Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6885 | 1 Xoops | 1 Xoops | 2009-08-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. | |||||
| CVE-2008-6879 | 1 Apache | 1 Roller | 2009-07-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. | |||||
| CVE-2009-2636 | 1 Kerio | 1 Kerio Mailserver | 2009-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message. | |||||
| CVE-2009-2619 | 1 Datachecknh | 1 V-spacepal | 2009-07-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2617 | 1 Baofeng | 1 Storm | 2009-07-27 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file. | |||||
| CVE-2009-2616 | 1 Datachecknh | 1 Sitepal | 2009-07-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2615 | 1 Datachecknh | 1 Sitepal | 2009-07-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions SitePal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_admin_login.asp, (2) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2614 | 1 Datachecknh | 1 Linkpal | 2009-07-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2613 | 1 Datachecknh | 1 Linkpal | 2009-07-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions LinkPal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_loginfailed.asp, (2) z_admin_login.asp, (3) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2612 | 1 Prosmdr | 1 Prosmdr | 2009-07-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2610 | 2 Drupal, Scott Courtney | 2 Drupal, Links Package | 2009-07-27 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. | |||||
| CVE-2009-2597 | 1 Sun | 2 Java System Access Manager Policy Agent, Java System Web Proxy Server | 2009-07-27 | 7.8 HIGH | N/A |
| The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request. | |||||
| CVE-2009-2596 | 1 Sun | 2 Opensolaris, Solaris | 2009-07-27 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members. | |||||
| CVE-2008-4454 | 1 Mysql Quick Admin | 1 Mysql Quick Admin | 2009-07-23 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2009-07-23 | 5.0 MEDIUM | N/A |
| The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | |||||
| CVE-2002-2428 | 1 Goahead | 1 Goahead Webserver | 2009-07-23 | 5.0 MEDIUM | N/A |
| webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. | |||||
| CVE-2009-2575 | 1 Rim | 1 Blackberry 8800 | 2009-07-23 | 7.1 HIGH | N/A |
| The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (memory consumption and browser crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||||
| CVE-2009-2430 | 1 Sun | 2 Opensolaris, Solaris | 2009-07-22 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors. | |||||
| CVE-2009-2387 | 1 Sun | 1 Opensolaris | 2009-07-22 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows local users to cause a denial of service (deadlock and panic) via unknown vectors, related to the ldt_rewrite_syscall function. | |||||
| CVE-2009-2569 | 1 Verlihub-project | 1 Verlihub Control Panel | 2009-07-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remote attackers to inject arbitrary web script or HTML via (1) the nick parameter in a login action to index.php or (2) the URI in a news request to index.html. | |||||