Max CVSS 10.0 Min CVSS 2.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2009-2408 6.8
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certif
14-02-2024 - 17:21 30-07-2009 - 19:30
CVE-2009-2409 5.1
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificat
13-02-2023 - 02:20 30-07-2009 - 19:30
CVE-2002-0839 7.2
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that
23-09-2022 - 15:11 11-10-2002 - 04:00
CVE-2008-4796 10.0
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitra
30-09-2021 - 15:13 30-10-2008 - 20:56
CVE-2002-0840 6.8
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web pag
06-06-2021 - 11:15 11-10-2002 - 04:00
CVE-2002-0843 7.5
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
06-06-2021 - 11:15 11-10-2002 - 04:00
CVE-2008-1502 4.3
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks
01-12-2020 - 14:52 25-03-2008 - 19:44
CVE-2008-4106 5.1
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows rem
11-10-2018 - 20:50 18-09-2008 - 17:59
CVE-2009-2334 4.9
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensit
10-10-2018 - 19:39 10-07-2009 - 21:00
CVE-2009-2654 5.8
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write c
03-10-2018 - 22:00 03-08-2009 - 14:30
CVE-2009-2404 9.3
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a d
03-10-2018 - 22:00 03-08-2009 - 14:30
CVE-2009-2851 4.3
Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.
07-12-2017 - 21:36 18-08-2009 - 21:00
CVE-2009-2854 6.4
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php,
22-11-2017 - 17:17 18-08-2009 - 21:00
CVE-2009-2853 10.0
Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php
16-11-2017 - 20:30 18-08-2009 - 21:00
CVE-2009-2694 10.0
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory
19-09-2017 - 01:29 21-08-2009 - 11:02
CVE-2009-2944 5.0
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
17-08-2017 - 01:30 31-08-2009 - 20:30
CVE-2008-6762 4.3
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.
17-08-2017 - 01:29 28-04-2009 - 16:30
CVE-2008-7159 5.8
The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, relat
17-08-2017 - 01:29 10-09-2009 - 21:30
CVE-2008-6767 10.0
wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.
17-08-2017 - 01:29 28-04-2009 - 16:30
CVE-2008-5113 4.0
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by at
08-08-2017 - 01:33 17-11-2008 - 23:30
CVE-2008-4769 9.3
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php.
08-08-2017 - 01:32 28-10-2008 - 10:30
CVE-2002-1233 2.6
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack
18-10-2016 - 02:25 04-11-2002 - 05:00
CVE-2009-3051 7.5
Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in
23-10-2012 - 03:10 10-09-2009 - 18:30
CVE-2009-3163 7.5
Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in
23-10-2012 - 03:10 10-09-2009 - 21:30
CVE-2008-7160 5.8
The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbi
23-10-2012 - 03:01 10-09-2009 - 21:30
CVE-2009-2946 9.3
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.
08-09-2009 - 04:00 04-09-2009 - 20:30
Back to Top Mark selected
Back to Top