Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1149 | 1 Phpmyadmin | 1 Phpmyadmin | 2009-04-16 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters. | |||||
| CVE-2009-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2009-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable). | |||||
| CVE-2009-0930 | 1 Debian | 1 Horde Imp | 2009-04-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php. | |||||
| CVE-2009-0318 | 1 Gnome | 1 Gnumeric | 2009-04-16 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-5987 | 1 Gnome | 1 Eog | 2009-04-16 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-6621 | 1 Graphicsmagick | 1 Graphicsmagick | 2009-04-14 | 7.8 HIGH | N/A |
| Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4085 | 1 Alstrasoft | 1 Askme Pro | 2009-04-14 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php. | |||||
| CVE-2009-1286 | 1 Ibm | 1 Lotus Domino | 2009-04-14 | 5.0 MEDIUM | N/A |
| The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities. | |||||
| CVE-2002-1919 | 1 Virtual Programming | 1 Vp-asp | 2009-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields. | |||||
| CVE-2009-1281 | 1 Glfusion | 1 Glfusion | 2009-04-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1264 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2009-04-08 | 4.0 MEDIUM | N/A |
| Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. | |||||
| CVE-2009-1249 | 1 Drupal | 2 Drupal, Feedapi Mapper | 2009-04-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map. | |||||
| CVE-2008-6600 | 1 Xmlportal | 1 Xmlportal | 2009-04-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2008-6596 | 1 Phpcredo | 1 Phcdownload | 2009-04-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6597 | 1 Phpcredo | 1 Phcdownload | 2009-04-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2001-1527 | 1 Easyscripts | 1 Easynews | 2009-04-03 | 2.1 LOW | N/A |
| easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access. | |||||
| CVE-2002-1979 | 1 Watchguard | 3 Legacy Rssa, Soho, Vclass | 2009-04-03 | 7.5 HIGH | N/A |
| WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server. | |||||
| CVE-2002-1978 | 1 Darren Reed | 1 Ipfilter | 2009-04-03 | 7.5 HIGH | N/A |
| IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server. | |||||
| CVE-2004-2717 | 1 Php Heaven | 1 Phpmychat | 2009-04-03 | 2.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters. | |||||
| CVE-2005-0735 | 1 Newsscript.co.uk | 1 Newsscript | 2009-04-03 | 10.0 HIGH | N/A |
| newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin. | |||||