CVE-2009-2xxx

There are 965 CVE in this subgroup.
Last updated: 
← Back to 2009
ID Summary Flags Max Score
CVE-2009-2000 Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote ...
CVE-2009-2001 Unspecified vulnerability in the PL/SQL component in Oracle Database 10.2.0.4 and 11.1.0.7 allows re...
CVE-2009-2002 Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 8.1.6, 9.2.3, 10.0.1...
CVE-2009-2003 Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain...
E
CVE-2009-2004 Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly ...
S
CVE-2009-2005 Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote...
E S
CVE-2009-2006 Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow rem...
S
CVE-2009-2007 Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote att...
E S
CVE-2009-2008 Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers...
S
CVE-2009-2009 Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow rem...
S
CVE-2009-2010 Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier...
E
CVE-2009-2011 Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29...
E S
CVE-2009-2012 Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is ...
CVE-2009-2013 SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attacke...
E
CVE-2009-2014 SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote at...
E
CVE-2009-2015 Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) com...
E
CVE-2009-2016 SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execu...
E
CVE-2009-2017 SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute ...
E
CVE-2009-2018 SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is d...
E
CVE-2009-2019 SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to exe...
E
CVE-2009-2020 Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote att...
E
CVE-2009-2021 SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute a...
E
CVE-2009-2022 fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, ...
E
CVE-2009-2023 SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled,...
E
CVE-2009-2024 Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient acc...
E
CVE-2009-2025 admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain ad...
E
CVE-2009-2026 Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport S...
S
CVE-2009-2027 The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checkin...
S
CVE-2009-2028 Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 an...
S
CVE-2009-2029 Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, a...
E S
CVE-2009-2030 Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK ...
S
CVE-2009-2031 smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows loc...
CVE-2009-2032 Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308...
E
CVE-2009-2033 Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to injec...
E
CVE-2009-2034 SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, all...
E
CVE-2009-2035 Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based acces...
S
CVE-2009-2036 SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbit...
E
CVE-2009-2037 Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and po...
E
CVE-2009-2038 Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact a...
S
CVE-2009-2039 Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and...
S
CVE-2009-2040 admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to...
E
CVE-2009-2041 Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to...
CVE-2009-2042 libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not ...
S
CVE-2009-2043 nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial ...
CVE-2009-2044 Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (ap...
E S
CVE-2009-2045 The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance...
S
CVE-2009-2046 The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2...
S
CVE-2009-2047 Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutio...
S
CVE-2009-2048 Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response ...
S
CVE-2009-2049 Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12....
S
CVE-2009-2050 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote at...
S
CVE-2009-2051 Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Ci...
S
CVE-2009-2052 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x b...
S
CVE-2009-2053 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x b...
S
CVE-2009-2054 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x b...
S
CVE-2009-2055 Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset...
KEV S
CVE-2009-2056 Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (proce...
S
CVE-2009-2057 Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a documen...
E
CVE-2009-2058 Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided ...
CVE-2009-2059 Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provid...
E
CVE-2009-2060 src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host heade...
CVE-2009-2061 Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshak...
E
CVE-2009-2062 Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, w...
CVE-2009-2063 Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake...
CVE-2009-2064 Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages ...
CVE-2009-2065 Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only wh...
CVE-2009-2066 Apple Safari detects http content in https web pages only when the top-level frame uses https, which...
CVE-2009-2067 Opera detects http content in https web pages only when the top-level frame uses https, which allows...
CVE-2009-2068 Google Chrome detects http content in https web pages only when the top-level frame uses https, whic...
CVE-2009-2069 Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT ...
CVE-2009-2070 Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a pro...
CVE-2009-2071 Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT respo...
S
CVE-2009-2072 Apple Safari does not require a cached certificate before displaying a lock icon for an https web si...
CVE-2009-2073 Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and fi...
CVE-2009-2074 Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a m...
E S
CVE-2009-2075 Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict...
S
CVE-2009-2076 Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows re...
E S
CVE-2009-2077 Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access r...
S
CVE-2009-2078 Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6....
S
CVE-2009-2079 Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5....
E S
CVE-2009-2080 admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote a...
E
CVE-2009-2081 Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_g...
E
CVE-2009-2082 SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows ...
E
CVE-2009-2083 Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before...
E S
CVE-2009-2084 Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set...
S
CVE-2009-2085 The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before ...
S
CVE-2009-2086 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1900. Reason: This candida...
R
CVE-2009-2087 The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0...
S
CVE-2009-2088 The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1....
S
CVE-2009-2089 The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before...
S
CVE-2009-2090 Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere ...
S
CVE-2009-2091 The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0....
S
CVE-2009-2092 IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingE...
S
CVE-2009-2093 SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 bef...
S
CVE-2009-2094 Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is ena...
S
CVE-2009-2095 PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi M...
E
CVE-2009-2096 SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote att...
E
CVE-2009-2097 SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog ...
CVE-2009-2098 SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbit...
E
CVE-2009-2099 SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows...
E
CVE-2009-2100 Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10...
E
CVE-2009-2101 Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabl...
E
CVE-2009-2102 SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for J...
E
CVE-2009-2103 SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension fo...
S
CVE-2009-2104 Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) ...
S
CVE-2009-2105 SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier fo...
S
CVE-2009-2106 SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for ...
S
CVE-2009-2107 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Webmedia Explorer (webmex) 5.09 ...
E
CVE-2009-2108 git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infini...
S
CVE-2009-2109 Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrar...
E
CVE-2009-2110 Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled,...
E
CVE-2009-2111 Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to in...
E
CVE-2009-2112 Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers t...
E
CVE-2009-2113 Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary S...
E S
CVE-2009-2114 Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow rem...
E
CVE-2009-2115 admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive i...
CVE-2009-2116 Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated...
E
CVE-2009-2117 uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administr...
E
CVE-2009-2118 Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows ...
S
CVE-2009-2119 Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL V...
S
CVE-2009-2120 Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to...
E
CVE-2009-2121 Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers ...
E
CVE-2009-2122 SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPres...
E
CVE-2009-2123 Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQ...
E
CVE-2009-2124 Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and ...
E
CVE-2009-2125 delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote...
S
CVE-2009-2126 Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attack...
S
CVE-2009-2127 Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers...
E
CVE-2009-2128 SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execut...
S
CVE-2009-2129 Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers ...
E
CVE-2009-2130 Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or...
E
CVE-2009-2131 Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated us...
E S
CVE-2009-2132 Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is di...
E
CVE-2009-2133 Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attacker...
E
CVE-2009-2134 pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via ...
E
CVE-2009-2135 Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_...
S
CVE-2009-2136 Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 t...
S
CVE-2009-2137 Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and Op...
S
CVE-2009-2138 Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect user...
E
CVE-2009-2139 Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3...
S
CVE-2009-2140 Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3....
S
CVE-2009-2141 Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to ...
E
CVE-2009-2142 Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote...
E
CVE-2009-2143 PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1....
E S
CVE-2009-2144 SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote ...
S
CVE-2009-2145 Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inj...
E S
CVE-2009-2146 Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Co...
E
CVE-2009-2147 SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers t...
E
CVE-2009-2148 SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execu...
E
CVE-2009-2149 Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to ...
E
CVE-2009-2150 Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote at...
E
CVE-2009-2151 Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arb...
E
CVE-2009-2152 SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbi...
E
CVE-2009-2153 Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote a...
E
CVE-2009-2154 SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc...
E
CVE-2009-2155 Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allo...
CVE-2009-2156 Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authe...
E
CVE-2009-2157 Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated user...
E
CVE-2009-2158 account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently la...
E
CVE-2009-2159 backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, wh...
E
CVE-2009-2160 TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a dir...
E
CVE-2009-2161 Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when...
E
CVE-2009-2162 Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier ...
CVE-2009-2163 Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1...
E
CVE-2009-2164 Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabl...
E
CVE-2009-2165 SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x vers...
CVE-2009-2166 Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows re...
E
CVE-2009-2167 Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and ear...
E
CVE-2009-2168 cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser b...
E
CVE-2009-2169 Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Ed...
E
CVE-2009-2170 Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5...
CVE-2009-2171 Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts,...
CVE-2009-2172 Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon fo...
E
CVE-2009-2173 The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service ...
E
CVE-2009-2174 GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscript...
E S
CVE-2009-2175 Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as ...
S
CVE-2009-2176 Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes...
E
CVE-2009-2177 code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows rem...
E
CVE-2009-2178 Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers...
E
CVE-2009-2179 SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute ar...
E
CVE-2009-2180 Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier a...
E
CVE-2009-2181 Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1...
E
CVE-2009-2182 Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to e...
E
CVE-2009-2183 Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attacker...
E
CVE-2009-2184 Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows re...
E
CVE-2009-2185 The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) ...
S
CVE-2009-2186 Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to exe...
S
CVE-2009-2187 Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solar...
E S
CVE-2009-2188 Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows rem...
S
CVE-2009-2189 The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Expre...
S
CVE-2009-2190 launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (i...
S
CVE-2009-2191 Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows ...
S
CVE-2009-2192 MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from...
S
CVE-2009-2193 Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execut...
S
CVE-2009-2194 Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which...
S
CVE-2009-2195 Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary ...
S
CVE-2009-2196 Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbit...
S
CVE-2009-2197 Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that plac...
CVE-2009-2198 Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, whi...
S
CVE-2009-2199 Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS befo...
S
CVE-2009-2200 WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage att...
S
CVE-2009-2201 The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext usern...
S
CVE-2009-2202 Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of ...
S
CVE-2009-2203 Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or...
S
CVE-2009-2204 Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remo...
E S
CVE-2009-2205 Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before ...
S
CVE-2009-2206 Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple ...
E S
CVE-2009-2207 The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists d...
CVE-2009-2208 FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allo...
S
CVE-2009-2209 SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execu...
E
CVE-2009-2210 Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a de...
S
CVE-2009-2211 Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before...
S
CVE-2009-2212 The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows att...
S
CVE-2009-2213 The default configuration of the Security global settings on the Citrix NetScaler Access Gateway app...
CVE-2009-2214 The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause...
S
CVE-2009-2215 Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to in...
S
CVE-2009-2216 Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows re...
E
CVE-2009-2217 Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbi...
S
CVE-2009-2218 Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globa...
E
CVE-2009-2219 Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attack...
E
CVE-2009-2220 Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled...
E
CVE-2009-2221 Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to i...
CVE-2009-2222 Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arb...
CVE-2009-2223 Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to...
E
CVE-2009-2224 Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globa...
E
CVE-2009-2225 Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial version allows user-assisted r...
CVE-2009-2226 Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote...
CVE-2009-2227 Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers...
E
CVE-2009-2228 Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to in...
E
CVE-2009-2229 Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers t...
E S
CVE-2009-2230 SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 ...
E S
CVE-2009-2231 MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an ...
E
CVE-2009-2232 SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attack...
E
CVE-2009-2233 The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass aut...
E
CVE-2009-2234 Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow re...
E S
CVE-2009-2235 SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execut...
E
CVE-2009-2236 SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers...
E
CVE-2009-2237 Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7...
S
CVE-2009-2238 Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetm...
E
CVE-2009-2239 SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino...
E
CVE-2009-2240 Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6....
CVE-2009-2241 Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remot...
E
CVE-2009-2242 SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remot...
E
CVE-2009-2243 SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remot...
CVE-2009-2254 Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatc...
E S
CVE-2009-2255 Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_...
E S
CVE-2009-2256 The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers...
E
CVE-2009-2257 The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers...
E
CVE-2009-2258 Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgea...
E
CVE-2009-2259 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2608. Reason: This candida...
R
CVE-2009-2260 stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a diction...
CVE-2009-2261 PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitra...
E
CVE-2009-2262 PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers ...
CVE-2009-2263 Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote at...
E
CVE-2009-2265 Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to c...
S
CVE-2009-2266 OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive informat...
CVE-2009-2267 VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, V...
E S
CVE-2009-2268 Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java Sy...
S
CVE-2009-2269 SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL comma...
CVE-2009-2270 Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attac...
CVE-2009-2271 The Huawei D100 has (1) a certain default administrator password for the web interface, and does not...
CVE-2009-2272 The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which...
CVE-2009-2273 The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which m...
CVE-2009-2274 The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) ...
CVE-2009-2275 Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attack...
E
CVE-2009-2276 SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunB...
E
CVE-2009-2277 Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMwa...
S
CVE-2009-2281 Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapSer...
S
CVE-2009-2282 The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10...
S
CVE-2009-2283 Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console ...
S
CVE-2009-2284 Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inj...
S
CVE-2009-2285 Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers...
E
CVE-2009-2286 Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of se...
CVE-2009-2287 The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when runnin...
S
CVE-2009-2288 statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell...
E
CVE-2009-2289 Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade Script 1.0 beta allows remote ...
E
CVE-2009-2290 SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for J...
E
CVE-2009-2291 Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow ...
S
CVE-2009-2292 Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject a...
CVE-2009-2293 Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication...
E
CVE-2009-2294 Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attack...
CVE-2009-2295 Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to ...
CVE-2009-2296 The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly ...
S
CVE-2009-2297 Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_...
S
CVE-2009-2298 Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allo...
CVE-2009-2299 The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0...
CVE-2009-2300 The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not prop...
S
CVE-2009-2301 The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote atta...
CVE-2009-2302 Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier all...
E
CVE-2009-2303 index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive inf...
CVE-2009-2304 index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive inf...
E
CVE-2009-2305 The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a lon...
E
CVE-2009-2306 The ARD-9808 DVR card security camera stores sensitive information under the web root with insuffici...
E
CVE-2009-2307 SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) ...
E
CVE-2009-2308 Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module ...
E
CVE-2009-2309 SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrar...
E
CVE-2009-2310 SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and ea...
E
CVE-2009-2311 SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows rem...
E
CVE-2009-2312 SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and use...
CVE-2009-2313 Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remot...
E
CVE-2009-2314 Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allow...
S
CVE-2009-2315 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2204. Reason: This candida...
R
CVE-2009-2316 Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow ...
S
CVE-2009-2317 The Axesstel MV 410R has a certain default administrator password, and does not force a password cha...
CVE-2009-2318 The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets...
CVE-2009-2319 The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, wh...
CVE-2009-2320 The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, w...
CVE-2009-2321 cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (co...
CVE-2009-2322 Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remot...
E
CVE-2009-2323 The web interface on the Axesstel MV 410R redirects users back to the referring page after execution...
CVE-2009-2324 Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attacke...
S
CVE-2009-2325 Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read a...
E
CVE-2009-2326 Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to e...
E
CVE-2009-2327 Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows ...
E
CVE-2009-2328 admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication...
E
CVE-2009-2329 KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct ...
E
CVE-2009-2330 Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allo...
E
CVE-2009-2331 Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers...
E
CVE-2009-2332 CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafte...
E
CVE-2009-2333 Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers t...
E
CVE-2009-2334 wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authen...
E S
CVE-2009-2335 WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depend...
E S
CVE-2009-2336 The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior ...
E S
CVE-2009-2337 SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Mo...
E S
CVE-2009-2338 Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when...
E
CVE-2009-2339 SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary...
E
CVE-2009-2340 SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbit...
E
CVE-2009-2341 SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbit...
E
CVE-2009-2342 Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Mad...
E
CVE-2009-2343 Cross-site scripting (XSS) vulnerability in people.php in Zoph before 0.7.0.6 allows remote attacker...
S
CVE-2009-2344 The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 all...
E
CVE-2009-2345 Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execu...
S
CVE-2009-2346 The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2,...
CVE-2009-2347 Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9,...
S
CVE-2009-2348 Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permi...
CVE-2009-2350 Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh hea...
E
CVE-2009-2351 Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which a...
E
CVE-2009-2352 Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP resp...
E
CVE-2009-2353 encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local exe...
CVE-2009-2354 SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware ...
CVE-2009-2355 The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of...
CVE-2009-2356 Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when ...
CVE-2009-2357 The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Ser...
CVE-2009-2358 TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users ...
CVE-2009-2359 Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute...
CVE-2009-2360 Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Ho...
E S
CVE-2009-2361 SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote atta...
E
CVE-2009-2362 Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbit...
E
CVE-2009-2363 Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitr...
E
CVE-2009-2364 Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (...
E
CVE-2009-2365 SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote atta...
CVE-2009-2366 SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 all...
E
CVE-2009-2367 cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote ...
E
CVE-2009-2368 Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors....
CVE-2009-2369 Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows ...
CVE-2009-2370 Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1...
S
CVE-2009-2371 Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user s...
S
CVE-2009-2372 Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated co...
S
CVE-2009-2373 Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote...
E S
CVE-2009-2374 Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for page...
S
CVE-2009-2375 Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earlier versions, allows remote at...
CVE-2009-2376 Cross-site scripting (XSS) vulnerability in the Html::textarea function in application/libraries/Htm...
E S
CVE-2009-2377 Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in AVAX-software Avax Vector Act...
E
CVE-2009-2378 PHP remote file inclusion vulnerability in formmailer.admin.inc.php in Jax FormMailer 3.0.0 allows r...
E
CVE-2009-2379 Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers ...
E S
CVE-2009-2380 Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allo...
CVE-2009-2381 Gizmo 3.1.0.79 on Linux does not verify a server's SSL certificate, which allows remote servers to o...
CVE-2009-2382 admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain ad...
E
CVE-2009-2383 SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allo...
E
CVE-2009-2384 Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execu...
E
CVE-2009-2385 SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Award...
E
CVE-2009-2386 Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and pos...
E
CVE-2009-2387 Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows lo...
S
CVE-2009-2388 SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbit...
E
CVE-2009-2389 Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quot...
E
CVE-2009-2390 SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote a...
E
CVE-2009-2391 Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allo...
E
CVE-2009-2392 SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote att...
E
CVE-2009-2393 admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privilege...
E
CVE-2009-2394 SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Message...
E
CVE-2009-2395 SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows r...
E
CVE-2009-2396 PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone...
E
CVE-2009-2397 Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers...
E
CVE-2009-2398 Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to rea...
E
CVE-2009-2399 PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, whe...
E
CVE-2009-2400 SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to ex...
E
CVE-2009-2401 Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject ar...
E
CVE-2009-2402 SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote at...
E
CVE-2009-2403 Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (appl...
E
CVE-2009-2404 Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS)...
S
CVE-2009-2405 Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in ...
S
CVE-2009-2406 Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCr...
E S
CVE-2009-2407 Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryp...
E S
CVE-2009-2408 Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0...
CVE-2009-2409 The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 a...
S
CVE-2009-2410 The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does no...
E
CVE-2009-2411 Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before ...
CVE-2009-2412 Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Util...
E S
CVE-2009-2413 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in...
R
CVE-2009-2414 Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1....
S
CVE-2009-2415 Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary...
CVE-2009-2416 Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and l...
S
CVE-2009-2417 lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle ...
S
CVE-2009-2418 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi...
R
CVE-2009-2419 Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safa...
E
CVE-2009-2420 Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attac...
CVE-2009-2421 The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote ...
CVE-2009-2422 The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rai...
E S
CVE-2009-2423 SQL injection vulnerability in category.php in Ebay Clone 2009 allows remote attackers to execute ar...
E
CVE-2009-2424 Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to...
E
CVE-2009-2425 Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a m...
S
CVE-2009-2426 The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0...
S
CVE-2009-2427 SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows remote attackers to execute arbi...
E
CVE-2009-2428 Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute a...
E
CVE-2009-2429 SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml f...
CVE-2009-2430 Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv...
CVE-2009-2431 WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attac...
S
CVE-2009-2432 WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a...
E S
CVE-2009-2433 Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote a...
E
CVE-2009-2434 Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges v...
S
CVE-2009-2435 The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messag...
CVE-2009-2436 SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote atta...
E
CVE-2009-2437 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote a...
E
CVE-2009-2438 Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and ...
E
CVE-2009-2439 Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers...
E
CVE-2009-2440 Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers t...
E
CVE-2009-2441 Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote a...
E
CVE-2009-2442 Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attacker...
E
CVE-2009-2443 Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration informati...
E S
CVE-2009-2444 Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6,...
E S
CVE-2009-2445 Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP1...
E
CVE-2009-2446 Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in...
E S
CVE-2009-2447 Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allo...
E
CVE-2009-2448 Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote a...
CVE-2009-2449 Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1....
E S
CVE-2009-2450 The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ befor...
E
CVE-2009-2451 Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier vers...
E
CVE-2009-2452 Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors...
S
CVE-2009-2453 Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access polic...
S
CVE-2009-2454 Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote a...
S
CVE-2009-2455 Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remot...
CVE-2009-2456 The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial ...
CVE-2009-2457 The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial ...
S
CVE-2009-2458 Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards...
S
CVE-2009-2459 Multiple unspecified vulnerabilities in mimeTeX, when downloaded before 20090713, have unknown impac...
E S
CVE-2009-2460 Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, ha...
E S
CVE-2009-2461 mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, w...
CVE-2009-2462 The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause...
S
CVE-2009-2463 Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/l...
S
CVE-2009-2464 The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaM...
S
CVE-2009-2465 Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (m...
S
CVE-2009-2466 The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to ca...
E S
CVE-2009-2467 Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of serv...
S
CVE-2009-2468 Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.1...
CVE-2009-2469 Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a wat...
S
CVE-2009-2470 Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a...
S
CVE-2009-2471 The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping,...
S
CVE-2009-2472 Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object ...
S
CVE-2009-2473 neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, ...
S
CVE-2009-2474 neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a d...
CVE-2009-2475 Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent ...
S
CVE-2009-2476 The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, ...
S
CVE-2009-2477 js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firef...
E S
CVE-2009-2478 Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference a...
E
CVE-2009-2479 Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of servic...
E
CVE-2009-2480 Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 w...
CVE-2009-2481 mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, all...
S
CVE-2009-2482 The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to...
CVE-2009-2483 libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of ser...
CVE-2009-2484 Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN V...
E S
CVE-2009-2485 Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code vi...
E
CVE-2009-2486 Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_1...
S
CVE-2009-2487 Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in ...
S
CVE-2009-2488 Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_1...
S
CVE-2009-2489 Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows lo...
S
CVE-2009-2490 Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris...
S
CVE-2009-2491 The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enable...
S
CVE-2009-2492 Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 all...
S
CVE-2009-2493 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 a...
S
CVE-2009-2494 The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vi...
S
CVE-2009-2495 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 a...
CVE-2009-2496 Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, ...
CVE-2009-2497 The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP...
CVE-2009-2498 Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do n...
CVE-2009-2499 Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows V...
CVE-2009-2500 Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3...
CVE-2009-2501 Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Off...
CVE-2009-2502 Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3,...
CVE-2009-2503 GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office X...
CVE-2009-2504 Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Fra...
CVE-2009-2505 The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does no...
CVE-2009-2506 Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; O...
CVE-2009-2507 A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and...
CVE-2009-2508 The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Window...
CVE-2009-2509 Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gol...
CVE-2009-2510 The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 S...
CVE-2009-2511 Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, W...
CVE-2009-2512 The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold an...
CVE-2009-2513 The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP...
CVE-2009-2514 win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not...
CVE-2009-2515 Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vist...
CVE-2009-2516 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and S...
CVE-2009-2517 The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when...
CVE-2009-2518 Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary cod...
CVE-2009-2519 The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Serve...
CVE-2009-2520 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2009-2521 Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) ...
S
CVE-2009-2522 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2009-2523 The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to exe...
S
CVE-2009-2524 Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Servi...
CVE-2009-2525 Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice De...
CVE-2009-2526 Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fie...
CVE-2009-2527 Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute ...
CVE-2009-2528 GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Ta...
CVE-2009-2529 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validatio...
CVE-2009-2530 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which all...
CVE-2009-2531 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which all...
CVE-2009-2532 Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do no...
CVE-2009-2533 rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers ...
E
CVE-2009-2534 RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a de...
E
CVE-2009-2535 Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attack...
E
CVE-2009-2536 Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory...
E
CVE-2009-2537 KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large ...
E
CVE-2009-2538 The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause ...
E
CVE-2009-2539 The Aigo P8860 allows remote attackers to cause a denial of service (memory consumption and browser ...
E
CVE-2009-2540 Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consu...
E
CVE-2009-2541 The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service...
E
CVE-2009-2542 Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a lar...
E
CVE-2009-2543 Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM...
CVE-2009-2544 Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Window...
E
CVE-2009-2545 SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled,...
CVE-2009-2546 Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to de...
CVE-2009-2547 Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II ...
E
CVE-2009-2548 Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed A...
E
CVE-2009-2549 Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allo...
E
CVE-2009-2550 Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrar...
E
CVE-2009-2551 Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote ...
E
CVE-2009-2552 Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow...
E
CVE-2009-2553 Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic...
E
CVE-2009-2554 SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2...
E
CVE-2009-2555 Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrom...
CVE-2009-2556 Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of se...
CVE-2009-2557 Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attac...
E
CVE-2009-2558 system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote at...
E
CVE-2009-2559 Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial o...
S
CVE-2009-2560 Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of ...
S
CVE-2009-2561 Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause...
S
CVE-2009-2562 Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attack...
S
CVE-2009-2563 Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running...
S
CVE-2009-2564 NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versi...
E
CVE-2009-2565 Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 al...
CVE-2009-2566 Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to e...
E
CVE-2009-2567 SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allo...
E
CVE-2009-2568 Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to ...
E
CVE-2009-2569 Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remo...
E
CVE-2009-2570 Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX control in WinFax\DCCFAXVW.DL...
E
CVE-2009-2571 Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow...
E
CVE-2009-2572 Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6...
S
CVE-2009-2573 Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, a...
E
CVE-2009-2574 index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arb...
E
CVE-2009-2575 The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (m...
CVE-2009-2576 Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of s...
E
CVE-2009-2577 Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumpt...
CVE-2009-2578 Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application ...
CVE-2009-2579 SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2...
E
CVE-2009-2580 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1862. Reason: This candida...
R
CVE-2009-2581 Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScripts EsNews 1.2 allows remote ...
E
CVE-2009-2582 Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before ...
S
CVE-2009-2583 Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote...
S
CVE-2009-2584 Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU dr...
E
CVE-2009-2585 SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary ...
E
CVE-2009-2586 Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZArticles allows remote attacke...
E
CVE-2009-2587 Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject...
E
CVE-2009-2588 Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote...
E
CVE-2009-2589 Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote at...
E
CVE-2009-2590 SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attac...
E
CVE-2009-2591 SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to e...
E
CVE-2009-2592 SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to exe...
E
CVE-2009-2593 SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arb...
E
CVE-2009-2594 Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers t...
E
CVE-2009-2595 Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows rem...
CVE-2009-2596 Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris ...
S
CVE-2009-2597 The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows...
S
CVE-2009-2598 Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) rem...
E
CVE-2009-2599 SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execu...
E
CVE-2009-2600 Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow rem...
E
CVE-2009-2601 SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joom...
E
CVE-2009-2602 R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient...
E
CVE-2009-2603 Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote atta...
E
CVE-2009-2604 Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers...
E
CVE-2009-2605 Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to...
E
CVE-2009-2606 ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access contr...
E
CVE-2009-2607 SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to exe...
E
CVE-2009-2608 Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute a...
E
CVE-2009-2609 SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote att...
E
CVE-2009-2610 Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before...
S
CVE-2009-2611 Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in My...
E
CVE-2009-2612 SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQ...
S
CVE-2009-2613 Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions LinkPal 1.x allow remote ...
CVE-2009-2614 SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote at...
CVE-2009-2615 Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions SitePal 1.x allow remote ...
CVE-2009-2616 SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote at...
CVE-2009-2617 Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execu...
E
CVE-2009-2618 SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows re...
E
CVE-2009-2619 SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers t...
CVE-2009-2620 src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before...
E S
CVE-2009-2621 Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and...
S
CVE-2009-2622 Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of...
S
CVE-2009-2624 The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that ...
CVE-2009-2625 XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE...
S
CVE-2009-2626 The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allo...
E S
CVE-2009-2627 Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerct...
CVE-2009-2628 The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstati...
S
CVE-2009-2629 Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0....
CVE-2009-2631 Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ...
CVE-2009-2632 Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP...
S
CVE-2009-2633 PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager...
E
CVE-2009-2634 PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) c...
E
CVE-2009-2635 PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatem...
E
CVE-2009-2636 Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio M...
S
CVE-2009-2637 PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) comp...
E
CVE-2009-2638 SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote att...
E
CVE-2009-2639 SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers t...
E
CVE-2009-2640 Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow rem...
E
CVE-2009-2641 PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigat...
E
CVE-2009-2642 index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting t...
E
CVE-2009-2643 Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Res...
S
CVE-2009-2644 Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_...
S
CVE-2009-2645 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2408. Reason: This candida...
R
CVE-2009-2646 Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Res...
S
CVE-2009-2647 Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before C...
CVE-2009-2648 FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request ...
E
CVE-2009-2649 The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local us...
E
CVE-2009-2650 Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote at...
E
CVE-2009-2651 main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of...
E S
CVE-2009-2652 Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 th...
S
CVE-2009-2653 The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003...
E
CVE-2009-2654 Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address ...
E S
CVE-2009-2655 mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause...
E
CVE-2009-2656 Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remot...
E
CVE-2009-2657 nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allow...
CVE-2009-2658 Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary...
S
CVE-2009-2659 The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL...
S
CVE-2009-2660 Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbi...
E
CVE-2009-2661 The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 do...
S
CVE-2009-2662 The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial o...
S
CVE-2009-2663 libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows co...
S
CVE-2009-2664 The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before ...
S
CVE-2009-2665 The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox...
S
CVE-2009-2666 socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in th...
CVE-2009-2667 Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and atta...
CVE-2009-2668 Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attac...
CVE-2009-2669 A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG ...
S
CVE-2009-2670 The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK an...
S
CVE-2009-2671 The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update ...
S
CVE-2009-2672 The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Upd...
S
CVE-2009-2673 The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Upd...
S
CVE-2009-2674 Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK an...
S
CVE-2009-2675 Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 bef...
S
CVE-2009-2676 Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE ...
S
CVE-2009-2677 Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) b...
S
CVE-2009-2678 Unspecified vulnerability in Open System Services (OSS) Name Server on HP NonStop G06.27, G06.28, G0...
S
CVE-2009-2679 Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attacker...
S
CVE-2009-2680 Unspecified vulnerability in the Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2...
S
CVE-2009-2681 Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A....
S
CVE-2009-2682 Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows...
S
CVE-2009-2683 Unspecified vulnerability in the Sender module in HP Remote Graphics Software (RGS) 5.1.3 through 5....
CVE-2009-2684 Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) o...
E
CVE-2009-2685 Stack-based buffer overflow in the login form in the management web server in HP Power Manager allow...
CVE-2009-2686 Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, H06.08.00 through H06.18.01, an...
CVE-2009-2687 The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause...
E S
CVE-2009-2688 Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remo...
CVE-2009-2689 JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, ...
S
CVE-2009-2690 The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables ...
S
CVE-2009-2691 The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local use...
S
CVE-2009-2692 The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all functio...
E S
CVE-2009-2693 Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 all...
S
CVE-2009-2694 The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in P...
E S
CVE-2009-2695 The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero a...
E S
CVE-2009-2696 Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the exam...
CVE-2009-2697 The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise ...
CVE-2009-2698 The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in t...
E S
CVE-2009-2699 The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Run...
S
CVE-2009-2700 src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' charac...
CVE-2009-2701 Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope ...
S
CVE-2009-2702 KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name...
CVE-2009-2703 libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows...
S
CVE-2009-2704 CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE appl...
CVE-2009-2705 CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE appl...
CVE-2009-2706 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2009-2707 Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 i...
CVE-2009-2708 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2009-2709 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2009-2710 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2009-2711 XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when ...
S
CVE-2009-2712 Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMC...
S
CVE-2009-2713 The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Sin...
S
CVE-2009-2714 Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial ...
CVE-2009-2715 Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux ho...
E
CVE-2009-2716 The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selec...
CVE-2009-2717 The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 P...
CVE-2009-2718 The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not i...
CVE-2009-2719 The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attacke...
CVE-2009-2720 Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing...
S
CVE-2009-2721 Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have ...
S
CVE-2009-2722 Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have ...
S
CVE-2009-2723 Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update ...
S
CVE-2009-2724 Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and a...
S
CVE-2009-2726 The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x b...
E
CVE-2009-2727 Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) ...
E S
CVE-2009-2730 libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the s...
CVE-2009-2732 The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause...
CVE-2009-2733 Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers t...
E S
CVE-2009-2734 SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1....
E S
CVE-2009-2735 SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabl...
E
CVE-2009-2736 Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authentica...
E
CVE-2009-2737 The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and pos...
S
CVE-2009-2738 Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote...
S
CVE-2009-2739 Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject ...
CVE-2009-2740 kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote att...
S
CVE-2009-2741 Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Busi...
CVE-2009-2742 Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6...
S
CVE-2009-2743 IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properl...
S
CVE-2009-2744 Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remot...
S
CVE-2009-2746 Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security compon...
S
CVE-2009-2747 The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (W...
CVE-2009-2748 Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application ...
CVE-2009-2749 Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Applicat...
S
CVE-2009-2750 IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended con...
S
CVE-2009-2751 IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data ...
CVE-2009-2752 IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for l...
CVE-2009-2753 Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage ...
S
CVE-2009-2754 Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage M...
S
CVE-2009-2761 Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Pr...
CVE-2009-2762 wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for th...
E S
CVE-2009-2764 Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers t...
E
CVE-2009-2765 httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allo...
E S
CVE-2009-2766 httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authenticati...
E
CVE-2009-2767 The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows...
S
CVE-2009-2768 The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel ...
S
CVE-2009-2769 PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when re...
E
CVE-2009-2770 PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via ...
E
CVE-2009-2771 Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject...
E
CVE-2009-2772 Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote atta...
E
CVE-2009-2773 PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attacker...
E
CVE-2009-2774 SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to e...
E
CVE-2009-2775 SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote ...
E
CVE-2009-2776 SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute...
E
CVE-2009-2777 SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to exe...
E
CVE-2009-2778 Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote att...
E
CVE-2009-2779 SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitra...
E
CVE-2009-2780 Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to ...
E
CVE-2009-2781 SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allo...
E
CVE-2009-2782 SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attacke...
E
CVE-2009-2783 Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject ...
E S
CVE-2009-2784 Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow...
E
CVE-2009-2785 Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote atta...
E
CVE-2009-2786 SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earl...
E
CVE-2009-2787 Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2...
E
CVE-2009-2788 Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitra...
E
CVE-2009-2789 SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attac...
E
CVE-2009-2790 SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to ...
E
CVE-2009-2791 PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allow...
E
CVE-2009-2792 Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allo...
E
CVE-2009-2793 The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-co...
CVE-2009-2794 The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod to...
S
CVE-2009-2795 Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone ...
S
CVE-2009-2796 The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically pr...
S
CVE-2009-2797 The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod to...
S
CVE-2009-2798 Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitr...
S
CVE-2009-2799 Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitr...
S
CVE-2009-2800 Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute ar...
S
CVE-2009-2801 The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, w...
S
CVE-2009-2802 MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachme...
CVE-2009-2803 CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause ...
S
CVE-2009-2804 Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windo...
CVE-2009-2805 Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to exe...
S
CVE-2009-2807 Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to...
S
CVE-2009-2808 Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help ...
S
CVE-2009-2809 ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or ca...
S
CVE-2009-2810 Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upo...
S
CVE-2009-2811 Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted ...
S
CVE-2009-2812 Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifi...
S
CVE-2009-2813 Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in t...
CVE-2009-2814 Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote a...
S
CVE-2009-2815 The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notificat...
S
CVE-2009-2816 The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before...
S
CVE-2009-2817 Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or ca...
S
CVE-2009-2818 Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH ...
S
CVE-2009-2819 AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a d...
S
CVE-2009-2820 The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms,...
S
CVE-2009-2822 AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address...
S
CVE-2009-2823 The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows r...
S
CVE-2009-2824 Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attacke...
S
CVE-2009-2825 Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a...
S
CVE-2009-2826 Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execut...
S
CVE-2009-2827 Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attac...
S
CVE-2009-2828 The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary...
S
CVE-2009-2829 Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to ...
S
CVE-2009-2830 Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2...
S
CVE-2009-2831 Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any conte...
S
CVE-2009-2832 Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arb...
S
CVE-2009-2833 Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac...
S
CVE-2009-2834 IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) ...
S
CVE-2009-2835 The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allow...
S
CVE-2009-2836 Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has...
S
CVE-2009-2837 Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attack...
S
CVE-2009-2838 Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary ...
S
CVE-2009-2839 Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause...
S
CVE-2009-2840 Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local user...
S
CVE-2009-2841 The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before...
S
CVE-2009-2842 Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu ...
S
CVE-2009-2843 Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for app...
S
CVE-2009-2844 cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 ...
S
CVE-2009-2845 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2768. Reason: This candida...
R
CVE-2009-2846 The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in t...
S
CVE-2009-2847 The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6...
E S
CVE-2009-2848 The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear th...
E
CVE-2009-2849 The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause...
E
CVE-2009-2850 Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to exec...
E S
CVE-2009-2851 Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 al...
S
CVE-2009-2852 WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attac...
E
CVE-2009-2853 Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-...
E S
CVE-2009-2854 Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attacker...
S
CVE-2009-2855 The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a...
CVE-2009-2856 Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly h...
S
CVE-2009-2857 The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle int...
S
CVE-2009-2858 Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers ...
S
CVE-2009-2859 IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command....
S
CVE-2009-2860 Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a de...
S
CVE-2009-2861 The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 an...
S
CVE-2009-2862 The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12...
CVE-2009-2863 Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows re...
CVE-2009-2864 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before...
S
CVE-2009-2865 Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communi...
S
CVE-2009-2866 Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial o...
S
CVE-2009-2867 Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA...
CVE-2009-2868 Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is e...
CVE-2009-2869 Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, an...
CVE-2009-2870 Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feat...
CVE-2009-2871 Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE enc...
CVE-2009-2872 Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enab...
CVE-2009-2873 Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enab...
S
CVE-2009-2874 The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows...
S
CVE-2009-2875 Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x b...
S
CVE-2009-2876 Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26...
S
CVE-2009-2877 Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Wi...
S
CVE-2009-2878 Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26...
S
CVE-2009-2879 Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26...
S
CVE-2009-2880 Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x b...
S
CVE-2009-2881 Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary...
E
CVE-2009-2882 Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inje...
E
CVE-2009-2883 SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled...
E
CVE-2009-2884 Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings al...
E
CVE-2009-2885 SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote a...
E
CVE-2009-2886 SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to...
E
CVE-2009-2887 Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote...
E
CVE-2009-2888 SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execu...
E
CVE-2009-2889 Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attac...
E
CVE-2009-2890 Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote att...
E
CVE-2009-2891 SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execut...
E
CVE-2009-2892 Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allo...
E S
CVE-2009-2893 Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97...
E
CVE-2009-2894 Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrar...
E
CVE-2009-2895 SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attacker...
E
CVE-2009-2896 Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of serv...
E
CVE-2009-2897 Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic...
E S
CVE-2009-2898 Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSo...
E S
CVE-2009-2899 The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows ...
CVE-2009-2900 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2009-2901 The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when auto...
S
CVE-2009-2902 Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 all...
CVE-2009-2903 Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through ...
CVE-2009-2904 A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in Ope...
CVE-2009-2905 Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cau...
S
CVE-2009-2906 smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows re...
S
CVE-2009-2907 Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, ...
E
CVE-2009-2908 The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local use...
S
CVE-2009-2909 Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem...
S
CVE-2009-2910 arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear ...
S
CVE-2009-2911 SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes...
E S
CVE-2009-2912 The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv...
S
CVE-2009-2913 Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows r...
CVE-2009-2914 Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earl...
CVE-2009-2915 SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attacker...
E
CVE-2009-2916 Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and e...
CVE-2009-2917 Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial o...
E
CVE-2009-2918 The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial ...
E
CVE-2009-2919 Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated us...
E
CVE-2009-2920 Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject ...
E
CVE-2009-2921 Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attacke...
E
CVE-2009-2922 Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 al...
E
CVE-2009-2923 Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to ...
E
CVE-2009-2924 Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to exec...
E
CVE-2009-2925 Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read ar...
E
CVE-2009-2926 Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote ...
E
CVE-2009-2927 SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers ...
E
CVE-2009-2928 Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote at...
E
CVE-2009-2929 Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execu...
E
CVE-2009-2930 Cross-site scripting (XSS) vulnerability in the Search feature in elka CMS (aka Elkapax) allows remo...
CVE-2009-2931 Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote ...
CVE-2009-2932 Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver A...
E
CVE-2009-2933 SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execut...
CVE-2009-2934 Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D ...
E
CVE-2009-2935 Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended re...
CVE-2009-2936 The Command Line Interface (aka Server CLI or administration interface) in the master process in the...
CVE-2009-2937 Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to i...
E S
CVE-2009-2939 The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the post...
E
CVE-2009-2940 The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn functi...
CVE-2009-2942 The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string functi...
CVE-2009-2943 The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support ...
S
CVE-2009-2944 Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2...
S
CVE-2009-2945 weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and...
CVE-2009-2946 Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attacke...
CVE-2009-2947 Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to in...
CVE-2009-2948 mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, whe...
S
CVE-2009-2949 Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice...
S
CVE-2009-2950 Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif...
S
CVE-2009-2951 Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it ea...
CVE-2009-2952 Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_5...
S
CVE-2009-2953 Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of servic...
CVE-2009-2954 Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of s...
CVE-2009-2955 Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consu...
CVE-2009-2956 The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive inf...
CVE-2009-2957 Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --ena...
S
CVE-2009-2958 The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remot...
CVE-2009-2959 Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) ...
S
CVE-2009-2960 CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows r...
E
CVE-2009-2961 Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a den...
E
CVE-2009-2962 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2692. Reason: This candidat...
R
CVE-2009-2963 Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers...
CVE-2009-2964 Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and N...
S
CVE-2009-2965 Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly ot...
CVE-2009-2966 avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to...
E
CVE-2009-2967 Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote ...
S
CVE-2009-2968 Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 p...
CVE-2009-2970 Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll bef...
CVE-2009-2972 in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of serv...
S
CVE-2009-2973 Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate...
CVE-2009-2974 Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of s...
E
CVE-2009-2975 Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configure...
E
CVE-2009-2976 Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data fram...
CVE-2009-2977 The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores clear...
CVE-2009-2978 SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earli...
S
CVE-2009-2979 Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not pro...
S
CVE-2009-2980 Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 ...
S
CVE-2009-2981 Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly vali...
S
CVE-2009-2982 An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibl...
S
CVE-2009-2983 Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow atta...
S
CVE-2009-2984 Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x before 9.2, and possibly 7.x thr...
S
CVE-2009-2985 Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to c...
S
CVE-2009-2986 Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7,...
S
CVE-2009-2987 Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x be...
S
CVE-2009-2988 Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly vali...
S
CVE-2009-2989 Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 m...
S
CVE-2009-2990 Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x thr...
S
CVE-2009-2991 Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and p...
S
CVE-2009-2992 An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and pos...
S
CVE-2009-2993 The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9...
S
CVE-2009-2994 Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 m...
S
CVE-2009-2995 Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows atta...
S
CVE-2009-2996 Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to c...
S
CVE-2009-2997 Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b...
S
CVE-2009-2998 Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly vali...
S
CVE-2009-2999 The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of serv...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.