| Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-5259 | 9.3 |
Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow.
|
11-10-2018 - 20:54 | 16-04-2009 - 15:12 | |
| CVE-2008-4830 | 9.3 |
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read
|
11-10-2018 - 20:52 | 16-04-2009 - 15:12 | |
| CVE-2012-2341 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files.
|
29-12-2017 - 02:29 | 18-05-2012 - 22:55 | |
| CVE-2001-1509 | 4.6 |
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
|
11-10-2017 - 01:29 | 31-12-2001 - 05:00 | |
| CVE-2009-1232 | 4.3 |
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0
|
29-09-2017 - 01:34 | 02-04-2009 - 17:30 | |
| CVE-2009-0295 | 6.8 |
SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
29-09-2017 - 01:33 | 27-01-2009 - 20:30 | |
| CVE-2009-1215 | 1.9 |
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
|
17-08-2017 - 01:30 | 01-04-2009 - 10:30 | |
| CVE-2009-1214 | 4.9 |
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
|
17-08-2017 - 01:30 | 01-04-2009 - 10:30 | |
| CVE-2016-5788 | 10.0 |
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.
|
28-11-2016 - 20:29 | 25-11-2016 - 03:59 | |
| CVE-2009-1285 | 7.5 |
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
|
28-04-2009 - 05:39 | 16-04-2009 - 15:12 | |
| CVE-2009-1320 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in include/zstore.php in Zazzle Store Builder 1.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) gridPage and (2) gridSort parameters. NOTE: some of these details are o
|
17-04-2009 - 14:08 | 17-04-2009 - 14:08 |