Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7227 | 1 Geoserver | 1 Geoserver | 2009-09-15 | 5.0 MEDIUM | N/A |
| PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors. | |||||
| CVE-2008-7223 | 1 Linpha | 1 Linpha | 2009-09-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php. | |||||
| CVE-2008-7230 | 1 Chris Buccella | 1 Small Footprint Cim Broker | 2009-09-15 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and attack vectors. | |||||
| CVE-2009-3021 | 2 Geeklog, Yoshinori Tahara | 2 Geeklog, Mycaljp | 2009-09-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3179 | 1 Symantec | 1 Altiris Deployment Solution | 2009-09-15 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-7229 | 1 Greensql | 1 Greensql Firewall | 2009-09-14 | 7.5 HIGH | N/A |
| GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20). | |||||
| CVE-2008-7217 | 1 Microsoft | 1 Office | 2009-09-14 | 4.6 MEDIUM | N/A |
| Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories. | |||||
| CVE-2009-3177 | 1 Kaspersky | 2 Kaspersky Anti-virus Scanner, Kaspersky Online Scanner | 2009-09-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3169 | 1 Hitachi | 1 Jp1 File Transmission Server | 2009-09-14 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2009-3178 | 1 Symantec | 1 Altiris Deployment Solution | 2009-09-14 | 7.8 HIGH | N/A |
| Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-6731 | 1 Claudio Matsuoka | 1 Extended Module Player | 2009-09-14 | 10.0 HIGH | N/A |
| Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow. | |||||
| CVE-2007-6732 | 1 Claudio Matsuoka | 1 Extended Module Player | 2009-09-14 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays. | |||||
| CVE-2008-7207 | 1 Rivetcode | 1 Rivettracker | 2009-09-11 | 2.1 LOW | N/A |
| RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php. | |||||
| CVE-2008-5375 | 1 Cmus | 1 Cmus | 2009-09-11 | 6.9 MEDIUM | N/A |
| cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file. | |||||
| CVE-2008-5371 | 1 Marc Gloor | 1 Screenie | 2009-09-11 | 6.9 MEDIUM | N/A |
| screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. | |||||
| CVE-2008-7202 | 1 Openwebmail.acatysmoof | 1 Openwebmail | 2009-09-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2009-3157 | 2 Drupal, Karen Stevenson | 2 Drupal, Calendar | 2009-09-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. | |||||
| CVE-2009-3162 | 1 Multi-website | 1 Multi Website | 2009-09-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI. | |||||
| CVE-2009-3147 | 1 Allenthusiast | 1 Reviewpost Php Pro | 2009-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter. | |||||
| CVE-2008-7197 | 1 G15tools | 1 G15daemon | 2009-09-10 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors. | |||||
| CVE-2008-7199 | 1 Phoenixcontact | 1 Fl Il 24 Bk-pac | 2009-09-10 | 5.0 MEDIUM | N/A |
| Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) unspecified manipulations as demonstrated by a Nessus scan or (2) malformed input to TCP port 502. | |||||
| CVE-2008-7196 | 1 Mark Reinsfelder | 1 Metashell | 2009-09-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability. | |||||
| CVE-2008-7198 | 1 Alecwh | 1 Phpns | 2009-09-10 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors. | |||||
| CVE-2008-7200 | 1 Deliantra | 1 Deliantra | 2009-09-10 | 10.0 HIGH | N/A |
| Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors. | |||||
| CVE-2008-7189 | 1 Bastian Blumentritt | 1 Local Media Browser | 2009-09-10 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attack vectors related to "Security holes." | |||||
| CVE-2008-7190 | 1 Adium | 1 Adium | 2009-09-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS). | |||||
| CVE-2008-7191 | 1 Pps.jussieu | 1 Polipo | 2009-09-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL. | |||||
| CVE-2009-3119 | 2 Php-fusion, X-iweb.ru | 2 Php-fusion, Download System Msf | 2009-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter. | |||||
| CVE-2009-3120 | 1 Bigace | 1 Bigace | 2009-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3118 | 1 Danneo | 1 Cms | 2009-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php. | |||||
| CVE-2009-3113 | 1 Oxid | 1 Eshop | 2009-09-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter. | |||||
| CVE-2009-2266 | 1 Oxid | 1 Eshop | 2009-09-10 | 5.0 MEDIUM | N/A |
| OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie. | |||||
| CVE-2009-3124 | 1 Ipmotor | 1 Quarkmail | 2009-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a .. (dot dot) in the tf parameter. | |||||
| CVE-2009-3050 | 1 Htmldoc | 1 Htmldoc | 2009-09-10 | 10.0 HIGH | N/A |
| Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries. | |||||
| CVE-2009-3112 | 1 Oxidforge | 2 Oxid Eshop, Oxid Eshop4.0.0.2 14967 | 2009-09-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter. | |||||
| CVE-2009-2701 | 1 Zope | 1 Zodb | 2009-09-09 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors. | |||||
| CVE-2009-1769 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2009-09-09 | 5.0 MEDIUM | N/A |
| The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2009-3087 | 2 Ibm, Microsoft | 2 Lotus Domino, Windows Server 2003 | 2009-09-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3066 | 1 Propertywatchscript | 1 Property Watch | 2009-09-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php. | |||||
| CVE-2009-3060 | 1 Allpublication | 1 Jboard | 2009-09-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_user_message.php, or (3) the user_title parameter to inc/head.inc.php, reachable through any PHP script. | |||||
| CVE-2009-3092 | 1 Asus | 1 Asus Wl-500w | 2009-09-09 | 10.0 HIGH | N/A |
| Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3093 | 1 Asus | 1 Asus Wl-500w | 2009-09-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3096 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2009-09-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3098 | 2 Hp, Microsoft | 2 Operations Dashboard, Windows Server 2003 | 2009-09-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3099 | 2 Hp, Microsoft | 2 Operations Manager, Windows Server 2003 | 2009-09-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3101 | 1 Sun | 2 Opensolaris, Solaris | 2009-09-09 | 4.9 MEDIUM | N/A |
| xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches. | |||||
| CVE-2008-7146 | 1 Intralearn | 1 Intralearn | 2009-09-09 | 5.0 MEDIUM | N/A |
| IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message. | |||||
| CVE-2008-7166 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2009-09-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364. | |||||
| CVE-2008-7149 | 1 Agilewiki | 1 Agilewiki | 2009-09-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords. | |||||
| CVE-2009-0627 | 1 Cisco | 3 Nexus 5000, Nexus 7000, Nx-os | 2009-09-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609. | |||||