Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3639 | 1 Proftpd | 1 Proftpd | 2017-08-17 | 5.8 MEDIUM | N/A |
| The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-3640 | 1 Linux | 1 Linux Kernel | 2017-08-17 | 4.9 MEDIUM | N/A |
| The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function. | |||||
| CVE-2009-3641 | 1 Snort | 1 Snort | 2017-08-17 | 4.3 MEDIUM | N/A |
| Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol. | |||||
| CVE-2009-3643 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728. | |||||
| CVE-2009-3647 | 1 Yabsoft | 1 Mega File Hosting Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3648 | 2 Apsivam, Drupal | 2 Service Links, Drupal | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names. | |||||
| CVE-2009-3650 | 2 David Strauss, Drupal | 2 Dex, Drupal | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3651 | 2 Drupal, Mikeryan | 2 Drupal, Browscap | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
| CVE-2009-3652 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095. | |||||
| CVE-2009-3653 | 2 Darren Oh, Drupal | 2 Xml Sitemap, Drupal | 2017-08-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output. | |||||
| CVE-2009-3654 | 2 316solutions, Drupal | 2 Boost, Drupal | 2017-08-17 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. | |||||
| CVE-2009-3656 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | |||||
| CVE-2009-3657 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2017-08-17 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2009-3691 | 1 Ibm | 2 Informix Client Sdk, Informix Connect Runtime | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3692 | 3 Apple, Linux, Sun | 5 Mac Os X, Linux, Opensolaris and 2 more | 2017-08-17 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. | |||||
| CVE-2009-3694 | 1 Jdtmmsm | 1 Ezrecipe-zee | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter. | |||||
| CVE-2009-3695 | 1 Djangoproject | 1 Django | 2017-08-17 | 5.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression. | |||||
| CVE-2009-3696 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. | |||||
| CVE-2009-3697 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. | |||||
| CVE-2009-3699 | 1 Ibm | 2 Aix, Vios | 2017-08-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd. | |||||
| CVE-2009-3704 | 1 Zoiper | 1 Zoiper | 2017-08-17 | 5.0 MEDIUM | N/A |
| ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service (crash) via a SIP INVITE request with an empty Call-Info header. | |||||
| CVE-2009-3745 | 1 Ibm | 1 Rational Appscan | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2009-3747 | 1 Tbmnet | 1 Tbmnetcms | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. NOTE: this was originally reported for tbmnet.php, but that program does not exist in the TBmnetCMS 1.0 distribution. | |||||
| CVE-2009-3778 | 2 Adam Gerson, Drupal | 2 Moodle Courselist, Drupal | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-3779 | 2 Drupal, Stefan Auditor | 2 Drupal, Vcard | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. | |||||
| CVE-2009-3780 | 2 Ashok Modi, Drupal | 2 Abuse, Drupal | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3781 | 2 Drupal, Quicksketch | 2 Drupal, Filefield | 2017-08-17 | 7.5 HIGH | N/A |
| The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors. | |||||
| CVE-2009-3782 | 2 2bits, Drupal | 2 Userpoints, Drupal | 2017-08-17 | 3.5 LOW | N/A |
| Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. | |||||
| CVE-2009-3783 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. | |||||
| CVE-2009-3785 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | |||||
| CVE-2009-3786 | 2 Drupal, Moshe Weitzman | 2 Drupal, Og Vocab | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. | |||||
| CVE-2009-3788 | 1 Opendocman | 1 Opendocman | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter. | |||||
| CVE-2009-3789 | 1 Opendocman | 1 Opendocman | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php. | |||||
| CVE-2009-3790 | 1 Cutepdf | 1 Formmax | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3802 | 1 Amirocms | 1 Amiro.cms | 2017-08-17 | 5.0 MEDIUM | N/A |
| Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message. | |||||
| CVE-2009-3803 | 1 Amirocms | 1 Amiro.cms | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message parameter to (6) forum.php, (7) discussion.php, (8) guestbook.php, (9) blog.php, (10) news.php, (11) srv_updates.php, (12) srv_backups.php, (13) srv_twist_prevention.php, (14) srv_tags.php, (15) srv_tags_reindex.php, (16) google_sitemap.php, (17) sitemap_history.php, (18) srv_options.php, (19) locales.php and (20) plugins_wizard.php in _admin/; a crafted IMG BBcode tag in the message body of a (21) forum, (22) guestbook, or (23) comment; (24) the content of an avatar file, which is not properly handled by Internet Explorer; and (25) the loginname parameter (aka username) in _admin/index.php. | |||||
| CVE-2009-3805 | 2 Gpg4win, Kde-apps | 2 Gpg4win, Kleopatra | 2017-08-17 | 4.3 MEDIUM | N/A |
| gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature. | |||||
| CVE-2009-3834 | 2 Joomla, Webguerilla | 2 Joomla, Com Photoblog | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php. | |||||
| CVE-2009-3835 | 2 Joomla, Whorl Ltd | 2 Joomla, Jshop | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php. | |||||
| CVE-2009-3843 | 1 Hp | 1 Operations Manager | 2017-08-17 | 10.0 HIGH | N/A |
| HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload. | |||||
| CVE-2009-3847 | 1 Hp | 1 Openview Network Node Manager | 2017-08-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2009-3852 | 1 Ibm | 1 Runtimes For Java Technology | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17." | |||||
| CVE-2009-3858 | 1 Gejosoft | 1 Gejosoft | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags. | |||||
| CVE-2009-3878 | 2 Intevydis, Sun | 2 Vulndisco Pack, Java System Web Server | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3897 | 1 Dovecot | 1 Dovecot | 2017-08-17 | 4.6 MEDIUM | N/A |
| Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. | |||||
| CVE-2009-3900 | 1 Ibm | 2 Aix, Powerha | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp). | |||||
| CVE-2009-3902 | 2 Cherokee, Microsoft | 2 Cherokee Httpd, Windows | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL. | |||||
| CVE-2009-3903 | 1 Manageengine | 1 Netflow Analyzer | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3911 | 1 Tftgallery | 1 Tftgallery | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter. | |||||
| CVE-2009-3914 | 2 Drupal, Wolfgang Ziegler | 2 Drupal, Temporary Invitation | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation. | |||||