The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-27
Updated
2018-10-10
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-27
Updated
2018-10-10
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-27
Updated
2018-10-10
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-27
Updated
2018-10-10
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character.
Max CVSS
5.0
EPSS Score
2.84%
Published
2009-02-27
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.
Max CVSS
3.5
EPSS Score
0.12%
Published
2009-02-27
Updated
2017-08-17
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.
Max CVSS
7.8
EPSS Score
0.12%
Published
2009-02-26
Updated
2009-02-27
SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-02-25
Updated
2018-10-10
SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Max CVSS
7.5
EPSS Score
0.07%
Published
2009-02-25
Updated
2017-09-29
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Max CVSS
7.5
EPSS Score
0.07%
Published
2009-02-25
Updated
2017-09-29
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-02-25
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
2.6
EPSS Score
0.31%
Published
2009-02-25
Updated
2009-10-14
Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.14%
Published
2009-02-25
Updated
2012-11-08
Directory traversal vulnerability in lib/classes/message_class.php in Papoo CMS 3.6, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
5.1
EPSS Score
0.73%
Published
2009-02-25
Updated
2017-09-29
Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.
Max CVSS
9.3
EPSS Score
5.49%
Published
2009-02-25
Updated
2018-10-10
Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
0.28%
Published
2009-02-24
Updated
2017-08-17
Directory traversal vulnerability in pages/play.php in Free Arcade Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
Max CVSS
9.3
EPSS Score
0.48%
Published
2009-02-24
Updated
2017-09-29
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
Max CVSS
6.8
EPSS Score
0.10%
Published
2009-02-24
Updated
2018-10-10
Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent_poll_include.php, (2) modules/login_include.php, and (3) modules/statistics_include.php and (4) configuration.inc.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.8
EPSS Score
1.05%
Published
2009-02-24
Updated
2017-08-17
SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.
Max CVSS
7.5
EPSS Score
0.07%
Published
2009-02-24
Updated
2017-09-29
SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2009-02-24
Updated
2018-10-10
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-02-24
Updated
2017-09-29
Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter.
Max CVSS
7.5
EPSS Score
0.99%
Published
2009-02-24
Updated
2017-09-29
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown.
Max CVSS
5.0
EPSS Score
0.17%
Published
2009-02-23
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the user parameter to login.php or (2) the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.25%
Published
2009-02-23
Updated
2017-08-17
685 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!