Vulnerabilities (CVE)

Filter

74125 total CVE
CVE Vendors Products Updated CVSS
CVE-2004-2706 1 Phrozensmoke 1 Gyach Enhanced 2008-09-05 5.0
Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages.
CVE-2008-3938 1 Opendb 1 Opendb 2008-09-05 5.8
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
CVE-2007-0342 2 Omnigroup, Apple 4 Mac Os X, Safari, Webkit and 1 more 2008-09-05 4.3
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS...
CVE-2008-3397 1 Runesoft 1 Cerberus Cms 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
CVE-1999-1589 1 Ibm 1 Aix 2008-09-05 7.2
Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.
CVE-2008-2169 2 Hitachi, Avici 4 Gr3000, Router, Gr2000 and 1 more 2008-09-05 7.1
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2007-3967 1 Dirlist 1 Dirlist Php 2008-09-05 5.0
Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder parameter.
CVE-2008-3937 1 Opendb 1 Opendb 2008-09-05 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title...
CVE-2007-3968 1 Dirlist 1 Dirlist Php 2008-09-05 5.0
index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name.
CVE-2008-3738 1 Spacetag 1 Lacoodast 2008-09-05 6.8
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2007-4039 1 Mozilla 1 Mozilla 2008-09-05 4.3
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are...
CVE-2007-4040 1 Microsoft 2 Outlook Express, Outlook 2008-09-05 4.3
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an...
CVE-2007-3954 2 Microsoft, Mozilla 2 Seamonkey, Ie 2008-09-05 4.3
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via...
CVE-2007-3652 1 Fascript 1 Faname 2008-09-05 6.8
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.
CVE-2007-3651 1 Fascript 1 Faname 2008-09-05 4.3
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.
CVE-2007-1966 1 Exv2 1 Content Management System 2008-09-05 5.0
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
CVE-2002-2230 1 Ikonboard 1 Ikonboard 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant...
CVE-2007-3650 1 Mywebland 1 Mybloggie 2008-09-05 5.0
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string...
CVE-2006-6975 1 Centipaid 1 Centipaid 2008-09-05 5.1
** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple...
CVE-1999-0271 2005-10-20 5.0
Progressive Networks Real Video server (pnserver) can be crashed remotely.