Total
3563 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3302 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2024-02-04 | 9.3 HIGH | N/A |
| filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw." | |||||
| CVE-2011-4646 | 2 Lesterchan, Wordpress | 2 Wp-postratings, Wordpress | 2024-02-04 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4884 | 1 Hinnendahl | 1 Gaestebuch | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | |||||
| CVE-2012-0020 | 1 Microsoft | 1 Visio Viewer | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. | |||||
| CVE-2010-3759 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-02-04 | 10.0 HIGH | N/A |
| FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests. NOTE: this might overlap CVE-2010-3058. | |||||
| CVE-2011-1863 | 1 Hp | 2 Service Center, Service Manager | 2024-02-04 | 7.5 HIGH | N/A |
| HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors. | |||||
| CVE-2009-4623 | 1 Plohni | 1 Advanced Comment System | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598. | |||||
| CVE-2012-0329 | 1 Cisco | 1 Digital Media Manager | 2024-02-04 | 9.0 HIGH | N/A |
| Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878. | |||||
| CVE-2011-3232 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-04 | 9.3 HIGH | N/A |
| YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | |||||
| CVE-2010-3909 | 1 Vtiger | 1 Vtiger Crm | 2024-02-04 | 6.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree. | |||||
| CVE-2010-0240 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2024-02-04 | 10.0 HIGH | N/A |
| The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." | |||||
| CVE-2010-4283 | 1 Artica | 1 Pandora Fms | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter. | |||||
| CVE-2010-1546 | 1 Chaos Tool Suite Project | 1 Ctools | 2024-02-04 | 6.0 MEDIUM | N/A |
| Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc. | |||||
| CVE-2010-3326 | 1 Microsoft | 4 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2010-0246 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245. | |||||
| CVE-2010-3206 | 1 Diy-cms | 1 Diy-cms | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php. | |||||
| CVE-2010-2126 | 1 Snipegallery | 1 Snipe Gallery | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_admin_path parameter to (1) index.php, (2) view.php, (3) image.php, (4) search.php, (5) admin/index.php, (6) admin/gallery/index.php, (7) admin/gallery/view.php, (8) admin/gallery/gallery.php, (9) admin/gallery/image.php, and (10) admin/gallery/crop.php. | |||||
| CVE-2010-1945 | 1 Openmairie | 1 Openfoncier | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) action.class.php, (2) architecte.class.php, (3) avis.class.php, (4) bible.class.php, and (5) blocnote.class.php in obj/. | |||||
| CVE-2010-2626 | 1 Miyabi-seo | 1 Cgi Tools Seo Links | 2024-02-04 | 7.5 HIGH | N/A |
| index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4471 | 1 Freeschool | 1 Freeschool | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) bib_form.php, (2) bib_pldetails.php, (3) bib_plform.php, (4) bib_plsearchc.php, (5) bib_plsearchs.php, (6) bib_save.php, (7) bib_searchc.php, (8) bib_searchs.php, (9) edi_form.php, (10) edi_save.php, (11) gen_form.php, (12) gen_save.php, (13) lin_form.php, (14) lin_save.php, (15) luo_form.php, (16) luo_save.php, (17) sog_form.php, or (18) sog_save.php in biblioteca/; (19) cal_insert.php, (20) cal_save.php, or (21) cal_saveactivity.php in calendario/; (22) circolari/cir_save.php; or (23) modulistica/mdl_save.php. | |||||