Vulnerabilities (CVE)

Filter

122577 total CVE
CVE Vendors Products Updated CVSS
CVE-2009-1272 1 Php 1 Php 2009-09-16 5.0
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled...
CVE-2009-3197 1 Jce-tech 1 Php Calendars Script 2009-09-16 4.3
Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2009-3196 1 Jce-tech 1 Php Video Script 2009-09-16 4.3
Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter.
CVE-2009-3195 1 Jce-tech 1 Auction Rss Content Script 2009-09-16 4.3
Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.
CVE-2009-3194 1 Jce-tech 1 Searchfeed Script 2009-09-16 4.3
Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2009-3189 1 Digioz 1 Digioz Guestbook 2009-09-16 4.3
Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.
CVE-2009-3187 1 Standalonearcade 1 Saa 2009-09-16 4.3
Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2009-3186 1 Videogirls 1 Videogirls Biz 2009-09-16 4.3
Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.
CVE-2009-3184 1 Grapari 1 E-gold Game Series%3apirates Of The Caribbean 2009-09-16 7.5
Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the (1) x and (2) y parameters.
CVE-2009-3198 1 Jce-tech 1 Affiliate Master Datafeed Parser 2009-09-16 4.3
Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser Script 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2009-3165 1 Mozilla 1 Bugzilla 2009-09-16 7.5
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2009-3125 1 Mozilla 1 Bugzilla 2009-09-16 7.5
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2009-2945 1 Stanford 1 Webauth 2009-09-16 4.3
weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent...
CVE-2008-4980 1 Zak B Elep 1 Rccp 2009-09-15 6.9
delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file.
CVE-2008-4979 1 Shrubbery 1 Rancid 2009-09-15 6.9
getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/ipacct.#####.prefixes, (2) /tmp/ipacct.#####.sorted, (3) /tmp/ipacct.#####.pl, and (4) /tmp/ipacct.##### temporary files.
CVE-2008-4975 1 Debian 1 Newsgate 2009-09-15 6.9
mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file.
CVE-2008-0131 1 Instantsoftwares 1 Dating Site 2009-09-15 4.3
Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of...
CVE-2007-6730 1 Zyxel 1 P-330w Router 2009-09-15 9.3
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via...
CVE-2007-6729 1 Zyxel 1 P-330w Router 2009-09-15 4.3
Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors.
CVE-2007-6263 1 Netkit-ftp 1 Netkit Ftp 2009-09-15 9.3
The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon...