2009 - 11:30
CVE-2008-3704 9.3
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP
01-08-2011 - 00:00 18-08-2008 - 15:41
CVE-2005-3314 7.5
Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments."
01-08-2011 - 00:00 18-11-2005 - 17:03
CVE-2010-1938 9.3
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly
28-07-2011 - 22:37 28-05-2010 - 14:30
CVE-2006-2439 7.6
Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.
28-07-2011 - 00:00 01-06-2006 - 06:02
CVE-2010-3967 9.3
Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka
27-07-2011 - 00:00 16-12-2010 - 14:33
CVE-2009-4104 7.5
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.
26-07-2011 - 00:00 29-11-2009 - 08:08
CVE-2010-4091 9.3
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF
25-07-2011 - 00:00 07-11-2010 - 17:00
CVE-2010-3765 9.3
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related
25-07-2011 - 00:00 27-10-2010 - 20:00
CVE-2010-1039 10.0
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers
25-07-2011 - 00:00 20-05-2010 - 13:30
CVE-2008-1470 4.3
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CV
25-07-2011 - 00:00 24-03-2008 - 18:44
CVE-2010-3145 9.3
Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working
20-07-2011 - 00:00 27-08-2010 - 15:00
CVE-2010-3131 9.3
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbit
20-07-2011 - 00:00 26-08-2010 - 14:36
CVE-2011-0489 7.5
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the L
19-07-2011 - 00:00 18-01-2011 - 13:03
CVE-2010-4052 5.0
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular exp
19-07-2011 - 00:00 13-01-2011 - 14:00
CVE-2010-3678 4.0
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
19-07-2011 - 00:00 11-01-2011 - 15:00
CVE-2010-3133 9.3
Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly
19-07-2011 - 00:00 26-08-2010 - 14:36
CVE-2010-4398 7.2
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain
18-07-2011 - 22:41 06-12-2010 - 08:44
CVE-2010-4371 9.3
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
18-07-2011 - 22:41 02-12-2010 - 11:22
CVE-2010-3973 9.3
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef met
18-07-2011 - 22:41 23-12-2010 - 13:00
CVE-2010-3972 10.0
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a den
18-07-2011 - 22:41 23-12-2010 - 13:00
CVE-2010-3971 9.3
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code
18-07-2011 - 22:40 22-12-2010 - 16:00
CVE-2010-3944 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
18-07-2011 - 22:40 16-12-2010 - 14:33
CVE-2010-3886 4.3
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtai
18-07-2011 - 22:40 08-10-2010 - 18:00
CVE-2010-3639 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unkn
18-07-2011 - 22:40 07-11-2010 - 17:00
CVE-2010-3396 7.2
Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.
18-07-2011 - 22:39 15-09-2010 - 14:00
CVE-2010-3338 7.2
The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted app
18-07-2011 - 22:39 16-12-2010 - 14:33
CVE-2010-3227 9.3
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
18-07-2011 - 22:39 26-10-2010 - 18:00
CVE-2010-3189 9.3
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
18-07-2011 - 22:39 31-08-2010 - 16:00
CVE-2010-3187 10.0
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.
18-07-2011 - 22:39 30-08-2010 - 16:00
CVE-2010-3142 9.3
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder
18-07-2011 - 22:39 27-08-2010 - 15:00
CVE-2010-3140 9.3
Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll
18-07-2011 - 22:39 27-08-2010 - 15:00
CVE-2010-3139 9.3
Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located i
18-07-2011 - 22:39 27-08-2010 - 15:00
CVE-2010-3137 9.3
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3136 9.3
Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .sk
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3132 9.3
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3130 9.3
Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3128 9.3
Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3127 9.3
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3126 9.3
Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3124 9.3
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located i
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2010-3106 9.3
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) vi
18-07-2011 - 22:39 23-08-2010 - 18:00
CVE-2010-3000 9.3
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or
18-07-2011 - 22:39 30-08-2010 - 16:00
CVE-2010-2866 9.3
Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure"
18-07-2011 - 22:38 26-08-2010 - 17:00
CVE-2010-2738 9.3
The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly
18-07-2011 - 22:38 15-09-2010 - 15:00
CVE-2010-2731 6.8
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted
18-07-2011 - 22:38 15-09-2010 - 15:00
CVE-2010-2729 9.3
The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permis
18-07-2011 - 22:38 15-09-2010 - 15:00
CVE-2010-1899 4.3
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS
18-07-2011 - 22:37 15-09-2010 - 15:00
CVE-2010-1663 10.0
The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
18-07-2011 - 22:36 03-05-2010 - 09:51
CVE-2010-1527 9.3
Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.
18-07-2011 - 22:36 23-08-2010 - 18:00
CVE-2009-4018 7.5
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute pr
18-07-2011 - 22:31 29-11-2009 - 08:07
CVE-2009-4017 5.0
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier f
18-07-2011 - 22:31 23-11-2009 - 19:30
CVE-2009-2655 4.3
mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one a
18-07-2011 - 22:29 03-08-2009 - 10:30
CVE-2009-2433 4.3
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
18-07-2011 - 22:28 10-07-2009 - 17:00
CVE-2010-3653 9.3
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose va
18-07-2011 - 00:00 26-10-2010 - 14:00
CVE-2010-3144 9.3
Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demon
18-07-2011 - 00:00 27-08-2010 - 15:00
CVE-2010-3129 9.3
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll,
18-07-2011 - 00:00 26-08-2010 - 14:36
CVE-2010-4814 7.5
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
11-07-2011 - 00:00 08-07-2011 - 18:55
CVE-2010-4810 7.5
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) la
11-07-2011 - 00:00 08-07-2011 - 18:55
CVE-2010-4809 7.5
SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
11-07-2011 - 00:00 08-07-2011 - 18:55
CVE-2010-4808 7.5
SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter.
11-07-2011 - 00:00 08-07-2011 - 18:55
CVE-2006-3011 4.6
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
11-07-2011 - 00:00 26-06-2006 - 17:05
CVE-2009-3103 10.0
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (syste
24-06-2011 - 00:00 08-09-2009 - 18:30
CVE-2009-3023 9.3
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption,
24-06-2011 - 00:00 31-08-2009 - 16:30
CVE-2009-2521 2.6
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that re
24-06-2011 - 00:00 04-09-2009 - 06:30
CVE-2007-4897 5.0
pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was ori
13-06-2011 - 00:00 14-09-2007 - 14:17
CVE-2007-0882 10.0
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to
13-06-2011 - 00:00 12-02-2007 - 15:28
CVE-2008-5517 7.5
The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.
06-06-2011 - 00:00 13-01-2009 - 12:00
CVE-2010-0232 7.2
The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabl
10-05-2011 - 00:00 21-01-2010 - 14:30
CVE-2009-0422 7.5
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[Confi
03-05-2011 - 00:00 04-02-2009 - 19:30
CVE-2009-4623 7.5
Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this mig
02-05-2011 - 00:00 18-01-2010 - 15:30
CVE-2010-0356 9.3
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the
29-04-2011 - 00:00 18-01-2010 - 14:30
CVE-2009-4617 7.5
Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.ph
29-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4616 4.3
Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.
29-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4615 7.5
SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action.
29-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4614 7.5
Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the MOA_PATH parameter to (1) _error_funcs.php, (2) _integrity_funcs.php, (3) _template_component_ad
29-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2010-0372 7.5
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.
28-04-2011 - 00:00 21-01-2010 - 17:30
CVE-2010-0361 10.0
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI i
28-04-2011 - 00:00 20-01-2010 - 11:30
CVE-2009-4628 7.5
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4627 5.0
Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614.
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4625 7.5
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute a
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4624 7.5
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843.
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4621 7.5
SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php.
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4620 7.5
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2009-4618 7.5
Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php.
28-04-2011 - 00:00 18-01-2010 - 15:30
CVE-2010-4711 10.0
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.
26-04-2011 - 16:54 31-01-2011 - 15:00
CVE-2011-0644 7.5
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
26-04-2011 - 00:00 25-01-2011 - 14:00
CVE-2011-0642 4.3
Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these de
26-04-2011 - 00:00 25-01-2011 - 14:00
CVE-2011-1100 6.5
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images acti
21-04-2011 - 00:00 25-02-2011 - 12:00
CVE-2010-4751 6.0
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-659
21-04-2011 - 00:00 01-03-2011 - 17:00
CVE-2007-3901 8.5
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
18-04-2011 - 00:00 11-12-2007 - 19:46
CVE-2010-4362 7.5
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp.
08-04-2011 - 23:31 01-12-2010 - 11:06
CVE-2006-2447 5.1
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
07-04-2011 - 00:00 06-06-2006 - 17:06
CVE-2009-3701 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary
04-04-2011 - 00:00 21-12-2009 - 11:30
CVE-2010-4774 7.5
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.
24-03-2011 - 00:00 23-03-2011 - 18:00
CVE-2010-4772 4.3
Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php.
24-03-2011 - 00:00 23-03-2011 - 18:00
CVE-2010-4771 7.5
SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
24-03-2011 - 00:00 23-03-2011 - 18:00
CVE-2010-4769 7.5
Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.
24-03-2011 - 00:00 23-03-2011 - 18:00
CVE-2010-0050 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
17-03-2011 - 22:45 15-03-2010 - 10:15
CVE-2008-5183 4.3
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggere
17-03-2011 - 22:30 20-11-2008 - 21:30
CVE-2011-1062 4.3
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to inde
10-03-2011 - 22:51 22-02-2011 - 20:00
CVE-2011-0404 7.5
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than
10-03-2011 - 22:50 10-01-2011 - 22:00
CVE-2010-2568 9.3
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not prope
10-03-2011 - 22:45 22-07-2010 - 01:43
CVE-2009-0177 5.0
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0
10-03-2011 - 00:00 20-01-2009 - 11:00
CVE-2010-3449 6.8
Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remo
07-03-2011 - 22:30 06-12-2010 - 15:13
CVE-2009-0658 9.3
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as expl
07-03-2011 - 22:18 20-02-2009 - 14:30
CVE-2009-0643 5.1
Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of thes
07-03-2011 - 22:18 20-02-2009 - 01:47
CVE-2009-0604 7.5
SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter.
07-03-2011 - 22:18 16-02-2009 - 15:30
CVE-2009-0574 7.5
SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.
07-03-2011 - 22:18 13-02-2009 - 12:30
CVE-2009-0545 10.0
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
07-03-2011 - 22:18 12-02-2009 - 18:30
CVE-2009-0491 9.3
Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL.
07-03-2011 - 22:18 09-02-2009 - 20:30
CVE-2009-0490 9.3
Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrar
07-03-2011 - 22:18 09-02-2009 - 20:30
CVE-2009-0476 9.3
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, a
07-03-2011 - 22:18 08-02-2009 - 16:30
CVE-2009-0442 6.8
Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and 1.3h allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
07-03-2011 - 22:18 10-02-2009 - 02:00
CVE-2009-0407 7.5
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
07-03-2011 - 22:18 03-02-2009 - 14:30
CVE-2009-0406 7.5
SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:18 03-02-2009 - 14:30
CVE-2009-0403 7.5
SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
07-03-2011 - 22:18 03-02-2009 - 14:30
CVE-2009-0388 10.0
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a m
07-03-2011 - 22:18 04-02-2009 - 14:30
CVE-2009-0373 7.5
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
07-03-2011 - 22:18 30-01-2009 - 14:30
CVE-2009-0371 6.8
Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
07-03-2011 - 22:18 30-01-2009 - 14:30
CVE-2009-0360 6.2
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configurat
07-03-2011 - 22:18 13-02-2009 - 12:30
CVE-2009-0351 9.0
Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remote authenticated users to execute arbitrary code via a long LIST argument beginning with an * (asterisk) character.
07-03-2011 - 22:18 29-01-2009 - 14:30
CVE-2009-0262 9.3
Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
07-03-2011 - 22:18 23-01-2009 - 14:00
CVE-2009-0184 9.3
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in
07-03-2011 - 22:18 03-02-2009 - 14:30
CVE-2009-0183 10.0
Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.
07-03-2011 - 22:18 03-02-2009 - 14:30
CVE-2009-0172 5.0
Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.
07-03-2011 - 22:18 16-01-2009 - 16:30
CVE-2008-6492 6.8
Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request
07-03-2011 - 22:16 19-03-2009 - 20:30
CVE-2008-6356 5.0
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.md
07-03-2011 - 22:16 02-03-2009 - 11:30
CVE-2008-6233 7.5
SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter.
07-03-2011 - 22:15 20-02-2009 - 18:30
CVE-2008-6232 7.5
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
07-03-2011 - 22:15 20-02-2009 - 18:30
CVE-2008-6231 7.5
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
07-03-2011 - 22:15 20-02-2009 - 18:30
CVE-2008-6230 7.5
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:15 20-02-2009 - 18:30
CVE-2008-6228 7.5
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
07-03-2011 - 22:15 20-02-2009 - 18:30
CVE-2008-6227 7.5
SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters.
07-03-2011 - 22:15 20-02-2009 - 18:30
CVE-2008-6226 6.8
SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.
07-03-2011 - 22:15 20-02-2009 - 18:30
CVE-2008-6225 7.5
** DISPUTED ** SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and
07-03-2011 - 22:15 20-02-2009 - 18:30
CVE-2008-6221 7.5
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
07-03-2011 - 22:15 20-02-2009 - 16:30
CVE-2008-6186 9.0
Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands.
07-03-2011 - 22:15 19-02-2009 - 13:30
CVE-2008-6185 5.0
NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command.
07-03-2011 - 22:15 19-02-2009 - 13:30
CVE-2008-6183 7.8
Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters.
07-03-2011 - 22:15 19-02-2009 - 13:30
CVE-2008-6180 7.5
SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.
07-03-2011 - 22:15 19-02-2009 - 13:30
CVE-2008-6178 7.5
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with P
07-03-2011 - 22:15 19-02-2009 - 11:30
CVE-2008-6078 7.5
SQL injection vulnerability in open.php in the Private Messaging (com_privmsg) component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php.
07-03-2011 - 22:15 06-02-2009 - 06:30
CVE-2008-6036 7.5
PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter.
07-03-2011 - 22:15 03-02-2009 - 06:30
CVE-2008-6032 7.5
SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:15 03-02-2009 - 06:30
CVE-2008-6028 7.5
SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action.
07-03-2011 - 22:15 03-02-2009 - 06:30
CVE-2008-5975 7.5
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from thi
07-03-2011 - 22:15 26-01-2009 - 20:30
CVE-2008-5974 7.5
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
07-03-2011 - 22:15 26-01-2009 - 20:30
CVE-2008-5972 7.5
SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
07-03-2011 - 22:15 26-01-2009 - 20:30
CVE-2008-5965 5.0
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter.
07-03-2011 - 22:15 26-01-2009 - 15:30
CVE-2008-5958 7.5
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
07-03-2011 - 22:15 23-01-2009 - 14:00
CVE-2008-5953 7.5
Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI.
07-03-2011 - 22:15 23-01-2009 - 14:00
CVE-2008-5952 6.0
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.
07-03-2011 - 22:15 23-01-2009 - 14:00
CVE-2008-5805 7.5
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828.
07-03-2011 - 22:15 31-12-2008 - 06:30
CVE-2008-5802 7.5
SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
07-03-2011 - 22:15 31-12-2008 - 06:30
CVE-2008-5792 6.8
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogo
07-03-2011 - 22:15 31-12-2008 - 06:30
CVE-2008-5788 7.5
SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:15 31-12-2008 - 06:30
CVE-2008-5785 7.5
SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
07-03-2011 - 22:15 31-12-2008 - 06:30
CVE-2008-5784 7.5
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
07-03-2011 - 22:15 31-12-2008 - 06:30
CVE-2008-5783 7.5
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
07-03-2011 - 22:15 31-12-2008 - 06:30
CVE-2008-5782 7.5
SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
07-03-2011 - 22:15 31-12-2008 - 06:30
CVE-2008-5756 9.3
Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.
07-03-2011 - 22:15 30-12-2008 - 12:30
CVE-2008-5726 7.5
SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:15 26-12-2008 - 12:30
CVE-2008-5724 7.2
The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of
07-03-2011 - 22:15 26-12-2008 - 12:30
CVE-2008-5689 7.2
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.
07-03-2011 - 22:14 19-12-2008 - 12:30
CVE-2008-5666 3.5
WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.
07-03-2011 - 22:14 18-12-2008 - 20:52
CVE-2008-5664 9.3
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
07-03-2011 - 22:14 18-12-2008 - 20:52
CVE-2008-5655 7.5
Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmar
07-03-2011 - 22:14 17-12-2008 - 13:30
CVE-2008-5652 7.5
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these det
07-03-2011 - 22:14 17-12-2008 - 13:30
CVE-2008-5651 7.5
SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter.
07-03-2011 - 22:14 17-12-2008 - 13:30
CVE-2008-5649 10.0
SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.
07-03-2011 - 22:14 17-12-2008 - 13:30
CVE-2008-5642 5.0
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-5641 7.5
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-5640 7.5
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-5637 7.5
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-5636 6.8
SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-5632 7.5
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-5630 6.8
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-5626 4.0
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
07-03-2011 - 22:14 17-12-2008 - 12:30
CVE-2008-5621 6.0
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table
07-03-2011 - 22:14 16-12-2008 - 21:30
CVE-2008-5496 7.5
SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
07-03-2011 - 22:14 12-12-2008 - 11:30
CVE-2008-5494 7.5
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
07-03-2011 - 22:14 12-12-2008 - 11:30
CVE-2008-5493 7.5
SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:14 12-12-2008 - 11:30
CVE-2008-5490 7.5
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:14 12-12-2008 - 11:30
CVE-2008-5489 7.5
SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.
07-03-2011 - 22:14 12-12-2008 - 11:30
CVE-2008-5405 9.3
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
07-03-2011 - 22:14 10-12-2008 - 01:44
CVE-2008-5365 7.5
SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
07-03-2011 - 22:14 08-12-2008 - 06:30
CVE-2008-5336 7.5
SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
07-03-2011 - 22:14 04-12-2008 - 20:30
CVE-2008-5335 6.8
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157,
07-03-2011 - 22:14 04-12-2008 - 20:30
CVE-2008-5320 6.5
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
07-03-2011 - 22:14 03-12-2008 - 14:30
CVE-2008-5314 4.3
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_ph
07-03-2011 - 22:14 03-12-2008 - 12:30
CVE-2008-5311 7.5
SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:14 02-12-2008 - 07:00
CVE-2008-5310 7.5
SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:14 02-12-2008 - 07:00
CVE-2008-5307 7.5
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
07-03-2011 - 22:14 02-12-2008 - 07:00
CVE-2008-5306 7.5
SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information.
07-03-2011 - 22:14 02-12-2008 - 07:00
CVE-2008-5282 10.0
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
07-03-2011 - 22:14 28-11-2008 - 21:30
CVE-2008-5221 7.5
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified passw
07-03-2011 - 22:14 25-11-2008 - 13:30
CVE-2008-5220 10.0
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ad
07-03-2011 - 22:14 25-11-2008 - 13:30
CVE-2008-5178 9.3
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
07-03-2011 - 22:14 20-11-2008 - 10:30
CVE-2008-5159 10.0
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corrupt
07-03-2011 - 22:14 18-11-2008 - 16:30
CVE-2008-5062 5.0
Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter.
07-03-2011 - 22:13 13-11-2008 - 06:30
CVE-2008-5061 4.3
Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.
07-03-2011 - 22:13 13-11-2008 - 06:30
CVE-2008-5058 7.5
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from th
07-03-2011 - 22:13 13-11-2008 - 06:30
CVE-2008-5051 7.5
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
07-03-2011 - 22:13 12-11-2008 - 21:30
CVE-2008-5042 7.5
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
07-03-2011 - 22:13 12-11-2008 - 16:11
CVE-2008-5003 7.5
SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:13 10-11-2008 - 09:12
CVE-2008-5002 9.3
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this co
07-03-2011 - 22:13 10-11-2008 - 09:12
CVE-2008-4922 9.3
Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.
07-03-2011 - 22:13 04-11-2008 - 16:00
CVE-2008-4900 7.5
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:13 03-11-2008 - 19:58
CVE-2008-4895 7.5
SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:13 03-11-2008 - 19:58
CVE-2008-4841 9.3
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corrupti
07-03-2011 - 22:13 10-12-2008 - 09:00
CVE-2008-4781 7.5
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
07-03-2011 - 22:13 29-10-2008 - 10:22
CVE-2008-4780 6.8
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.
07-03-2011 - 22:13 29-10-2008 - 10:22
CVE-2008-4779 10.0
Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.
07-03-2011 - 22:13 29-10-2008 - 10:22
CVE-2008-4762 9.0
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
07-03-2011 - 22:13 27-10-2008 - 22:00
CVE-2008-4760 6.8
SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:13 27-10-2008 - 22:00
CVE-2008-4759 5.0
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.
07-03-2011 - 22:13 27-10-2008 - 22:00
CVE-2008-4755 7.5
SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:13 27-10-2008 - 22:00
CVE-2008-4754 5.8
SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
07-03-2011 - 22:13 27-10-2008 - 16:00
CVE-2008-4748 7.6
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string
07-03-2011 - 22:13 27-10-2008 - 16:00
CVE-2008-4728 9.3
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsyn
07-03-2011 - 22:12 23-10-2008 - 20:00
CVE-2008-4726 9.0
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.
07-03-2011 - 22:12 23-10-2008 - 20:00
CVE-2008-4725 4.3
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a diffe
07-03-2011 - 22:12 23-10-2008 - 18:00
CVE-2008-4696 4.3
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the His
07-03-2011 - 22:12 23-10-2008 - 18:00
CVE-2008-4673 10.0
PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.
07-03-2011 - 22:12 22-10-2008 - 06:30
CVE-2008-4667 7.5
Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter.
07-03-2011 - 22:12 22-10-2008 - 06:30
CVE-2008-4665 7.5
SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php.
07-03-2011 - 22:12 22-10-2008 - 06:30
CVE-2008-4628 7.5
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
07-03-2011 - 22:12 20-10-2008 - 21:18
CVE-2008-4624 9.3
PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.
07-03-2011 - 22:12 20-10-2008 - 21:18
CVE-2008-4622 7.5
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
07-03-2011 - 22:12 20-10-2008 - 21:18
CVE-2008-4621 7.5
SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.
07-03-2011 - 22:12 20-10-2008 - 21:18
CVE-2008-4620 7.5
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
07-03-2011 - 22:12 20-10-2008 - 21:18
CVE-2008-4619 10.0
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this mig
07-03-2011 - 22:12 20-10-2008 - 20:10
CVE-2008-4572 10.0
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper f
07-03-2011 - 22:12 15-10-2008 - 16:00
CVE-2008-4556 10.0
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
07-03-2011 - 22:12 14-10-2008 - 18:36
CVE-2008-4529 7.5
Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.
07-03-2011 - 22:12 09-10-2008 - 14:14
CVE-2008-4501 9.0
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
07-03-2011 - 22:12 08-10-2008 - 20:00
CVE-2008-4500 4.0
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
07-03-2011 - 22:12 08-10-2008 - 20:00
CVE-2008-4486 10.0
Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
07-03-2011 - 22:12 07-10-2008 - 22:00
CVE-2008-4472 9.3
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPat
07-03-2011 - 22:12 07-10-2008 - 16:00
CVE-2008-4471 9.3
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files
07-03-2011 - 22:12 07-10-2008 - 16:00
CVE-2008-4453 9.3
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite
07-03-2011 - 22:12 06-10-2008 - 19:25
CVE-2008-4449 9.3
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
07-03-2011 - 22:12 06-10-2008 - 15:56
CVE-2008-4434 9.3
Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a
07-03-2011 - 22:12 03-10-2008 - 18:22
CVE-2008-4421 7.8
Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.
07-03-2011 - 22:12 07-10-2008 - 16:00
CVE-2008-4397 10.0
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x
07-03-2011 - 22:12 14-10-2008 - 17:10
CVE-2008-4363 7.2
DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use o
07-03-2011 - 22:12 30-09-2008 - 19:24
CVE-2008-4362 4.9
The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0.
07-03-2011 - 22:12 30-09-2008 - 19:24
CVE-2008-4341 7.5
add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin.
07-03-2011 - 22:12 30-09-2008 - 13:22
CVE-2008-4335 7.5
SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.
07-03-2011 - 22:12 30-09-2008 - 13:22
CVE-2008-4322 10.0
Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet.
07-03-2011 - 22:12 29-09-2008 - 15:25
CVE-2008-4243 7.8
Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
07-03-2011 - 22:12 25-09-2008 - 15:25
CVE-2008-4241 7.5
SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie.
07-03-2011 - 22:12 25-09-2008 - 15:25
CVE-2008-4194 5.0
The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."
07-03-2011 - 22:12 24-09-2008 - 07:42
CVE-2008-4178 7.5
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these deta
07-03-2011 - 22:12 23-09-2008 - 11:25
CVE-2008-4146 5.0
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.
07-03-2011 - 22:12 24-09-2008 - 01:41
CVE-2008-4145 6.8
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
07-03-2011 - 22:12 24-09-2008 - 01:41
CVE-2008-4142 7.5
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
07-03-2011 - 22:12 24-09-2008 - 01:41
CVE-2008-4141 7.5
Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.p
07-03-2011 - 22:12 24-09-2008 - 01:41
CVE-2008-4092 7.5
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.
07-03-2011 - 22:11 15-09-2008 - 13:12
CVE-2008-4086 7.5
SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
07-03-2011 - 22:11 15-09-2008 - 13:12
CVE-2008-3892 10.0
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 1
07-03-2011 - 22:11 03-09-2008 - 10:12
CVE-2008-3765 7.5
SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 22:11 21-08-2008 - 13:41
CVE-2008-3721 7.5
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
07-03-2011 - 22:11 20-08-2008 - 12:41
CVE-2008-3720 7.5
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.
07-03-2011 - 22:11 20-08-2008 - 12:41
CVE-2008-3680 5.0
The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet t
07-03-2011 - 22:11 14-08-2008 - 15:41
CVE-2008-3529 10.0
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
07-03-2011 - 22:10 12-09-2008 - 12:56
CVE-2008-3464 7.2
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a cra
07-03-2011 - 22:10 14-10-2008 - 20:12
CVE-2008-3431 7.2
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain pri
07-03-2011 - 22:10 05-08-2008 - 15:41
CVE-2008-3415 7.5
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an uploa
07-03-2011 - 22:10 31-07-2008 - 13:41
CVE-2008-3414 7.5
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.
07-03-2011 - 22:10 31-07-2008 - 13:41
CVE-2008-3413 7.5
SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
07-03-2011 - 22:10 31-07-2008 - 13:41
CVE-2008-3408 6.8
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
07-03-2011 - 22:10 31-07-2008 - 13:41
CVE-2008-3372 7.5
SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
07-03-2011 - 22:10 30-07-2008 - 13:41
CVE-2008-3360 9.3
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
07-03-2011 - 22:10 29-07-2008 - 14:41
CVE-2008-3269 5.0
WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321.
07-03-2011 - 22:10 24-07-2008 - 11:41
CVE-2008-3257 10.0
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after
07-03-2011 - 22:10 22-07-2008 - 12:41
CVE-2008-3251 7.5
Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php,
07-03-2011 - 22:10 21-07-2008 - 13:41
CVE-2008-3242 10.0
Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third par
07-03-2011 - 22:10 21-07-2008 - 12:41
CVE-2008-3240 7.5
SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.
07-03-2011 - 22:10 21-07-2008 - 12:41
CVE-2008-3238 7.5
Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter
07-03-2011 - 22:10 21-07-2008 - 12:41
CVE-2008-3237 4.3
Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.
07-03-2011 - 22:10 21-07-2008 - 12:41
CVE-2008-3211 7.5
Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1.
07-03-2011 - 22:10 18-07-2008 - 11:13
CVE-2008-3195 6.8
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, an
07-03-2011 - 22:10 18-09-2008 - 11:04
CVE-2008-3194 6.8
Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat par
07-03-2011 - 22:10 16-07-2008 - 14:41
CVE-2008-3190 6.8
Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
07-03-2011 - 22:10 16-07-2008 - 14:41
CVE-2008-3156 9.3
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
07-03-2011 - 22:10 11-07-2008 - 18:41
CVE-2008-3155 9.3
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
07-03-2011 - 22:10 11-07-2008 - 18:41
CVE-2008-2938 4.3
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequence
07-03-2011 - 22:09 12-08-2008 - 20:41
CVE-2008-2936 6.2
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creatin
07-03-2011 - 22:09 18-08-2008 - 15:41
CVE-2008-2639 7.6
Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.
07-03-2011 - 22:09 16-06-2008 - 14:41
CVE-2008-2630 7.5
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
07-03-2011 - 22:09 09-06-2008 - 20:32
CVE-2008-2469 10.0
Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.
07-03-2011 - 22:09 23-10-2008 - 18:00
CVE-2008-2158 10.0
Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.
07-03-2011 - 22:08 29-05-2008 - 12:32
CVE-2008-1914 10.0
Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained f
07-03-2011 - 22:08 22-04-2008 - 00:41
CVE-2008-1661 10.0
Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request.
07-03-2011 - 22:07 04-06-2008 - 15:32
CVE-2008-1625 6.8
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
07-03-2011 - 22:07 02-04-2008 - 13:44
CVE-2008-1491 10.0
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.
07-03-2011 - 22:07 25-03-2008 - 15:44
CVE-2008-1311 5.0
The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or
07-03-2011 - 22:06 12-03-2008 - 13:44
CVE-2008-1141 4.9
Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of DLMFENC_IOCTL requests to \\.\DLKPFSD_Device that allocate "link list structures."
07-03-2011 - 22:06 04-03-2008 - 15:44
CVE-2008-1117 10.0
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destinat
07-03-2011 - 22:05 14-03-2008 - 16:44
CVE-2008-0747 9.3
Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a .asx file, a different vulnerability than CVE-2007-5487.
07-03-2011 - 22:05 13-02-2008 - 15:00
CVE-2008-0621 7.5
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.
07-03-2011 - 22:05 06-02-2008 - 07:00
CVE-2008-0311 9.3
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.
07-03-2011 - 22:04 06-04-2008 - 19:44
CVE-2008-0226 7.5
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yass
07-03-2011 - 22:04 10-01-2008 - 18:46
CVE-2008-0175 7.5
Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.
07-03-2011 - 22:04 28-01-2008 - 21:00
CVE-2007-6493 10.0
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
07-03-2011 - 22:02 20-12-2007 - 15:46
CVE-2007-5244 9.3
Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_fil
07-03-2011 - 22:00 06-10-2007 - 13:17
CVE-2007-5243 9.3
Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attac
07-03-2011 - 22:00 06-10-2007 - 13:17
CVE-2007-5217 6.8
Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method. NOTE: t
07-03-2011 - 22:00 04-10-2007 - 20:17
CVE-2007-4924 5.0
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP)
07-03-2011 - 21:59 08-10-2007 - 17:17
CVE-2007-4620 9.0
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager
07-03-2011 - 21:58 07-04-2008 - 14:44
CVE-2007-4566 10.0
Multiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind.
07-03-2011 - 21:58 27-08-2007 - 21:17
CVE-2007-4560 7.6
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
07-03-2011 - 21:58 27-08-2007 - 21:17
CVE-2007-3925 6.5
Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
07-03-2011 - 21:57 20-07-2007 - 20:30
CVE-2007-3872 6.8
Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.
07-03-2011 - 21:57 09-08-2007 - 16:17
CVE-2007-3566 7.5
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.
07-03-2011 - 21:56 26-07-2007 - 14:30
CVE-2007-3010 10.0
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
07-03-2011 - 21:55 18-09-2007 - 17:17
CVE-2007-2711 10.0
Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.
07-03-2011 - 21:54 16-05-2007 - 06:19
CVE-2007-2556 7.5
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.
07-03-2011 - 21:54 09-05-2007 - 14:19
CVE-2007-2447 6.0
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled,
07-03-2011 - 21:54 14-05-2007 - 17:19
CVE-2007-2192 9.3
Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.
07-03-2011 - 21:53 24-04-2007 - 13:19
CVE-2007-2139 10.0
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suit
07-03-2011 - 21:53 25-04-2007 - 16:19
CVE-2007-1683 6.8
Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors.
07-03-2011 - 21:52 26-04-2007 - 16:19
CVE-2007-1674 10.0
Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP.
07-03-2011 - 21:52 17-04-2007 - 23:19
CVE-2007-1286 6.8
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
07-03-2011 - 21:51 06-03-2007 - 15:19
CVE-2007-0548 5.0
KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects.
07-03-2011 - 21:50 29-01-2007 - 12:28
CVE-2007-0053 7.5
SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter.
07-03-2011 - 21:48 04-01-2007 - 17:28
CVE-2006-6807 7.5
SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter.
07-03-2011 - 21:47 28-12-2006 - 16:28
CVE-2006-6761 6.5
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
07-03-2011 - 21:46 26-12-2006 - 21:28
CVE-2006-6488 7.5
Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code vi
07-03-2011 - 21:46 31-12-2006 - 00:00
CVE-2006-6425 9.0
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
07-03-2011 - 21:45 26-12-2006 - 20:28
CVE-2006-6377 7.5
Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.
07-03-2011 - 21:45 07-12-2006 - 12:28
CVE-2006-6332 7.5
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.
07-03-2011 - 21:45 10-12-2006 - 06:28
CVE-2006-6076 10.0
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
07-03-2011 - 21:45 24-11-2006 - 12:07
CVE-2006-6055 10.0
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
07-03-2011 - 21:44 21-11-2006 - 20:07
CVE-2006-5972 10.0
Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request.
07-03-2011 - 21:44 17-11-2006 - 20:07
CVE-2006-5882 8.3
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.
07-03-2011 - 21:43 14-11-2006 - 14:07
CVE-2006-5780 7.5
Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm.
07-03-2011 - 21:43 07-11-2006 - 13:07
CVE-2006-5675 10.0
Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities assoc
07-03-2011 - 21:43 02-11-2006 - 21:07
CVE-2006-5236 7.5
SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.
07-03-2011 - 21:42 10-10-2006 - 21:07
CVE-2006-5178 6.2
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before t
07-03-2011 - 21:42 10-10-2006 - 00:06
CVE-2006-4948 7.5
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; th
07-03-2011 - 21:42 22-09-2006 - 21:07
CVE-2006-4715 7.5
SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 21:41 12-09-2006 - 12:07
CVE-2006-4691 10.0
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
07-03-2011 - 21:41 14-11-2006 - 16:07
CVE-2006-4688 7.5
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerabil
07-03-2011 - 21:41 14-11-2006 - 17:07
CVE-2006-4584 7.5
Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
07-03-2011 - 21:41 06-09-2006 - 18:04
CVE-2006-3524 7.5
Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.
07-03-2011 - 21:38 11-07-2006 - 20:05
CVE-2006-3439 10.0
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-
07-03-2011 - 21:38 08-08-2006 - 21:04
CVE-2006-3271 7.5
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter i
07-03-2011 - 21:38 28-06-2006 - 18:05
CVE-2006-2770 5.4
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated
07-03-2011 - 21:36 02-06-2006 - 06:18
CVE-2006-2370 7.5
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC
07-03-2011 - 21:36 13-06-2006 - 15:06
CVE-2006-2237 5.1
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
07-03-2011 - 21:35 08-05-2006 - 19:02
CVE-2006-2043 4.6
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).
07-03-2011 - 21:34 26-04-2006 - 16:06
CVE-2006-0564 7.5
Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Conte
07-03-2011 - 21:30 06-02-2006 - 18:02
CVE-2006-0460 7.5
Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages.
07-03-2011 - 21:30 16-02-2006 - 20:02
CVE-2006-0395 5.1
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
07-03-2011 - 21:29 04-08-2006 - 21:04
CVE-2006-0295 5.1
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2006-0087 7.5
SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-03-2011 - 21:29 05-01-2006 - 06:03
CVE-2005-4145 6.5
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via
07-03-2011 - 21:27 10-12-2005 - 06:03
CVE-2005-3868 7.5
Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add r
07-03-2011 - 21:27 29-11-2005 - 06:03
CVE-2005-3252 7.5
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
07-03-2011 - 21:26 18-10-2005 - 17:02
CVE-2005-2265 5.0
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead
07-03-2011 - 21:24 13-07-2005 - 00:00
CVE-2005-1983 10.0
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious applica
07-03-2011 - 21:23 10-08-2005 - 00:00
CVE-2005-0773 7.5
Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type
07-03-2011 - 21:20 18-06-2005 - 00:00
CVE-2008-5660 6.8
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC
07-03-2011 - 00:00 17-12-2008 - 15:30
CVE-2008-5416 9.0
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 an
07-03-2011 - 00:00 10-12-2008 - 09:00
CVE-2008-4255 9.3
Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Proj
07-03-2011 - 00:00 10-12-2008 - 09:00
CVE-2008-3558 9.3
Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.
07-03-2011 - 00:00 08-08-2008 - 15:41
CVE-2007-1748 10.0
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name conta
07-03-2011 - 00:00 13-04-2007 - 14:19
CVE-2007-0169 7.5
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data
07-03-2011 - 00:00 11-01-2007 - 17:28
CVE-2006-5143 7.5
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remot
07-03-2011 - 00:00 10-10-2006 - 00:06
CVE-2006-3677 7.5
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a cra
07-03-2011 - 00:00 27-07-2006 - 15:04
CVE-2006-1652 9.0
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP
07-03-2011 - 00:00 06-04-2006 - 06:04
CVE-2005-4267 7.5
Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTH
07-03-2011 - 00:00 21-12-2005 - 06:03
CVE-2010-4752 6.8
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010
02-03-2011 - 00:00 01-03-2011 - 17:00
CVE-2010-3906 4.3
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
01-03-2011 - 02:06 17-12-2010 - 14:00
CVE-2010-2351 10.0
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
28-02-2011 - 00:00 21-06-2010 - 15:30
CVE-2011-0917 10.0
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.
25-02-2011 - 01:58 08-02-2011 - 17:00
CVE-2011-1055 7.5
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.
23-02-2011 - 00:00 21-02-2011 - 14:00
CVE-2011-1048 7.5
SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter.
22-02-2011 - 00:00 21-02-2011 - 14:00
CVE-2010-4709 7.6
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.
17-02-2011 - 02:01 28-01-2011 - 11:00
CVE-2010-2891 7.5
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot)
17-02-2011 - 01:57 27-10-2010 - 20:00
CVE-2009-3272 5.0
Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string com
17-02-2011 - 01:46 21-09-2009 - 15:30
CVE-2010-4719 7.5
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
17-02-2011 - 00:00 01-02-2011 - 18:00
CVE-2011-0902 6.9
Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable.
16-02-2011 - 00:00 07-02-2011 - 16:00
CVE-2010-4735 7.5
SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter.
16-02-2011 - 00:00 15-02-2011 - 22:00
CVE-2010-4717 6.5
Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command.
16-02-2011 - 00:00 31-01-2011 - 15:00
CVE-2010-4721 7.5
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
15-02-2011 - 00:00 01-02-2011 - 18:00
CVE-2011-0901 6.8
Multiple stack-based buffer overflows in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allow user-assisted remote attackers to execute arbitrary code via a .RDP file with a lon
14-02-2011 - 00:00 07-02-2011 - 16:00
CVE-2011-0900 6.8
Stack-based buffer overflow in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a .RDP file with a long hostnam
14-02-2011 - 00:00 07-02-2011 - 16:00
CVE-2009-4462 10.0
Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.
07-02-2011 - 00:00 30-12-2009 - 15:00
CVE-2011-0643 6.8
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link Directory (phpLD) 4.1.0 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via the N action.
05-02-2011 - 02:01 25-01-2011 - 14:00
CVE-2011-0635 6.0
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operat
05-02-2011 - 02:01 22-01-2011 - 17:00
CVE-2011-0018 9.0
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security A
05-02-2011 - 02:01 28-01-2011 - 11:00
CVE-2011-0652 2.1
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third
04-02-2011 - 01:50 28-01-2011 - 11:00
CVE-2011-0645 7.5
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
04-02-2011 - 01:50 25-01-2011 - 14:00
CVE-2010-3591 9.3
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. N
04-02-2011 - 01:48 19-01-2011 - 11:00
CVE-2010-4254 7.5
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method ca
02-02-2011 - 01:59 06-12-2010 - 08:44
CVE-2010-4051 5.0
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded r
02-02-2011 - 01:59 13-01-2011 - 14:00
CVE-2010-3599 9.4
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous inform
02-02-2011 - 01:58 19-01-2011 - 11:00
CVE-2009-3904 7.5
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) ses
02-02-2011 - 01:48 06-11-2009 - 10:30
CVE-2008-7245 5.0
Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
01-02-2011 - 12:39 18-09-2009 - 18:30
CVE-2011-0499 9.3
Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a
01-02-2011 - 01:49 20-01-2011 - 14:00
CVE-2010-1132 9.3
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
01-02-2011 - 00:00 27-03-2010 - 15:07
CVE-2008-7244 5.0
Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
01-02-2011 - 00:00 18-09-2009 - 18:30
CVE-2010-2777 9.0
Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE c
31-01-2011 - 00:00 28-01-2011 - 17:00
CVE-2011-0646 7.5
SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
28-01-2011 - 00:00 25-01-2011 - 14:00
CVE-2010-4480 4.3
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
28-01-2011 - 00:00 08-12-2010 - 11:00
CVE-2011-0511 7.5
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
27-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2010-3749 9.3
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a clie
26-01-2011 - 01:51 18-10-2010 - 20:00
CVE-2007-6515 7.5
support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.
26-01-2011 - 01:16 21-12-2007 - 17:46
CVE-2005-3294 5.0
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.
26-01-2011 - 00:00 23-10-2005 - 17:02
CVE-2011-0519 7.5
SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter.
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0518 5.1
Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system parameter to index.php.
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0514 5.0
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0512 6.8
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0506 6.8
Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to execute arbitrary code via a .. (dot dot) in the aXconf[default_language] parameter.
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0505 5.1
Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the set
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0501 9.3
Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file.
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0498 9.3
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) fil
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2010-4331 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0405 6.8
Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.
22-01-2011 - 01:45 10-01-2011 - 22:00
CVE-2010-4335 7.5
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is proce
22-01-2011 - 01:44 14-01-2011 - 18:00
CVE-2009-3343 7.5
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
22-01-2011 - 01:32 24-09-2009 - 12:30
CVE-2011-0516 7.5
SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter.
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0515 2.1
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0513 7.2
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0510 7.5
SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action.
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0507 4.3
FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large number of PORT commands with long arguments, which tri
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0504 4.3
Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/cus
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0502 9.3
Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a long line in a MIDI (.mid) file.
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0500 9.3
Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem ele
21-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2011-0443 6.8
SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are
20-01-2011 - 01:46 12-01-2011 - 20:00
CVE-2008-6182 7.5
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
20-01-2011 - 00:00 19-02-2009 - 13:30
CVE-2010-4588 9.3
The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, pos
19-01-2011 - 02:02 23-12-2010 - 13:00
CVE-2010-2008 3.5
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot
19-01-2011 - 01:57 13-07-2010 - 16:30
CVE-2010-0682 4.0
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
19-01-2011 - 01:55 23-02-2010 - 15:30
CVE-2010-4598 5.0
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
14-01-2011 - 01:48 23-12-2010 - 13:00
CVE-2010-3152 9.3
Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse
13-01-2011 - 00:00 27-08-2010 - 15:00
CVE-2010-4344 9.3
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted hea
12-01-2011 - 01:54 14-12-2010 - 11:00
CVE-2010-3151 9.3
Untrusted search path vulnerability in Adobe On Location CS4 Build 315 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as
12-01-2011 - 01:52 27-08-2010 - 15:00
CVE-2010-3135 9.3
Untrusted search path vulnerability in