Vulnerabilities (CVE)

Filter

74125 total CVE
CVE Vendors Products Updated CVSS
CVE-1999-0549 1 Microsoft 1 Windows Nt 2008-09-05 7.2
Windows NT automatically logs in an administrator upon rebooting.
CVE-2008-2173 1 Yamaha 1 Router 2008-09-05 7.1
Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-3935 1 D-ic 2 Shop V52, Shop V50 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-4039 1 Mozilla 1 Mozilla 2008-09-05 4.3
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are...
CVE-1999-1589 1 Ibm 1 Aix 2008-09-05 7.2
Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.
CVE-2006-6975 1 Centipaid 1 Centipaid 2008-09-05 5.1
** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple...
CVE-2007-3650 1 Mywebland 1 Mybloggie 2008-09-05 5.0
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string...
CVE-2007-3651 1 Fascript 1 Faname 2008-09-05 4.3
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.
CVE-2005-4849 1 Apache 1 Derby 2008-09-05 5.0
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to...
CVE-2008-3397 1 Runesoft 1 Cerberus Cms 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
CVE-2002-1432 1 Coxco Support 7 Salescart-std, Midicart Asp Maxi, Salescart-pro and 4 more 2008-09-05 5.0
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.
CVE-2008-3938 1 Opendb 1 Opendb 2008-09-05 5.8
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
CVE-2008-3738 1 Spacetag 1 Lacoodast 2008-09-05 6.8
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2008-3937 1 Opendb 1 Opendb 2008-09-05 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title...
CVE-2002-2230 1 Ikonboard 1 Ikonboard 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant...
CVE-2008-2169 2 Hitachi, Avici 4 Gr3000, Router, Gr2000 and 1 more 2008-09-05 7.1
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-2170 1 Century Software 1 Router 2008-09-05 7.1
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-1299 1 Manageengine 1 Servicedesk Plus 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this...
CVE-2007-3652 1 Fascript 1 Faname 2008-09-05 6.8
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.
CVE-2000-0889 2005-10-20 5.1
Two Sun security certificates have been compromised, which could allow attackers to insert malicious code such as applets and make it appear that it is signed by Sun.