Vulnerabilities (CVE)

Filter

117632 total CVE
CVE Vendors Products Updated CVSS
CVE-1999-0088 1 Ibm 1 Aix 2008-09-05 10.0
IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.
CVE-1999-0053 1 Freebsd 1 Freebsd 2008-09-05 5.0
TCP RST denial of service in FreeBSD.
CVE-2008-3939 1 Avtech 1 Pager Enterprise 2008-09-05 5.0
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
CVE-2008-3938 1 Opendb 1 Opendb 2008-09-05 5.8
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
CVE-2008-3937 1 Opendb 1 Opendb 2008-09-05 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title...
CVE-2008-3935 1 D-ic 2 Shop V52, Shop V50 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3893 1 Microsoft 1 Windows Vista 2008-09-05 1.9
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical...
CVE-2008-3738 1 Spacetag 1 Lacoodast 2008-09-05 6.8
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2008-3397 1 Runesoft 1 Cerberus Cms 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
CVE-2008-2173 1 Yamaha 1 Router 2008-09-05 7.1
Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-2170 1 Century Software 1 Router 2008-09-05 7.1
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-2169 2 Hitachi, Avici 4 Gr3000, Router, Gr2000 and 1 more 2008-09-05 7.1
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-1511 1 Oocomments 1 Oocomments 2008-09-05 7.5
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the...
CVE-2008-1299 1 Manageengine 1 Servicedesk Plus 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this...
CVE-2007-5954 1 Jlmforo System 1 Jlmforo System 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2007-5928 1 Openbase International Ltd 1 Openbase 2008-09-05 9.0
OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear.
CVE-2007-5927 1 Openbase International Ltd 1 Openbase 2008-09-05 9.0
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to...
CVE-2007-5817 1 Contentcustomizer 1 Contentcustomizer 2008-09-05 4.3
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and...
CVE-2007-5775 1 Bitdefender 3 Internet Security, Total Security, Antivirus 2008-09-05 9.3
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it...
CVE-2007-4043 1 Securecomputing 1 Securityreporter 2008-09-05 5.0
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be...