Max CVSS 10.0 Min CVSS 3.5 Total Count59
IDCVSSSummaryLast (major) updatePublished
CVE-2002-1374 7.5
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the fi
17-10-2016 - 22:26 23-12-2002 - 00:00
CVE-2002-0702 10.0
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS
17-10-2016 - 22:21 26-07-2002 - 00:00
CVE-2010-0740 5.0
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor versi
22-08-2016 - 22:00 26-03-2010 - 14:30
CVE-2014-100003 7.5
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.
24-03-2015 - 16:49 13-01-2015 - 06:59
CVE-2015-1364 7.5
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.
28-01-2015 - 10:53 27-01-2015 - 15:04
CVE-2009-1169 9.3
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT trans
27-08-2013 - 02:19 26-03-2009 - 20:30
CVE-2009-2180 5.0
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.
07-08-2013 - 02:11 23-06-2009 - 17:30
CVE-2008-1774 7.5
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
30-10-2012 - 22:55 14-04-2008 - 12:05
CVE-2008-5457 10.0
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrit
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2011-3187 4.3
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary t
06-07-2012 - 00:00 29-08-2011 - 14:55
CVE-2008-5680 9.3
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this
07-06-2012 - 13:27 19-12-2008 - 11:30
CVE-2009-2698 7.2
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
19-03-2012 - 00:00 27-08-2009 - 13:30
CVE-2008-4654 9.3
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted
27-01-2012 - 00:33 21-10-2008 - 20:11
CVE-2008-4686 9.3
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654
27-01-2012 - 00:00 22-10-2008 - 14:00
CVE-2008-4844 9.3
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2)
10-01-2012 - 00:00 11-12-2008 - 10:30
CVE-2009-3823 4.3
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter.
14-12-2011 - 00:00 28-10-2009 - 06:30
CVE-2009-0658 9.3
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as expl
07-03-2011 - 22:18 20-02-2009 - 14:30
CVE-2008-5178 9.3
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
07-03-2011 - 22:14 20-11-2008 - 10:30
CVE-2008-4622 7.5
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
07-03-2011 - 22:12 20-10-2008 - 21:18
CVE-2008-4434 9.3
Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a
07-03-2011 - 22:12 03-10-2008 - 18:22
CVE-2008-3408 6.8
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
07-03-2011 - 22:10 31-07-2008 - 13:41
CVE-2008-3360 9.3
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
07-03-2011 - 22:10 29-07-2008 - 14:41
CVE-2008-3242 10.0
Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third par
07-03-2011 - 22:10 21-07-2008 - 12:41
CVE-2008-1878 7.5
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
07-03-2011 - 22:07 17-04-2008 - 18:05
CVE-2008-1558 10.0
Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to a
07-03-2011 - 22:07 31-03-2008 - 13:44
CVE-2008-1105 7.5
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
07-03-2011 - 22:05 29-05-2008 - 12:32
CVE-2006-4020 4.6
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a bu
07-03-2011 - 21:40 08-08-2006 - 16:04
CVE-2008-5416 9.0
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 an
07-03-2011 - 00:00 10-12-2008 - 09:00
CVE-2008-3558 9.3
Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.
07-03-2011 - 00:00 08-08-2008 - 15:41
CVE-2008-0964 9.3
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
07-03-2011 - 00:00 08-08-2008 - 14:41
CVE-2009-4987 7.5
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.
25-08-2010 - 00:00 25-08-2010 - 16:00
CVE-2009-4735 7.5
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
19-03-2010 - 00:00 18-03-2010 - 14:30
CVE-2009-4734 7.5
SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
19-03-2010 - 00:00 18-03-2010 - 14:30
CVE-2009-4725 5.1
Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (d
19-03-2010 - 00:00 18-03-2010 - 14:30
CVE-2009-4673 7.5
SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
05-03-2010 - 00:00 05-03-2010 - 13:30
CVE-2009-4206 7.5
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
07-12-2009 - 00:00 04-12-2009 - 14:30
CVE-2009-3949 7.5
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters.
18-11-2009 - 00:00 16-11-2009 - 15:30
CVE-2009-3430 7.5
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
28-09-2009 - 00:00 25-09-2009 - 18:30
CVE-2009-3358 7.5
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
24-09-2009 - 00:00 24-09-2009 - 12:30
CVE-2009-2922 7.8
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter.
21-08-2009 - 00:00 21-08-2009 - 07:30
CVE-2009-2605 6.8
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
27-07-2009 - 00:00 27-07-2009 - 10:30
CVE-2009-2585 7.5
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.
24-07-2009 - 00:00 24-07-2009 - 12:30
CVE-2009-2167 6.8
Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
25-06-2009 - 00:00 22-06-2009 - 16:30
CVE-2009-2132 6.8
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
25-06-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2168 7.5
cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username a
23-06-2009 - 00:00 22-06-2009 - 16:30
CVE-2009-2131 3.5
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a
22-06-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-1742 7.5
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIuni
21-05-2009 - 00:00 20-05-2009 - 15:30
CVE-2008-2922 7.5
Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message.
14-04-2009 - 01:32 30-06-2008 - 14:24
CVE-2008-4321 9.3
Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command.
18-03-2009 - 01:42 29-09-2008 - 15:25
CVE-2008-5755 9.3
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.
29-01-2009 - 02:00 30-12-2008 - 12:30
CVE-2008-3702 9.3
Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long arg
29-01-2009 - 01:54 15-08-2008 - 16:41
CVE-2008-4270
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5416. Reason: This candidate is a duplicate of CVE-2008-5416. Notes: All CVE users should reference CVE-2008-5416 instead of this candidate. All references and descriptions in t
30-12-2008 - 14:30 30-12-2008 - 14:30
CVE-2008-4189
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1105. Reason: This candidate is a duplicate of CVE-2008-1105. Notes: All CVE users should reference CVE-2008-1105 instead of this candidate. All references and descriptions in t
07-10-2008 - 02:36 23-09-2008 - 13:01
CVE-2008-2737
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3558. Reason: This candidate is a duplicate of CVE-2008-3558. Notes: All CVE users should reference CVE-2008-3558 instead of this candidate. All references and descriptions in t
10-09-2008 - 21:11 18-08-2008 - 16:41
CVE-2006-4825 4.3
Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters.
05-09-2008 - 17:10 15-09-2006 - 18:07
CVE-2004-2523 6.5
Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2003-1055 7.2
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.
05-09-2008 - 16:35 03-07-2003 - 00:00
CVE-2002-2425 10.0
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.
05-09-2008 - 16:33 31-12-2002 - 00:00
CVE-2008-2835 7.5
SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote attackers to execute arbitrary SQL commands via the formid parameter.
05-09-2008 - 00:00 24-06-2008 - 15:41
Back to Top Mark selected
Back to Top