Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2456 | 1 Novell | 1 Edirectory | 2017-08-17 | 5.0 MEDIUM | N/A |
| The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). | |||||
| CVE-2009-2457 | 1 Novell | 1 Edirectory | 2017-08-17 | 5.0 MEDIUM | N/A |
| The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. | |||||
| CVE-2009-2458 | 1 Sun | 1 Sun Fire Server | 2017-08-17 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors. | |||||
| CVE-2009-2480 | 1 Movabletype | 1 Six Apart Movable Type | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2481 | 2 Six Apart, Sixapart | 2 Movable Type, Movable Type | 2017-08-17 | 5.8 MEDIUM | N/A |
| mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-2482 | 1 Netbsd | 1 Netbsd | 2017-08-17 | 6.9 MEDIUM | N/A |
| The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. | |||||
| CVE-2009-2483 | 1 Netbsd | 1 Netbsd | 2017-08-17 | 4.9 MEDIUM | N/A |
| libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element. | |||||
| CVE-2009-2489 | 1 Sun | 1 Ray Server Software | 2017-08-17 | 2.1 LOW | N/A |
| Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors. | |||||
| CVE-2009-2490 | 1 Sun | 1 Ray Server Software | 2017-08-17 | 1.9 LOW | N/A |
| Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource leaks." | |||||
| CVE-2009-2491 | 1 Sun | 1 Ray Server Software | 2017-08-17 | 4.4 MEDIUM | N/A |
| The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks." | |||||
| CVE-2009-2545 | 1 Anelectron | 1 Advanced Electron Forum | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2546 | 1 Anelectron | 1 Advanced Electron Forum | 2017-08-17 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2547 | 1 Bistudio | 2 Arma, Arma 2 | 2017-08-17 | 5.0 MEDIUM | N/A |
| Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) via a VoIP over Network (VON) packet to port 2305 with a negative packet_size value, which triggers a buffer over-read. | |||||
| CVE-2009-2551 | 1 Scriptsez | 1 Easy Image Downloader | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php. | |||||
| CVE-2009-2555 | 1 Google | 2 Chrome, V8 | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression. | |||||
| CVE-2009-2556 | 1 Google | 1 Chrome | 2017-08-17 | 9.3 HIGH | N/A |
| Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation. | |||||
| CVE-2009-2565 | 1 T-okada | 1 Shiromuku\(fs6\)diary | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2571 | 1 Verliadmin | 1 Verliadmin | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action. | |||||
| CVE-2009-2572 | 2 Drupal, Lullabot | 2 Drupal, Fivestar Module For Drupal | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes. | |||||
| CVE-2009-2581 | 1 Editeurscripts | 1 Esnews | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScripts EsNews 1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2009-2586 | 1 Edgephp | 1 Ezarticles | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZArticles allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2009-2587 | 1 Dragdropcart | 1 Dragdropcart | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php. | |||||
| CVE-2009-2588 | 1 Resalecode | 1 Hotscripts Type Php Clone Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php. | |||||
| CVE-2009-2589 | 1 Resalecode | 1 Hutscripts Php Website Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php. | |||||
| CVE-2009-2590 | 1 Resalecode | 1 Hutscripts Php Website Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-2595 | 1 Censura | 1 Censura | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action. | |||||
| CVE-2009-2627 | 1 Acer | 1 Lunchapp.aplunch | 2017-08-17 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121. | |||||
| CVE-2009-2643 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Professional Software | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219. | |||||
| CVE-2009-2647 | 1 Kaspersky | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script." | |||||
| CVE-2009-2648 | 1 Flashden | 1 Guestbook | 2017-08-17 | 5.0 MEDIUM | N/A |
| FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2009-2651 | 1 Digium | 1 Asterisk | 2017-08-17 | 5.0 MEDIUM | N/A |
| main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer. | |||||
| CVE-2009-2652 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets. | |||||
| CVE-2009-2660 | 1 Jun Furuse | 1 Camlimages | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295. | |||||
| CVE-2009-2677 | 1 Hp | 1 Insight Control Suite For Linux | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2009-2678 | 1 Hp | 1 Nonstop Server | 2017-08-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Open System Services (OSS) Name Server on HP NonStop G06.27, G06.28, G06.29, G06.30, H06.06, H06.07, H06.08, and J06.03 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2009-2680 | 1 Hp | 4 Storageworks 1\/8 G2 Tape Autoloader, Storageworks Msl2024 Tape Library, Storageworks Msl4048 Tape Library and 1 more | 2017-08-17 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders in HP StorageWorks 1/8 G2 Tape Autoloader firmware 2.30 and earlier, MSL2024 Tape Library firmware 4.20 and earlier, MSL4048 Tape Library firmware 6.50 and earlier, and MSL8096 Tape Library firmware 8.90 and earlier allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2009-2688 | 1 Xemacs | 1 Xemacs | 2017-08-17 | 10.0 HIGH | N/A |
| Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2691 | 1 Linux | 1 Linux Kernel | 2017-08-17 | 2.1 LOW | N/A |
| The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. | |||||
| CVE-2009-2741 | 1 Ibm | 1 Websphere Business Events | 2017-08-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2009-2742 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input. | |||||
| CVE-2009-2743 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 2.1 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. | |||||
| CVE-2009-2744 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25." | |||||
| CVE-2009-2746 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2009-2747 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call. | |||||
| CVE-2009-2748 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2749 | 1 Ibm | 2 Communications Enabled Applications, Websphere Application Server | 2017-08-17 | 6.4 MEDIUM | N/A |
| Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value. | |||||
| CVE-2009-2750 | 1 Ibm | 1 Websphere Service Registry And Repository | 2017-08-17 | 5.5 MEDIUM | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query. | |||||
| CVE-2009-2751 | 1 Ibm | 1 Websphere Commerce | 2017-08-17 | 4.3 MEDIUM | N/A |
| IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors. | |||||
| CVE-2009-2752 | 1 Ibm | 1 Websphere Commerce | 2017-08-17 | 1.5 LOW | N/A |
| IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | |||||
| CVE-2009-2761 | 1 Avira | 2 Antivir, Antivir Security Suite | 2017-08-17 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory. | |||||