Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2194 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 4.9 MEDIUM | N/A |
| Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue." | |||||
| CVE-2009-2198 | 1 Apple | 1 Garageband | 2017-08-17 | 4.3 MEDIUM | N/A |
| Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. | |||||
| CVE-2009-2201 | 1 Apple | 1 Xsan | 2017-08-17 | 2.1 LOW | N/A |
| The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog. | |||||
| CVE-2009-2207 | 1 Apple | 1 Iphone Os | 2017-08-17 | 2.1 LOW | N/A |
| The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. | |||||
| CVE-2009-2208 | 1 Freebsd | 1 Freebsd | 2017-08-17 | 3.6 LOW | N/A |
| FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. | |||||
| CVE-2009-2214 | 1 Citrix | 1 Secure Gateway | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. | |||||
| CVE-2009-2216 | 1 Jbmc-software | 1 Directadmin | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request. | |||||
| CVE-2009-2217 | 1 Phantom-inker | 1 Nbbc | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag. | |||||
| CVE-2009-2225 | 1 Surething | 1 Surething Cd\/dvd Labeler | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial version allows user-assisted remote attackers to execute arbitrary code via a crafted (1) m3u or (2) pls playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2232 | 1 Softbizscripts | 1 Banner Ad Management Script | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2237 | 2 Drupal, Karim Ratib | 2 Drupal, Views Bulk Operations | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions). | |||||
| CVE-2009-2243 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2292 | 1 Appleple | 1 A-news | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2296 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 10.0 HIGH | N/A |
| The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors. | |||||
| CVE-2009-2312 | 1 Mcafee | 1 Smartfilter | 2017-08-17 | 4.6 MEDIUM | N/A |
| SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges. | |||||
| CVE-2009-2360 | 1 Horde | 1 Passwd | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter. | |||||
| CVE-2009-2365 | 1 Datachecknh | 1 Gallerypal Fe | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2367 | 1 Iomega | 1 Storcenter Pro | 2017-08-17 | 7.5 HIGH | N/A |
| cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter. | |||||
| CVE-2009-2369 | 1 Wxwidgets | 1 Wxwidgets | 2017-08-17 | 6.8 MEDIUM | N/A |
| Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2376 | 1 Tangocms | 1 Tangocms | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Html::textarea function in application/libraries/Html.php in TangoCMS 2.x before 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the value parameter, related to the Contact module. | |||||
| CVE-2009-2380 | 1 4homepages | 1 4images | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable. | |||||
| CVE-2009-2405 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2410 | 1 Fedorahosted | 1 Sssd | 2017-08-17 | 7.5 HIGH | N/A |
| The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection. | |||||
| CVE-2009-2419 | 1 Apple | 1 Safari | 2017-08-17 | 4.3 MEDIUM | N/A |
| Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2422 | 1 David Hansson | 1 Ruby On Rails | 2017-08-17 | 7.5 HIGH | N/A |
| The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. | |||||
| CVE-2009-2425 | 1 Tor | 1 Tor | 2017-08-17 | 5.0 MEDIUM | N/A |
| Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor. | |||||
| CVE-2009-2426 | 1 Tor | 1 Tor | 2017-08-17 | 5.0 MEDIUM | N/A |
| The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2429 | 1 Mcafee | 1 Smartfilter | 2017-08-17 | 4.6 MEDIUM | N/A |
| SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml files and uses insecure permissions for these files, which allows local users to gain privileges. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2434 | 1 Ibm | 1 Aix | 2017-08-17 | 7.2 HIGH | N/A |
| Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2009-2441 | 1 Esoftpro | 1 Online Guestbook Pro | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter. | |||||
| CVE-2009-2443 | 1 Siteframe | 1 Siteframe Cms | 2017-08-17 | 5.0 MEDIUM | N/A |
| Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2009-2444 | 1 Adbnewssender | 1 Adbnewssender | 2017-08-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php. | |||||
| CVE-2009-2456 | 1 Novell | 1 Edirectory | 2017-08-17 | 5.0 MEDIUM | N/A |
| The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). | |||||
| CVE-2009-2457 | 1 Novell | 1 Edirectory | 2017-08-17 | 5.0 MEDIUM | N/A |
| The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet. | |||||
| CVE-2009-2458 | 1 Sun | 1 Sun Fire Server | 2017-08-17 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors. | |||||
| CVE-2009-2480 | 1 Movabletype | 1 Six Apart Movable Type | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2481 | 2 Six Apart, Sixapart | 2 Movable Type, Movable Type | 2017-08-17 | 5.8 MEDIUM | N/A |
| mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-2482 | 1 Netbsd | 1 Netbsd | 2017-08-17 | 6.9 MEDIUM | N/A |
| The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. | |||||
| CVE-2009-2483 | 1 Netbsd | 1 Netbsd | 2017-08-17 | 4.9 MEDIUM | N/A |
| libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element. | |||||
| CVE-2009-2489 | 1 Sun | 1 Ray Server Software | 2017-08-17 | 2.1 LOW | N/A |
| Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors. | |||||
| CVE-2009-2490 | 1 Sun | 1 Ray Server Software | 2017-08-17 | 1.9 LOW | N/A |
| Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource leaks." | |||||
| CVE-2009-2491 | 1 Sun | 1 Ray Server Software | 2017-08-17 | 4.4 MEDIUM | N/A |
| The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks." | |||||
| CVE-2009-2545 | 1 Anelectron | 1 Advanced Electron Forum | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2546 | 1 Anelectron | 1 Advanced Electron Forum | 2017-08-17 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2547 | 1 Bistudio | 2 Arma, Arma 2 | 2017-08-17 | 5.0 MEDIUM | N/A |
| Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) via a VoIP over Network (VON) packet to port 2305 with a negative packet_size value, which triggers a buffer over-read. | |||||
| CVE-2009-2551 | 1 Scriptsez | 1 Easy Image Downloader | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php. | |||||
| CVE-2009-2555 | 1 Google | 2 Chrome, V8 | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression. | |||||
| CVE-2009-2556 | 1 Google | 1 Chrome | 2017-08-17 | 9.3 HIGH | N/A |
| Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation. | |||||
| CVE-2009-2565 | 1 T-okada | 1 Shiromuku\(fs6\)diary | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2571 | 1 Verliadmin | 1 Verliadmin | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action. | |||||