Vulnerabilities (CVE)

Filter

122577 total CVE
CVE Vendors Products Updated CVSS
CVE-2007-4146 1 Webevents 1 Webevents 2009-09-15 4.3
Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are...
CVE-2009-3179 1 Symantec 1 Altiris Deployment Solution 2009-09-15 10.0
Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional...
CVE-2009-3021 2 Yoshinori Tahara, Geeklog 2 Mycaljp, Geeklog 2009-09-15 4.3
Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject...
CVE-2008-7230 1 Chris Buccella 1 Small Footprint Cim Broker 2009-09-15 10.0
Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and attack vectors.
CVE-2008-7227 1 Geoserver 1 Geoserver 2009-09-15 5.0
PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.
CVE-2008-7223 1 Linpha 1 Linpha 2009-09-15 4.3
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5)...
CVE-2009-3178 1 Symantec 1 Altiris Deployment Solution 2009-09-14 7.8
Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec...
CVE-2009-3177 1 Kaspersky 2 Kaspersky Online Scanner, Kaspersky Anti-virus Scanner 2009-09-14 10.0
Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2)...
CVE-2009-3169 1 Hitachi 1 Jp1 File Transmission Server 2009-09-14 10.0
Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors.
CVE-2008-7229 1 Greensql 1 Greensql Firewall 2009-09-14 7.5
GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20).
CVE-2008-7217 1 Microsoft 1 Office 2009-09-14 4.6
Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access...
CVE-2007-6732 1 Claudio Matsuoka 1 Extended Module Player 2009-09-14 10.0
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs...
CVE-2007-6731 1 Claudio Matsuoka 1 Extended Module Player 2009-09-14 10.0
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.
CVE-2008-5375 1 Cmus 1 Cmus 2009-09-11 6.9
cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.
CVE-2008-5371 1 Marc Gloor 1 Screenie 2009-09-11 6.9
screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.
CVE-2009-3162 1 Multi-website 1 Multi Website 2009-09-11 4.3
Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.
CVE-2009-3157 1 Karen Stevenson 1 Calendar 2009-09-11 3.5
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
CVE-2008-7207 1 Rivetcode 1 Rivettracker 2009-09-11 2.1
RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.
CVE-2008-7202 1 Openwebmail.acatysmoof 1 Openwebmail 2009-09-11 4.3
Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2009-3147 1 Allenthusiast 1 Reviewpost Php Pro 2009-09-10 4.3
Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter.