Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1511 | 1 Microsoft | 1 Windows Xp | 2017-09-29 | 7.8 HIGH | N/A |
| GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value. | |||||
| CVE-2009-1512 | 1 Keir Davis | 1 X-forum | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php. | |||||
| CVE-2009-1514 | 1 Google | 1 Chrome | 2017-09-29 | 5.0 MEDIUM | N/A |
| Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value. | |||||
| CVE-2009-1516 | 1 Icewarp | 1 Merak Mail Server | 2017-09-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method. | |||||
| CVE-2009-1517 | 1 Symantec | 1 Norton Ghost | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods. | |||||
| CVE-2009-1519 | 1 Pecio-cms | 1 Pecio Cms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. | |||||
| CVE-2009-1548 | 1 Qsix | 1 Blusky Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action. | |||||
| CVE-2009-1549 | 1 Agtc | 1 Agtc Myshop | 2017-09-29 | 7.5 HIGH | N/A |
| AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto." | |||||
| CVE-2009-1550 | 1 Zakkis | 1 Abc Advertise | 2017-09-29 | 5.0 MEDIUM | N/A |
| Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request. | |||||
| CVE-2009-1551 | 1 Qt-cute | 1 Quickteam | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php. | |||||
| CVE-2009-1574 | 1 Ipsec-tools | 1 Ipsec-tools | 2017-09-29 | 5.0 MEDIUM | N/A |
| racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. | |||||
| CVE-2009-1577 | 1 Cscope | 1 Cscope | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file. | |||||
| CVE-2009-1578 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). | |||||
| CVE-2009-1579 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-29 | 6.8 MEDIUM | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. | |||||
| CVE-2009-1580 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-29 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | |||||
| CVE-2009-1581 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-29 | 4.3 MEDIUM | N/A |
| functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. | |||||
| CVE-2009-1582 | 1 Kalptarudemos | 1 Million Dollar Text Links | 2017-09-29 | 7.5 HIGH | N/A |
| Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php. | |||||
| CVE-2009-1587 | 1 Kalptarudemos | 1 Php Site Lock | 2017-09-29 | 7.5 HIGH | N/A |
| index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values. | |||||
| CVE-2009-1592 | 1 Electrasoft | 1 32bit Ftp | 2017-09-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner. NOTE: this might overlap CVE-2003-1368. | |||||
| CVE-2009-1602 | 1 Pablosoftwaresolutions | 1 Quick\'n Easy Mail Server | 2017-09-29 | 5.0 MEDIUM | N/A |
| Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote attackers to cause a denial of service (daemon outage or CPU consumption) via multiple long SMTP commands, as demonstrated by HELO commands. | |||||
| CVE-2009-1607 | 1 Linkbase | 1 Linkbase | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator accesses the Users menu. | |||||
| CVE-2009-1609 | 1 Battleblog | 1 Battle Blog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||||
| CVE-2009-1610 | 1 Jobscript | 1 Job Script Job Board Software | 2017-09-29 | 7.5 HIGH | N/A |
| admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request. | |||||
| CVE-2009-1611 | 1 Electrasoft | 1 32bit Ftp | 2017-09-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command. | |||||
| CVE-2009-1612 | 1 Baofeng | 1 Storm | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected. | |||||
| CVE-2009-1613 | 1 Gowondesigns | 1 Leap | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter. | |||||
| CVE-2009-1614 | 1 Gowondesigns | 1 Leap | 2017-09-29 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1615 | 1 Gowondesigns | 1 Leap | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request. | |||||
| CVE-2009-1617 | 1 Teraway | 1 Linktracker | 2017-09-29 | 7.5 HIGH | N/A |
| Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie. | |||||
| CVE-2009-1618 | 1 Teraway | 1 Livehelp | 2017-09-29 | 7.5 HIGH | N/A |
| Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie. | |||||
| CVE-2009-1619 | 1 Teraway | 1 Filestream | 2017-09-29 | 7.5 HIGH | N/A |
| Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1. | |||||
| CVE-2009-1622 | 1 Ecshop | 1 Ecshop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action. | |||||
| CVE-2009-1623 | 1 Dew-code | 1 Dew-newphplinks | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter. | |||||
| CVE-2009-1624 | 1 Dew-code | 1 Dew-newphplinks | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter. | |||||
| CVE-2009-1625 | 1 Davlin | 1 Thickbox Gallery | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter. | |||||
| CVE-2009-1626 | 1 Will Kraft | 1 Ez-blog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2009-1627 | 1 Sdp Multimedia | 1 Streaming Download Project | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file. | |||||
| CVE-2009-1632 | 1 Ipsec-tools | 1 Ipsec-tools | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. | |||||
| CVE-2009-1637 | 1 Simplecustomer | 1 Simple Customer | 2017-09-29 | 6.4 MEDIUM | N/A |
| profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters. | |||||
| CVE-2009-1638 | 1 T-dreams | 1 Job Career Package | 2017-09-29 | 7.5 HIGH | N/A |
| Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login. | |||||
| CVE-2009-1641 | 1 Mini-stream | 1 Ripper | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. | |||||
| CVE-2009-1643 | 1 Sorinara | 1 Soritong Mp3 Player | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file. | |||||
| CVE-2009-1644 | 1 Sorinara | 1 Streaming Audio Player | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file. | |||||
| CVE-2009-1645 | 1 Mini-stream | 1 Easy Rm-mp3 Converter | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. | |||||
| CVE-2009-1646 | 1 Mini-stream | 1 Mini-stream Rm Downloader | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file. | |||||
| CVE-2009-1647 | 1 Ultrafunk | 1 Popcorn | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 allows remote POP3 servers to cause a denial of service (application crash) via a long string in a +OK response. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1649 | 1 Bicluc | 1 Belive | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter. | |||||
| CVE-2009-1650 | 1 Tenfourzero | 1 Shutter | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html. | |||||
| CVE-2009-1651 | 1 2daybiz | 1 Business Community Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2009-1652 | 1 2daybiz | 1 Business Community Script | 2017-09-29 | 7.5 HIGH | N/A |
| admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request. | |||||