Aggregates CVE and security vulnerability intelligence across all oxid-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling and vendor risk buffer overflow; exposure may include vendor impact memory corruption and vendor impact file overwrite in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2009-3113 | Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter. | [email protected] | 5.0 | 0.95% | 2009-09-09 | 2026-04-23 |
| CVE-2009-2266 | OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie. | [email protected] | 5.0 | 1.08% | 2009-09-09 | 2026-04-23 |
| CVE-2008-5405 | Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. | [email protected] | 9.3 | 46.98% | 2008-12-10 | 2026-04-23 |
| CVE-2005-0807 | Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters. | [email protected] | 7.5 | 3.60% | 2005-05-02 | 2026-04-16 |