Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1653 | 1 Tinybutstrong | 1 Tinybutstrong | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the script parameter. | |||||
| CVE-2009-1654 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | |||||
| CVE-2009-1655 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password. | |||||
| CVE-2009-1658 | 1 Realtywebware | 1 Realty Web-base | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1659 | 1 Intelliants | 1 Elitius | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/. | |||||
| CVE-2009-1660 | 1 Urusoft | 1 Viplay3 | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file entry in a .vpl file. | |||||
| CVE-2009-1662 | 1 Recipescript | 1 Recipe Script | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php. | |||||
| CVE-2009-1663 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory. | |||||
| CVE-2009-1664 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-29 | 7.5 HIGH | N/A |
| myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters. | |||||
| CVE-2009-1665 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-29 | 6.4 MEDIUM | N/A |
| myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields. | |||||
| CVE-2009-1667 | 1 Mini-stream | 1 Castripper | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137. | |||||
| CVE-2009-1668 | 1 Typsoft | 1 Typsoft Ftp Server | 2017-09-29 | 4.0 MEDIUM | N/A |
| TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of service (CPU consumption) by sending an ABOR (abort) command without an active file transfer. | |||||
| CVE-2009-1669 | 1 Smarty | 1 Smarty | 2017-09-29 | 10.0 HIGH | N/A |
| The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1670 | 1 Tcpdb | 1 Tcpdb | 2017-09-29 | 7.5 HIGH | N/A |
| user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1671 | 1 Sun | 1 Jre | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method. | |||||
| CVE-2009-1672 | 1 Sun | 1 Jre | 2017-09-29 | 9.3 HIGH | N/A |
| The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method. | |||||
| CVE-2009-1673 | 1 Sun | 1 Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD. | |||||
| CVE-2009-1674 | 1 Microchip | 1 Mplab Ide | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608. | |||||
| CVE-2009-1675 | 1 Electrasoft | 1 32bit Ftp | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command. | |||||
| CVE-2009-1677 | 1 Bitweaver | 1 Bitweaver | 2017-09-29 | 6.5 MEDIUM | N/A |
| Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php. | |||||
| CVE-2009-1678 | 1 Bitweaver | 1 Bitweaver | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php. | |||||
| CVE-2009-1687 | 1 Apple | 1 Safari | 2017-09-29 | 9.3 HIGH | N/A |
| The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." | |||||
| CVE-2009-1699 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2017-09-29 | 7.1 HIGH | N/A |
| The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." | |||||
| CVE-2009-1724 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. | |||||
| CVE-2009-1725 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2017-09-29 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2009-1726 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. | |||||
| CVE-2009-1734 | 1 Omnisoftsol | 1 Vidsharepro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2009-1735 | 1 Omnisoftsol | 1 Vidsharepro | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1736 | 1 Joomla | 2 Com Gsticketsystem, Joomla\! | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. | |||||
| CVE-2009-1739 | 1 Phpeasycode | 1 Pad Site Scripts | 2017-09-29 | 7.5 HIGH | N/A |
| PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username. | |||||
| CVE-2009-1741 | 1 Dutchmonkey | 1 Dm Filemanager | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | |||||
| CVE-2009-1742 | 1 Pc4arb | 1 Pc4 Uploader | 2017-09-29 | 7.5 HIGH | N/A |
| code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function. | |||||
| CVE-2009-1744 | 1 Pinnaclesys | 1 Pinnacle Studio | 2017-09-29 | 4.3 MEDIUM | N/A |
| InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file. | |||||
| CVE-2009-1746 | 1 Diangemilang | 1 Dgnews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||||
| CVE-2009-1747 | 1 26thavenue | 1 Bspeak | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action. | |||||
| CVE-2009-1748 | 1 Joost Horward | 1 Catviz | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter. | |||||
| CVE-2009-1749 | 1 Joost Horward | 1 Catviz | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters. | |||||
| CVE-2009-1750 | 1 Omnisoftsol | 1 Vidsharepro | 2017-09-29 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||||
| CVE-2009-1751 | 1 Realtywebware | 1 Realty Web-base | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1752 | 1 Exjune | 1 Office Message System | 2017-09-29 | 7.5 HIGH | N/A |
| exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1758 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2017-09-29 | 5.0 MEDIUM | N/A |
| The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges." | |||||
| CVE-2009-1759 | 1 Rahul | 2 Ctorrent, Dtorrent | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path. | |||||
| CVE-2009-1764 | 1 Bokecc | 1 Maxcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action. | |||||
| CVE-2009-1765 | 1 Pluck-cms | 1 Pluck | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194. | |||||
| CVE-2009-1767 | 1 2daybiz | 1 Template Monster Clone | 2017-09-29 | 5.0 MEDIUM | N/A |
| admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter. | |||||
| CVE-2009-1768 | 1 Ramazeiten | 4 Ramazaitencms0.9.7.5, Ramazaitencms0.9.7.6, Ramazaitencms0.9.7.8 and 1 more | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2009-1770 | 1 Flyspeck | 1 Flyspeck Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2009-1771 | 1 Flyspeck | 1 Flyspeck Cms | 2017-09-29 | 7.5 HIGH | N/A |
| index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters. | |||||
| CVE-2009-1774 | 1 Strawberry | 1 Strawberry | 2017-09-29 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1786 | 1 Ibm | 1 Aix | 2017-09-29 | 6.9 MEDIUM | N/A |
| The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable. | |||||