Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2942 | 2 Mysql, Mysql-ocaml | 2 Mysql, Mysql-ocaml | 2009-10-27 | 7.5 HIGH | N/A |
| The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | |||||
| CVE-2009-3784 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2009-10-27 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2009-3611 | 1 Le-web | 1 Backintime | 2009-10-26 | 3.6 LOW | N/A |
| common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. | |||||
| CVE-2009-2943 | 2 Ocaml, Postgresql | 2 Postgresql-ocaml, Postgresql | 2009-10-23 | 7.5 HIGH | N/A |
| The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | |||||
| CVE-2009-3296 | 1 Gallium.inria | 1 Camimages | 2009-10-21 | 7.5 HIGH | N/A |
| Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows. | |||||
| CVE-2009-3282 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2009-10-20 | 7.8 HIGH | N/A |
| Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. | |||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2009-10-19 | 7.2 HIGH | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | |||||
| CVE-2009-3710 | 1 Riorey | 1 Rios | 2009-10-19 | 10.0 HIGH | N/A |
| RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022. | |||||
| CVE-2009-3706 | 1 Sun | 2 Opensolaris, Solaris | 2009-10-16 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv_100 through snv_117, allows local users to bypass intended limitations of the file_chown_self privilege via certain uses of the chown system call. | |||||
| CVE-2009-3708 | 1 Konae | 1 Alleycode Html Editor | 2009-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a (1) description or (2) keyword META tag. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3454 | 2009-10-15 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2510. Reason: This candidate is a duplicate of CVE-2009-2510. Notes: All CVE users should reference CVE-2009-2510 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-3472 | 1 Ibm | 1 Db2 | 2009-10-14 | 6.5 MEDIUM | N/A |
| IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors. | |||||
| CVE-2009-1957 | 1 Strongswan | 1 Strongswan | 2009-10-14 | 5.0 MEDIUM | N/A |
| charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request. | |||||
| CVE-2009-1958 | 1 Strongswan | 1 Strongswan | 2009-10-14 | 5.0 MEDIUM | N/A |
| charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector. | |||||
| CVE-2009-0737 | 1 Mediawiki | 1 Mediawiki | 2009-10-14 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-5249 | 1 Mediawiki | 1 Mediawiki | 2009-10-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-5250 | 1 Mediawiki | 1 Mediawiki | 2009-10-14 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page. | |||||
| CVE-2008-5252 | 1 Mediawiki | 1 Mediawiki | 2009-10-14 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors. | |||||
| CVE-2007-1273 | 2 Navision, Netbsd | 2 Financials Server, Netbsd | 2009-10-14 | 6.9 MEDIUM | N/A |
| Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges. | |||||
| CVE-2000-1241 | 1 Sips | 1 Sips | 2009-10-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Haakon Nilsen simple, integrated publishing system (SIPS) before 0.2.4 has an unknown impact and attack vectors, related to a "grave security fault." | |||||
| CVE-2002-1877 | 1 Netgear | 1 Fm114p | 2009-10-14 | 7.5 HIGH | N/A |
| NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. | |||||
| CVE-2005-0970 | 1 Apple | 1 Mac Os X | 2009-10-14 | 7.6 HIGH | N/A |
| Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. | |||||
| CVE-2007-5619 | 1 Vmware | 1 Server | 2009-10-14 | 7.2 HIGH | N/A |
| Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges. | |||||
| CVE-2009-3693 | 2 Hp, Persits | 2 Loadrunner, Xupload | 2009-10-13 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method. | |||||
| CVE-2009-3350 | 2 Drupal, Roshan Shah | 2 Drupal, Subdomain Manager | 2009-10-12 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-3642 | 1 Frontrange | 1 Heat | 2009-10-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-3644 | 2 Joomla, Soundset | 2 Joomla\!, Com Soundset | 2009-10-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php. | |||||
| CVE-2009-3645 | 2 Joomla, Joomlacache | 2 Joomla\!, Com Cbresumebuilder | 2009-10-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php. | |||||
| CVE-2009-3662 | 1 Filecopa-ftpserver | 1 Ftp Server | 2009-10-12 | 5.0 MEDIUM | N/A |
| FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a large number of crafted NOOP commands. | |||||
| CVE-2009-3668 | 1 Promosi-web | 1 Ardguest | 2009-10-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest 1.8 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-3910 | 1 Post Affiliate Pro | 1 Post Affiliate Pro | 2009-10-09 | 5.0 MEDIUM | N/A |
| merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability. | |||||
| CVE-2005-3918 | 1 Ovbb | 1 Ovbb | 2009-10-09 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial." | |||||
| CVE-2005-3920 | 1 Babe Logger | 1 Babe Logger | 2009-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php. | |||||
| CVE-2005-3936 | 1 Socketkb | 1 Socketkb | 2009-10-09 | 7.5 HIGH | N/A |
| PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter. | |||||
| CVE-2005-3937 | 1 Softbiz | 1 B2b Trading Marketplace Script | 2009-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php. | |||||
| CVE-2005-3938 | 1 Softbiz | 1 Faq | 2009-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php. | |||||
| CVE-2009-3589 | 1 Inotify | 1 Incron | 2009-10-08 | 4.6 MEDIUM | N/A |
| incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table. | |||||
| CVE-2009-3568 | 3 Dave Reid, Drupal, Gabor Hojtsy | 3 Commentrss, Drupal, Commentrss | 2009-10-08 | 5.0 MEDIUM | N/A |
| Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | |||||
| CVE-2009-3572 | 1 Openbsd | 1 Openbsd | 2009-10-08 | 4.9 MEDIUM | N/A |
| OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors. | |||||
| CVE-2009-3527 | 1 Freebsd | 1 Freebsd | 2009-10-07 | 6.9 MEDIUM | N/A |
| Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption. | |||||
| CVE-2009-1074 | 1 Sun | 1 Java System Identity Manager | 2009-10-06 | 5.0 MEDIUM | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs. | |||||
| CVE-2009-1075 | 1 Sun | 1 Java System Identity Manager | 2009-10-06 | 5.0 MEDIUM | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2009-1077 | 1 Sun | 1 Java System Identity Manager | 2009-10-06 | 6.5 MEDIUM | N/A |
| The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password. | |||||
| CVE-2009-1078 | 1 Sun | 1 Java System Identity Manager | 2009-10-06 | 4.0 MEDIUM | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact. | |||||
| CVE-2009-1079 | 1 Sun | 1 Java System Identity Manager | 2009-10-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683. | |||||
| CVE-2009-1080 | 1 Sun | 1 Java System Identity Manager | 2009-10-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033. | |||||
| CVE-2009-1083 | 1 Sun | 1 Java System Identity Manager | 2009-10-06 | 9.0 HIGH | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters." | |||||
| CVE-2009-3485 | 1 Juniper | 1 Junos | 2009-10-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI. | |||||
| CVE-2009-3486 | 1 Juniper | 1 Junos | 2009-10-05 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program. | |||||
| CVE-2009-3538 | 1 Allisclear | 1 Clear Content | 2009-10-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||