Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0065 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. | |||||
| CVE-2009-0070 | 1 Apple | 1 Safari | 2017-09-29 | 9.3 HIGH | N/A |
| Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307. | |||||
| CVE-2009-0071 | 1 Mozilla | 1 Firefox | 2017-09-29 | 2.6 LOW | N/A |
| Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected. | |||||
| CVE-2009-0103 | 1 Playsms | 1 Playsms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php. | |||||
| CVE-2009-0104 | 1 Se-ed | 1 Ezpack | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action. | |||||
| CVE-2009-0105 | 1 Se-ed | 1 Ezpack | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action. | |||||
| CVE-2009-0108 | 1 Phpauctions | 1 Phpauctions | 2017-09-29 | 7.5 HIGH | N/A |
| PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. | |||||
| CVE-2009-0109 | 1 Riotpix | 1 Riotpix | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0110 | 1 Riotpix | 1 Riotpix | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2009-0111 | 1 Goople Cms | 1 Goople Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-0113 | 1 Joomla | 2 Joomla, Xstandard | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. | |||||
| CVE-2009-0114 | 2 Adobe, Microsoft | 5 Air, Flash Player, Flash Player For Linux and 2 more | 2017-09-29 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." | |||||
| CVE-2009-0115 | 1 Christophe.varoqui | 1 Multipath-tools | 2017-09-29 | 7.2 HIGH | N/A |
| The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. | |||||
| CVE-2009-0119 | 1 Microsoft | 1 Windows Xp | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. | |||||
| CVE-2009-0133 | 1 Microsoft | 1 Html Help Workshop | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564. | |||||
| CVE-2009-0134 | 1 Share2 | 1 Easy Grid Control | 2017-09-29 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0148 | 1 Cscope | 1 Cscope | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541. | |||||
| CVE-2009-0153 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-09-29 | 4.3 MEDIUM | N/A |
| International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2009-0167 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability." | |||||
| CVE-2009-0168 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporary files. | |||||
| CVE-2009-0174 | 1 Vuplayer | 1 Vuplayer | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file. | |||||
| CVE-2009-0175 | 1 Heathcosoft | 1 Mp3 Trackmaker | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an invalid .mp3 file. | |||||
| CVE-2009-0207 | 2 Hp, Oracle | 3 Hp-ux, Vrtsodm, Vrtsvxfs | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors. | |||||
| CVE-2009-0248 | 1 Katywhitton | 1 Rankem | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter. | |||||
| CVE-2009-0249 | 1 Katywhitton | 1 Rankem | 2017-09-29 | 5.0 MEDIUM | N/A |
| Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb. | |||||
| CVE-2009-0250 | 1 Ryneezy | 1 Phosheezy | 2017-09-29 | 5.0 MEDIUM | N/A |
| Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password. | |||||
| CVE-2009-0251 | 1 Ryneezy | 1 Phosheezy | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0252 | 1 Enthrallweb | 1 Ereservations | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0253 | 1 Mozilla | 1 Firefox | 2017-09-29 | 6.8 MEDIUM | N/A |
| Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack. | |||||
| CVE-2009-0259 | 1 Openoffice | 1 Openoffice.org | 2017-09-29 | 9.3 HIGH | N/A |
| The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841. | |||||
| CVE-2009-0261 | 1 Effectmatrix | 1 Total Video Player | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\DefaultSkin\DefaultSkin.ini file with a large ColumnHeaderSpan value. | |||||
| CVE-2009-0267 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 5.0 MEDIUM | N/A |
| libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989. | |||||
| CVE-2009-0268 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl. | |||||
| CVE-2009-0279 | 1 Pardalcms | 1 Pardalcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0281 | 1 Warhound | 1 Walking Club | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-0284 | 1 Flaxweb | 1 Flax Article Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2009-0286 | 1 Opengoo | 1 Opengoo | 2017-09-29 | 2.6 LOW | N/A |
| Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter. | |||||
| CVE-2009-0290 | 1 Sir | 1 Gnuboard | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname. | |||||
| CVE-2009-0292 | 1 Shop-inet | 1 Shop-inet | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter. | |||||
| CVE-2009-0293 | 1 Wazzum | 1 Wazzum Dating Software | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2009-0295 | 1 Itlpoll | 1 Itpoll | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0296 | 1 Gempar | 1 Script Toko Online | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2009-0297 | 1 Clicktech | 1 Clickauction | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0298 | 1 Mw6 Technologies | 1 Barcode Activex | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property. | |||||
| CVE-2009-0299 | 1 Groonesworld | 1 Glinks | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2009-0301 | 1 Grid2000 | 1 Flexcell Grid Control | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods. | |||||
| CVE-2009-0304 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c. | |||||
| CVE-2009-0319 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems." | |||||
| CVE-2009-0321 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-29 | 4.3 MEDIUM | N/A |
| Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. | |||||
| CVE-2009-0324 | 1 Bibciter | 1 Bibciter | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php. | |||||