| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2009-3000 | The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Netwo... | S | |
| CVE-2009-3001 | The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not ... | E | |
| CVE-2009-3002 | The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functi... | E | |
| CVE-2009-3003 | Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window... | | |
| CVE-2009-3004 | Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.ope... | | |
| CVE-2009-3005 | Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a r... | | |
| CVE-2009-3006 | Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open w... | | |
| CVE-2009-3007 | Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to sp... | | |
| CVE-2009-3008 | K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a r... | E | |
| CVE-2009-3009 | Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, ... | S | |
| CVE-2009-3010 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1... | E | |
| CVE-2009-3011 | Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly b... | E | |
| CVE-2009-3012 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: UR... | E | |
| CVE-2009-3013 | Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location ... | E | |
| CVE-2009-3014 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1... | E | |
| CVE-2009-3015 | QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Locat... | E | |
| CVE-2009-3016 | Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP res... | E | |
| CVE-2009-3017 | Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP ... | E | |
| CVE-2009-3018 | Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in... | E | |
| CVE-2009-3019 | Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows re... | E | |
| CVE-2009-3020 | win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service... | E | |
| CVE-2009-3021 | Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as u... | | |
| CVE-2009-3022 | Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers... | | |
| CVE-2009-3023 | Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 ... | E S | |
| CVE-2009-3024 | The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socke... | | |
| CVE-2009-3025 | Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (cras... | S | |
| CVE-2009-3026 | protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow t... | S | |
| CVE-2009-3027 | VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.... | S | |
| CVE-2009-3028 | The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris... | E S | |
| CVE-2009-3029 | Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Co... | S | |
| CVE-2009-3030 | Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server... | S | |
| CVE-2009-3031 | Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtiliti... | E S | |
| CVE-2009-3032 | Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used... | E | |
| CVE-2009-3033 | Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in ... | E S | |
| CVE-2009-3034 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3035 | The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded ke... | | |
| CVE-2009-3036 | Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.... | | |
| CVE-2009-3037 | Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used... | S | |
| CVE-2009-3038 | A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes c... | E | |
| CVE-2009-3040 | Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Uni... | E | |
| CVE-2009-3041 | SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exe... | E S | |
| CVE-2009-3042 | SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 a... | E | |
| CVE-2009-3043 | The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.3... | E S | |
| CVE-2009-3044 | Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character i... | | |
| CVE-2009-3045 | Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easi... | | |
| CVE-2009-3046 | Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it... | | |
| CVE-2009-3047 | Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name f... | | |
| CVE-2009-3048 | Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" ... | | |
| CVE-2009-3049 | Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) ... | | |
| CVE-2009-3050 | Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows conte... | E | |
| CVE-2009-3051 | Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conf... | S | |
| CVE-2009-3052 | SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon be... | E | |
| CVE-2009-3053 | Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remot... | E | |
| CVE-2009-3054 | SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla!... | E | |
| CVE-2009-3055 | PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 all... | E | |
| CVE-2009-3056 | PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0... | E | |
| CVE-2009-3057 | Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to... | E | |
| CVE-2009-3058 | Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via ... | E | |
| CVE-2009-3059 | Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote atta... | E | |
| CVE-2009-3060 | Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allo... | E | |
| CVE-2009-3061 | SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to exec... | E | |
| CVE-2009-3062 | SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to... | E | |
| CVE-2009-3063 | SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows rem... | E | |
| CVE-2009-3064 | Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers... | E | |
| CVE-2009-3065 | PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote a... | E | |
| CVE-2009-3066 | Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 al... | E | |
| CVE-2009-3067 | Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers... | E | |
| CVE-2009-3068 | Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe Robo... | | |
| CVE-2009-3069 | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote ... | | |
| CVE-2009-3070 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow re... | | |
| CVE-2009-3071 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5... | | |
| CVE-2009-3072 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.... | | |
| CVE-2009-3073 | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remo... | | |
| CVE-2009-3074 | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote at... | | |
| CVE-2009-3075 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3... | | |
| CVE-2009-3076 | Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pk... | | |
| CVE-2009-3077 | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the col... | | |
| CVE-2009-3078 | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows rem... | | |
| CVE-2009-3079 | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote at... | | |
| CVE-2009-3080 | Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before ... | | |
| CVE-2009-3081 | SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute ar... | E | |
| CVE-2009-3082 | SQL injection vulnerability in wcategory.php in Snow Hall Silurus System 1.0 allows remote attackers... | | |
| CVE-2009-3083 | The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurp... | S | |
| CVE-2009-3084 | The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in ... | S | |
| CVE-2009-3085 | The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ st... | S | |
| CVE-2009-3086 | A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information ... | S | |
| CVE-2009-3087 | Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 200... | | |
| CVE-2009-3088 | Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows rem... | | |
| CVE-2009-3089 | IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL poi... | | |
| CVE-2009-3090 | Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers ... | | |
| CVE-2009-3091 | Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demo... | | |
| CVE-2009-3092 | Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as... | | |
| CVE-2009-3093 | Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack v... | | |
| CVE-2009-3094 | The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Ap... | | |
| CVE-2009-3095 | The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access... | | |
| CVE-2009-3096 | Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an... | | |
| CVE-2009-3097 | Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obt... | | |
| CVE-2009-3098 | Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 al... | | |
| CVE-2009-3099 | Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows re... | | |
| CVE-2009-3100 | xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, ... | S | |
| CVE-2009-3101 | xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, do... | E | |
| CVE-2009-3102 | The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2... | | |
| CVE-2009-3103 | Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, ... | E | |
| CVE-2009-3104 | Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2... | | |
| CVE-2009-3105 | Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 2... | | |
| CVE-2009-3106 | The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.... | S | |
| CVE-2009-3107 | Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict acces... | | |
| CVE-2009-3108 | The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a cl... | | |
| CVE-2009-3109 | Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before ... | S | |
| CVE-2009-3110 | Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x befo... | | |
| CVE-2009-3111 | The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of serv... | S | |
| CVE-2009-3112 | Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0... | S | |
| CVE-2009-3113 | Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2... | | |
| CVE-2009-3114 | The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML docu... | | |
| CVE-2009-3115 | SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (s... | E | |
| CVE-2009-3116 | SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute ar... | E | |
| CVE-2009-3117 | SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers ... | E | |
| CVE-2009-3118 | SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earli... | E | |
| CVE-2009-3119 | SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion a... | E | |
| CVE-2009-3120 | Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote att... | S | |
| CVE-2009-3121 | Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attac... | S | |
| CVE-2009-3122 | The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers ... | | |
| CVE-2009-3123 | Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote atta... | E | |
| CVE-2009-3124 | Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read ar... | | |
| CVE-2009-3125 | SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, a... | S | |
| CVE-2009-3126 | Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3... | | |
| CVE-2009-3127 | Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Con... | | |
| CVE-2009-3128 | Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly pa... | | |
| CVE-2009-3129 | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open ... | KEV E S | |
| CVE-2009-3130 | Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Ope... | | |
| CVE-2009-3131 | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open ... | | |
| CVE-2009-3132 | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open ... | | |
| CVE-2009-3133 | Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter fo... | | |
| CVE-2009-3134 | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open ... | | |
| CVE-2009-3135 | Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for... | | |
| CVE-2009-3136 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3137 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3138 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3139 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3140 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3141 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3142 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3143 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3144 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3145 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3146 | Cross-site scripting (XSS) vulnerability in search_advance.php in ArticleFriend Script allows remote... | | |
| CVE-2009-3147 | Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote atta... | E | |
| CVE-2009-3148 | Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to exe... | E | |
| CVE-2009-3149 | Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, all... | E | |
| CVE-2009-3150 | SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arb... | E | |
| CVE-2009-3151 | Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remo... | E | |
| CVE-2009-3152 | Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS... | E | |
| CVE-2009-3153 | Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote atta... | E | |
| CVE-2009-3154 | SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows... | E | |
| CVE-2009-3155 | Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) compone... | E | |
| CVE-2009-3156 | Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before ... | S | |
| CVE-2009-3157 | Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows... | S | |
| CVE-2009-3158 | admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers t... | E | |
| CVE-2009-3159 | Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.... | S | |
| CVE-2009-3160 | IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asy... | S | |
| CVE-2009-3161 | The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of s... | S | |
| CVE-2009-3162 | Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbi... | E | |
| CVE-2009-3163 | Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferenc... | | |
| CVE-2009-3164 | Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 thr... | S | |
| CVE-2009-3165 | SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, ... | S | |
| CVE-2009-3166 | token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login se... | S | |
| CVE-2009-3167 | Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc ... | E | |
| CVE-2009-3168 | Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.p... | E | |
| CVE-2009-3169 | Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow ... | | |
| CVE-2009-3170 | Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote atta... | E | |
| CVE-2009-3171 | Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow ... | E | |
| CVE-2009-3172 | Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Serv... | | |
| CVE-2009-3173 | Unrestricted file upload vulnerability in admin/add_album.php in The Rat CMS Alpha 2 allows remote a... | E | |
| CVE-2009-3174 | PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows ... | E | |
| CVE-2009-3175 | Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content... | E | |
| CVE-2009-3176 | Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 allows remote attackers to cause... | | |
| CVE-2009-3177 | Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as ... | | |
| CVE-2009-3178 | Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attack... | | |
| CVE-2009-3179 | Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote ... | | |
| CVE-2009-3180 | Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a... | E | |
| CVE-2009-3181 | Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite... | E | |
| CVE-2009-3182 | Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazell... | E | |
| CVE-2009-3183 | Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows ... | S | |
| CVE-2009-3184 | Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game S... | E | |
| CVE-2009-3185 | SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote aut... | E | |
| CVE-2009-3186 | Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inje... | E | |
| CVE-2009-3187 | Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote att... | E | |
| CVE-2009-3188 | PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 allows remote attackers to exec... | E | |
| CVE-2009-3189 | Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attac... | E | |
| CVE-2009-3190 | Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arb... | E | |
| CVE-2009-3191 | Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers t... | E | |
| CVE-2009-3192 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow ... | | |
| CVE-2009-3193 | SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remot... | E | |
| CVE-2009-3194 | Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote at... | E | |
| CVE-2009-3195 | Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow... | E | |
| CVE-2009-3196 | Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote att... | E | |
| CVE-2009-3197 | Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remot... | E | |
| CVE-2009-3198 | Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser ... | E | |
| CVE-2009-3199 | Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access ... | E | |
| CVE-2009-3200 | The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an un... | E | |
| CVE-2009-3201 | Integer overflow in Media Player Classic 6.4.9 allows user-assisted remote attackers to cause a deni... | E | |
| CVE-2009-3202 | Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attacker... | E | |
| CVE-2009-3203 | SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execu... | E | |
| CVE-2009-3204 | Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inj... | E | |
| CVE-2009-3205 | SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary ... | E | |
| CVE-2009-3206 | Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and ... | S | |
| CVE-2009-3207 | The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when th... | E S | |
| CVE-2009-3208 | Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary ... | E | |
| CVE-2009-3209 | SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to exec... | E | |
| CVE-2009-3210 | Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versio... | S | |
| CVE-2009-3211 | Directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is di... | E | |
| CVE-2009-3212 | SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled... | E | |
| CVE-2009-3213 | Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of servic... | E | |
| CVE-2009-3214 | Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to ex... | E | |
| CVE-2009-3215 | SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for ... | E S | |
| CVE-2009-3216 | Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, all... | E | |
| CVE-2009-3217 | SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute a... | E | |
| CVE-2009-3218 | SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_qu... | E | |
| CVE-2009-3219 | Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_g... | E | |
| CVE-2009-3220 | PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.0... | E | |
| CVE-2009-3221 | Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary c... | E | |
| CVE-2009-3222 | Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x a... | E | |
| CVE-2009-3223 | SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated us... | E | |
| CVE-2009-3224 | SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core... | E | |
| CVE-2009-3225 | Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, an... | E | |
| CVE-2009-3226 | SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond ... | E | |
| CVE-2009-3227 | Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterpris... | E | |
| CVE-2009-3228 | The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x bef... | S | |
| CVE-2009-3229 | The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 al... | | |
| CVE-2009-3230 | The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 b... | | |
| CVE-2009-3231 | The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP auth... | S | |
| CVE-2009-3232 | pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly han... | S | |
| CVE-2009-3233 | changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metach... | E S | |
| CVE-2009-3234 | Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-r... | E | |
| CVE-2009-3235 | Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before... | S | |
| CVE-2009-3236 | The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1... | S | |
| CVE-2009-3237 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 ... | S | |
| CVE-2009-3238 | The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insu... | E S | |
| CVE-2009-3239 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reaso... | R | |
| CVE-2009-3240 | Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows... | | |
| CVE-2009-3241 | Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.... | E S | |
| CVE-2009-3242 | Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows ... | E | |
| CVE-2009-3243 | Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows... | E | |
| CVE-2009-3244 | Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and... | E | |
| CVE-2009-3245 | OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) c... | S | |
| CVE-2009-3246 | SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute ... | E | |
| CVE-2009-3247 | Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote ... | E | |
| CVE-2009-3248 | Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote ... | E | |
| CVE-2009-3249 | Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include a... | E | |
| CVE-2009-3250 | The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows re... | E | |
| CVE-2009-3251 | include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypa... | S | |
| CVE-2009-3252 | Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to e... | E | |
| CVE-2009-3253 | Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a ... | E | |
| CVE-2009-3254 | Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute... | E | |
| CVE-2009-3255 | SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quo... | E | |
| CVE-2009-3256 | Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remot... | E | |
| CVE-2009-3257 | vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Accou... | E | |
| CVE-2009-3258 | vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (... | | |
| CVE-2009-3259 | Multiple SQL injection vulnerabilities in RASH Quote Management System (RQMS) 1.2.2 allow remote att... | | |
| CVE-2009-3260 | Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitra... | E | |
| CVE-2009-3261 | update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, whi... | E | |
| CVE-2009-3262 | Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manage... | S | |
| CVE-2009-3263 | Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remot... | E | |
| CVE-2009-3264 | The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," wh... | | |
| CVE-2009-3265 | Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitra... | | |
| CVE-2009-3266 | Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remot... | E S | |
| CVE-2009-3267 | Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to ... | | |
| CVE-2009-3268 | Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consu... | | |
| CVE-2009-3269 | Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a ... | | |
| CVE-2009-3270 | Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of se... | | |
| CVE-2009-3271 | Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application cr... | E | |
| CVE-2009-3272 | Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other ve... | E | |
| CVE-2009-3273 | iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, ... | | |
| CVE-2009-3274 | Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x ... | | |
| CVE-2009-3275 | Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & pract... | E | |
| CVE-2009-3276 | Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik (aka ... | E | |
| CVE-2009-3277 | DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers... | E | |
| CVE-2009-3278 | The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand... | E | |
| CVE-2009-3279 | The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUK... | E | |
| CVE-2009-3280 | Integer signedness error in the find_ie function in net/wireless/scan.c in the cfg80211 subsystem in... | S | |
| CVE-2009-3281 | The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file perm... | | |
| CVE-2009-3282 | Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows hos... | | |
| CVE-2009-3283 | Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, P... | | |
| CVE-2009-3284 | Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS ... | | |
| CVE-2009-3286 | NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode w... | | |
| CVE-2009-3287 | lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to deter... | S | |
| CVE-2009-3288 | The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 us... | E | |
| CVE-2009-3289 | The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a s... | E | |
| CVE-2009-3290 | The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and ... | S | |
| CVE-2009-3291 | The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform ce... | S | |
| CVE-2009-3292 | Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attac... | | |
| CVE-2009-3293 | Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown imp... | S | |
| CVE-2009-3294 | The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when runnin... | E S | |
| CVE-2009-3295 | The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in th... | S | |
| CVE-2009-3296 | Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute a... | S | |
| CVE-2009-3297 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-20... | R | |
| CVE-2009-3298 | Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators... | S | |
| CVE-2009-3299 | Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x ... | S | |
| CVE-2009-3300 | Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.... | | |
| CVE-2009-3301 | Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attacke... | | |
| CVE-2009-3302 | filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial ... | | |
| CVE-2009-3303 | Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.... | S | |
| CVE-2009-3304 | GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink atta... | S | |
| CVE-2009-3305 | Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (cra... | | |
| CVE-2009-3306 | PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attack... | E | |
| CVE-2009-3307 | Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute ... | E | |
| CVE-2009-3308 | SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute ar... | E | |
| CVE-2009-3309 | SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute ... | E | |
| CVE-2009-3310 | SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary S... | E | |
| CVE-2009-3311 | Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to i... | E | |
| CVE-2009-3312 | PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when ... | E | |
| CVE-2009-3313 | Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary S... | E | |
| CVE-2009-3314 | SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to ex... | E | |
| CVE-2009-3315 | SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 a... | E | |
| CVE-2009-3316 | SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla!... | E | |
| CVE-2009-3317 | PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows r... | E | |
| CVE-2009-3318 | Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Jooml... | E | |
| CVE-2009-3319 | SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to exe... | E | |
| CVE-2009-3320 | Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows re... | E | |
| CVE-2009-3321 | SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote att... | E | |
| CVE-2009-3322 | The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device r... | E | |
| CVE-2009-3323 | Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.5... | E | |
| CVE-2009-3324 | PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allo... | E | |
| CVE-2009-3325 | SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) compone... | E | |
| CVE-2009-3326 | SQL injection vulnerability in index.php in CMScontrol Content Management System 7.x allows remote a... | E | |
| CVE-2009-3327 | Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arb... | E | |
| CVE-2009-3328 | Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers... | E | |
| CVE-2009-3329 | Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arb... | E | |
| CVE-2009-3330 | SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, all... | E | |
| CVE-2009-3331 | Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allow remote attackers to execute ... | E | |
| CVE-2009-3332 | SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 f... | E | |
| CVE-2009-3333 | PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component ... | E | |
| CVE-2009-3334 | SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component ... | E | |
| CVE-2009-3335 | SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to ... | E | |
| CVE-2009-3336 | SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute... | E | |
| CVE-2009-3337 | SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serend... | | |
| CVE-2009-3338 | Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to exec... | E | |
| CVE-2009-3339 | Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attac... | | |
| CVE-2009-3340 | Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to cause a denial of service via... | | |
| CVE-2009-3341 | Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary ... | | |
| CVE-2009-3342 | SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_al... | E | |
| CVE-2009-3343 | SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbi... | E | |
| CVE-2009-3344 | Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause... | | |
| CVE-2009-3345 | Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors,... | | |
| CVE-2009-3346 | Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbi... | | |
| CVE-2009-3347 | Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary c... | | |
| CVE-2009-3348 | Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbi... | E | |
| CVE-2009-3349 | SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL co... | E | |
| CVE-2009-3350 | Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact ... | | |
| CVE-2009-3351 | Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and a... | | |
| CVE-2009-3352 | Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unk... | | |
| CVE-2009-3353 | Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and atta... | | |
| CVE-2009-3354 | Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attac... | | |
| CVE-2009-3355 | Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remo... | E | |
| CVE-2009-3356 | SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbi... | E | |
| CVE-2009-3357 | Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbsse... | E | |
| CVE-2009-3358 | SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows rem... | E | |
| CVE-2009-3359 | Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers t... | E | |
| CVE-2009-3360 | Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject... | E | |
| CVE-2009-3361 | SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitr... | E | |
| CVE-2009-3362 | PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to e... | E | |
| CVE-2009-3363 | Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.... | | |
| CVE-2009-3364 | Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrar... | E | |
| CVE-2009-3365 | PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in ... | E | |
| CVE-2009-3366 | Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers ... | E | |
| CVE-2009-3367 | Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers t... | | |
| CVE-2009-3368 | Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbs... | E | |
| CVE-2009-3369 | CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment,... | | |
| CVE-2009-3370 | Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history ... | | |
| CVE-2009-3371 | Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause ... | E S | |
| CVE-2009-3372 | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attack... | S | |
| CVE-2009-3373 | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before... | S | |
| CVE-2009-3374 | The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before... | S | |
| CVE-2009-3375 | content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before... | | |
| CVE-2009-3376 | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly ha... | S | |
| CVE-2009-3377 | Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox... | S | |
| CVE-2009-3378 | The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in l... | S | |
| CVE-2009-3379 | Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, al... | S | |
| CVE-2009-3380 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 an... | S | |
| CVE-2009-3381 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 all... | S | |
| CVE-2009-3382 | layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 d... | S | |
| CVE-2009-3383 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 ... | | |
| CVE-2009-3384 | Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote ... | S | |
| CVE-2009-3385 | The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of script... | S | |
| CVE-2009-3386 | Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discove... | S | |
| CVE-2009-3387 | Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved thr... | S | |
| CVE-2009-3388 | liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-depe... | S | |
| CVE-2009-3389 | Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3... | S | |
| CVE-2009-3390 | Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 1... | S | |
| CVE-2009-3392 | Unspecified vulnerability in the Agile Engineering Data Management (EDM) component in Oracle E-Busin... | | |
| CVE-2009-3393 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su... | | |
| CVE-2009-3394 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3395 | Unspecified vulnerability in the AutoVue component in Oracle E-Business Suite 19.3.2 allows remote a... | | |
| CVE-2009-3396 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2.3, 10.... | | |
| CVE-2009-3397 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su... | | |
| CVE-2009-3398 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3399 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0.6 and 8.1.5 allo... | | |
| CVE-2009-3400 | Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.... | | |
| CVE-2009-3401 | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business... | | |
| CVE-2009-3402 | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite ... | | |
| CVE-2009-3403 | Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, ... | | |
| CVE-2009-3404 | Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise Portal component in Oracle Peop... | | |
| CVE-2009-3405 | Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD E... | | |
| CVE-2009-3406 | Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD E... | | |
| CVE-2009-3407 | Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2... | S | |
| CVE-2009-3408 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su... | | |
| CVE-2009-3409 | Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) component in Oracle PeopleSoft Ente... | | |
| CVE-2009-3410 | Unspecified vulnerability in the RDBMS component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10... | | |
| CVE-2009-3411 | Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 1... | | |
| CVE-2009-3412 | Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5... | | |
| CVE-2009-3413 | Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.... | S | |
| CVE-2009-3414 | Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.... | S | |
| CVE-2009-3415 | Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0... | | |
| CVE-2009-3416 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su... | | |
| CVE-2009-3417 | SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows r... | E | |
| CVE-2009-3418 | Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to ex... | | |
| CVE-2009-3419 | SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attac... | E | |
| CVE-2009-3420 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Min... | E | |
| CVE-2009-3421 | login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attacke... | E | |
| CVE-2009-3422 | login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass... | E | |
| CVE-2009-3423 | login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass ... | E | |
| CVE-2009-3424 | Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, when register_globals is enab... | E | |
| CVE-2009-3425 | Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows ... | E | |
| CVE-2009-3426 | PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allo... | E | |
| CVE-2009-3427 | Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to i... | E | |
| CVE-2009-3428 | Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrar... | E | |
| CVE-2009-3429 | Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to exe... | E | |
| CVE-2009-3430 | SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute a... | E | |
| CVE-2009-3431 | Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x ver... | E | |
| CVE-2009-3432 | Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xo... | S | |
| CVE-2009-3433 | Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows ... | S | |
| CVE-2009-3434 | SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! a... | E | |
| CVE-2009-3435 | Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1... | S | |
| CVE-2009-3436 | Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execut... | E | |
| CVE-2009-3437 | Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module ... | | |
| CVE-2009-3438 | SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote... | E | |
| CVE-2009-3439 | Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before... | E | |
| CVE-2009-3440 | Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) befo... | E | |
| CVE-2009-3441 | Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass a... | E | |
| CVE-2009-3442 | The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions ... | S | |
| CVE-2009-3443 | SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! a... | E | |
| CVE-2009-3444 | Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attac... | E | |
| CVE-2009-3445 | Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers t... | | |
| CVE-2009-3446 | SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla... | E | |
| CVE-2009-3447 | Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers... | | |
| CVE-2009-3448 | npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of ser... | E | |
| CVE-2009-3449 | MP3 Collector 2.3 allows remote attackers to cause a denial of service (application crash) via a lon... | E | |
| CVE-2009-3450 | Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before... | S | |
| CVE-2009-3451 | Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows... | | |
| CVE-2009-3452 | WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive... | | |
| CVE-2009-3453 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere... | | |
| CVE-2009-3454 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2510. Reason: This candida... | R | |
| CVE-2009-3455 | Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a doma... | S | |
| CVE-2009-3456 | Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domai... | | |
| CVE-2009-3457 | Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers... | E S | |
| CVE-2009-3458 | Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly vali... | S | |
| CVE-2009-3459 | Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b... | S | |
| CVE-2009-3460 | Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to c... | S | |
| CVE-2009-3461 | Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-e... | S | |
| CVE-2009-3462 | Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug ... | S | |
| CVE-2009-3463 | Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arb... | S | |
| CVE-2009-3464 | Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via craft... | S | |
| CVE-2009-3465 | Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via craft... | S | |
| CVE-2009-3466 | Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a cra... | S | |
| CVE-2009-3467 | Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, an... | S | |
| CVE-2009-3468 | Multiple unspecified vulnerabilities in Common Desktop Environment (CDE) in Sun Solaris 10, when Tru... | S | |
| CVE-2009-3469 | Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2... | S | |
| CVE-2009-3470 | IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before ... | | |
| CVE-2009-3471 | IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expec... | | |
| CVE-2009-3472 | IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypas... | | |
| CVE-2009-3473 | IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATI... | | |
| CVE-2009-3474 | OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service P... | S | |
| CVE-2009-3475 | Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using P... | | |
| CVE-2009-3476 | Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1... | | |
| CVE-2009-3477 | The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.... | | |
| CVE-2009-3478 | Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/con... | E S | |
| CVE-2009-3479 | Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before... | S | |
| CVE-2009-3480 | SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows ... | | |
| CVE-2009-3481 | A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not requir... | | |
| CVE-2009-3482 | TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyo... | | |
| CVE-2009-3483 | Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home,... | E | |
| CVE-2009-3484 | Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to exec... | E | |
| CVE-2009-3485 | Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.... | E | |
| CVE-2009-3486 | Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14... | E | |
| CVE-2009-3487 | Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14... | E | |
| CVE-2009-3488 | Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal ... | | |
| CVE-2009-3489 | Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure secu... | E | |
| CVE-2009-3490 | GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name f... | | |
| CVE-2009-3491 | SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0... | E | |
| CVE-2009-3492 | Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote ... | E | |
| CVE-2009-3493 | Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote a... | E | |
| CVE-2009-3494 | Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is d... | E | |
| CVE-2009-3495 | SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to exe... | E | |
| CVE-2009-3496 | Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote att... | E | |
| CVE-2009-3497 | SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Scr... | E | |
| CVE-2009-3498 | SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to e... | E | |
| CVE-2009-3499 | SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote ... | E | |
| CVE-2009-3500 | Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute ... | E | |
| CVE-2009-3501 | SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to... | E | |
| CVE-2009-3502 | SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execu... | E | |
| CVE-2009-3503 | Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow rem... | E | |
| CVE-2009-3504 | SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execut... | E | |
| CVE-2009-3505 | SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to... | E | |
| CVE-2009-3506 | Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject ... | E | |
| CVE-2009-3507 | Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include a... | E | |
| CVE-2009-3508 | Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include ... | E | |
| CVE-2009-3509 | Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows ... | E | |
| CVE-2009-3510 | SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to... | E | |
| CVE-2009-3511 | Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execu... | E | |
| CVE-2009-3512 | Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject... | E | |
| CVE-2009-3513 | Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attac... | E | |
| CVE-2009-3514 | Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL ... | E | |
| CVE-2009-3515 | Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated a... | E | |
| CVE-2009-3516 | gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerbe... | S | |
| CVE-2009-3517 | nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon... | S | |
| CVE-2009-3518 | Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.... | E | |
| CVE-2009-3519 | Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris be... | S | |
| CVE-2009-3520 | Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows rem... | E | |
| CVE-2009-3521 | Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli C... | S | |
| CVE-2009-3522 | Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and... | E | |
| CVE-2009-3523 | aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate ... | E | |
| CVE-2009-3524 | Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.135... | | |
| CVE-2009-3525 | The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in gr... | E S | |
| CVE-2009-3527 | Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a... | E S | |
| CVE-2009-3528 | SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execu... | E | |
| CVE-2009-3529 | SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to exe... | E | |
| CVE-2009-3530 | Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remot... | E | |
| CVE-2009-3531 | SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute ar... | E | |
| CVE-2009-3532 | Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3... | E | |
| CVE-2009-3533 | SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows ... | | |
| CVE-2009-3534 | Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled,... | E | |
| CVE-2009-3535 | Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read ... | E | |
| CVE-2009-3536 | Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 allow remote atta... | E | |
| CVE-2009-3537 | Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 allow remote attackers to cau... | E | |
| CVE-2009-3538 | Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read ... | E | |
| CVE-2009-3539 | Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow rem... | E | |
| CVE-2009-3540 | Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allow... | | |
| CVE-2009-3541 | PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers ... | E | |
| CVE-2009-3542 | Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remo... | E | |
| CVE-2009-3543 | SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote ... | E | |
| CVE-2009-3544 | Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP... | E | |
| CVE-2009-3545 | DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of ... | E S | |
| CVE-2009-3546 | The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Libra... | S | |
| CVE-2009-3547 | Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cau... | E S | |
| CVE-2009-3548 | The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly ear... | S | |
| CVE-2009-3549 | packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain oth... | S | |
| CVE-2009-3550 | The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote att... | S | |
| CVE-2009-3551 | Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wi... | S | |
| CVE-2009-3552 | In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-si... | | |
| CVE-2009-3553 | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect... | S | |
| CVE-2009-3554 | Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.C... | S | |
| CVE-2009-3555 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Infor... | E S | |
| CVE-2009-3556 | A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat En... | | |
| CVE-2009-3557 | The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows conte... | E S | |
| CVE-2009-3558 | The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows co... | E S | |
| CVE-2009-3559 | main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir ... | S | |
| CVE-2009-3560 | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module ... | E S | |
| CVE-2009-3561 | Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitra... | E | |
| CVE-2009-3562 | Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to injec... | E | |
| CVE-2009-3563 | ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of... | S | |
| CVE-2009-3564 | puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different u... | E S | |
| CVE-2009-3565 | Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee Intr... | E | |
| CVE-2009-3566 | McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly fl... | E | |
| CVE-2009-3567 | Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako Suppor... | S | |
| CVE-2009-3568 | Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforc... | S | |
| CVE-2009-3569 | Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary cod... | | |
| CVE-2009-3570 | Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, ... | | |
| CVE-2009-3571 | Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, ... | | |
| CVE-2009-3572 | OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, ... | S | |
| CVE-2009-3573 | Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ActiveX control (PDIControl.dll) 2.... | E | |
| CVE-2009-3574 | Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbi... | E | |
| CVE-2009-3575 | Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows ... | | |
| CVE-2009-3576 | Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript ... | E | |
| CVE-2009-3577 | Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute... | E | |
| CVE-2009-3578 | Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attac... | | |
| CVE-2009-3579 | Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty... | E | |
| CVE-2009-3580 | Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attacker... | | |
| CVE-2009-3581 | Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated ... | | |
| CVE-2009-3582 | Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote au... | | |
| CVE-2009-3583 | Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote at... | | |
| CVE-2009-3584 | SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which mak... | | |
| CVE-2009-3585 | Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.... | S | |
| CVE-2009-3586 | Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a de... | E S | |
| CVE-2009-3587 | Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the ... | S | |
| CVE-2009-3588 | Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the ... | S | |
| CVE-2009-3589 | incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontab... | S | |
| CVE-2009-3590 | SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbi... | E | |
| CVE-2009-3591 | Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQU... | E S | |
| CVE-2009-3592 | Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote atta... | E | |
| CVE-2009-3593 | Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 allow remote attackers to inj... | E | |
| CVE-2009-3594 | Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote a... | | |
| CVE-2009-3595 | SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbi... | E | |
| CVE-2009-3596 | JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remo... | E | |
| CVE-2009-3597 | Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access contr... | E | |
| CVE-2009-3598 | Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote ... | E | |
| CVE-2009-3599 | Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attack... | E | |
| CVE-2009-3600 | HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to ma... | E | |
| CVE-2009-3601 | Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote a... | E | |
| CVE-2009-3602 | Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote atta... | | |
| CVE-2009-3603 | Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler b... | E S | |
| CVE-2009-3604 | The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as ... | E S | |
| CVE-2009-3605 | Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of... | | |
| CVE-2009-3606 | Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, ... | E S | |
| CVE-2009-3607 | Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppl... | | |
| CVE-2009-3608 | Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 an... | E S | |
| CVE-2009-3609 | Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Po... | E S | |
| CVE-2009-3610 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3695. Reason: This candida... | R | |
| CVE-2009-3611 | common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 befo... | S | |
| CVE-2009-3612 | The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x... | S | |
| CVE-2009-3613 | The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.... | E | |
| CVE-2009-3614 | liboping 1.3.2 allows users reading arbitrary files upon the local system.... | | |
| CVE-2009-3615 | The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote a... | S | |
| CVE-2009-3616 | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might ... | E S | |
| CVE-2009-3617 | Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in ar... | S | |
| CVE-2009-3618 | Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.... | S | |
| CVE-2009-3619 | Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and rem... | S | |
| CVE-2009-3620 | The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify ... | S | |
| CVE-2009-3621 | net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of ... | E S | |
| CVE-2009-3622 | Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote att... | E S | |
| CVE-2009-3623 | The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel bef... | | |
| CVE-2009-3624 | The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux ... | | |
| CVE-2009-3625 | Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to incl... | S | |
| CVE-2009-3626 | Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via ... | S | |
| CVE-2009-3627 | The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers... | S | |
| CVE-2009-3628 | The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and ... | S | |
| CVE-2009-3629 | Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and ... | | |
| CVE-2009-3630 | The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and ... | S | |
| CVE-2009-3631 | The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and ... | S | |
| CVE-2009-3632 | SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subc... | S | |
| CVE-2009-3633 | Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13... | S | |
| CVE-2009-3634 | Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYP... | S | |
| CVE-2009-3635 | The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10,... | S | |
| CVE-2009-3636 | Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlie... | S | |
| CVE-2009-3637 | Stack-based buffer overflow in the M_AddToServerList function in client/menu.c in Red Planet Arena A... | E | |
| CVE-2009-3638 | Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM ... | E S | |
| CVE-2009-3639 | The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS... | S | |
| CVE-2009-3640 | The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel bef... | | |
| CVE-2009-3641 | Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of se... | E S | |
| CVE-2009-3642 | Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow rem... | E | |
| CVE-2009-3643 | Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a... | E | |
| CVE-2009-3644 | SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote a... | E | |
| CVE-2009-3645 | SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for... | E | |
| CVE-2009-3646 | InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web pa... | E | |
| CVE-2009-3647 | Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka ... | E | |
| CVE-2009-3648 | Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remot... | E S | |
| CVE-2009-3649 | Cross-site scripting (XSS) vulnerability in forums/index.php in Power Bulletin Board (PBBoard) 2.0.2... | | |
| CVE-2009-3650 | Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a m... | | |
| CVE-2009-3651 | Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.... | S | |
| CVE-2009-3652 | Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x befo... | S | |
| CVE-2009-3653 | Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a... | S | |
| CVE-2009-3654 | Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to ... | S | |
| CVE-2009-3655 | Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (... | | |
| CVE-2009-3656 | Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, ... | | |
| CVE-2009-3657 | Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote att... | S | |
| CVE-2009-3658 | Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL)... | E | |
| CVE-2009-3659 | SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute... | E | |
| CVE-2009-3660 | PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when ... | E S | |
| CVE-2009-3661 | Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow... | E | |
| CVE-2009-3662 | FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a la... | E | |
| CVE-2009-3663 | Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows ... | E S | |
| CVE-2009-3664 | Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attacker... | E | |
| CVE-2009-3665 | Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to e... | E | |
| CVE-2009-3666 | Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers t... | E | |
| CVE-2009-3667 | SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbi... | E | |
| CVE-2009-3668 | Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest 1.8 allows remote attackers to ... | E | |
| CVE-2009-3669 | SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for ... | E | |
| CVE-2009-3670 | Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allows remote attackers to execute ... | E | |
| CVE-2009-3671 | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attack... | | |
| CVE-2009-3672 | Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not pro... | E | |
| CVE-2009-3673 | Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote ... | | |
| CVE-2009-3674 | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attack... | | |
| CVE-2009-3675 | LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, X... | | |
| CVE-2009-3676 | The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB ser... | E S | |
| CVE-2009-3677 | The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003... | | |
| CVE-2009-3678 | Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R... | | |
| CVE-2009-3679 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3680 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3681 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3682 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3683 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3684 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3685 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3686 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3687 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3688 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3689 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3691 | Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and ... | E | |
| CVE-2009-3692 | Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0... | S | |
| CVE-2009-3693 | Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadR... | E | |
| CVE-2009-3694 | Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is ... | E | |
| CVE-2009-3695 | Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before ... | S | |
| CVE-2009-3696 | Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1... | S | |
| CVE-2009-3697 | SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.... | S | |
| CVE-2009-3698 | An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to caus... | | |
| CVE-2009-3699 | Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3... | E S | |
| CVE-2009-3700 | Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of se... | S | |
| CVE-2009-3701 | Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Applica... | E S | |
| CVE-2009-3702 | Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to inclu... | | |
| CVE-2009-3703 | Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote ... | E | |
| CVE-2009-3704 | ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause ... | E | |
| CVE-2009-3705 | PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attack... | E | |
| CVE-2009-3706 | Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv_100 through s... | S | |
| CVE-2009-3707 | VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware W... | E | |
| CVE-2009-3708 | Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Edito... | | |
| CVE-2009-3709 | Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Edito... | E | |
| CVE-2009-3710 | RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3... | E | |
| CVE-2009-3711 | Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4... | E | |
| CVE-2009-3712 | Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrar... | E | |
| CVE-2009-3713 | SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers t... | E | |
| CVE-2009-3714 | Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attacker... | E | |
| CVE-2009-3715 | Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is ... | E | |
| CVE-2009-3716 | Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated us... | E | |
| CVE-2009-3717 | Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of serv... | E | |
| CVE-2009-3718 | SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows re... | E | |
| CVE-2009-3719 | Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows ... | E | |
| CVE-2009-3720 | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXM... | E | |
| CVE-2009-3721 | Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Ev... | S | |
| CVE-2009-3722 | The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.... | | |
| CVE-2009-3723 | asterisk allows calls on prohibited networks... | | |
| CVE-2009-3724 | python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.... | E S | |
| CVE-2009-3725 | The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capabilit... | E S | |
| CVE-2009-3726 | The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.... | | |
| CVE-2009-3727 | Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.... | S | |
| CVE-2009-3728 | Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment ... | | |
| CVE-2009-3729 | Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Updat... | | |
| CVE-2009-3730 | Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client H... | E S | |
| CVE-2009-3731 | Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCent... | S | |
| CVE-2009-3732 | Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allo... | S | |
| CVE-2009-3733 | Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0... | S | |
| CVE-2009-3734 | Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control ... | | |
| CVE-2009-3735 | The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installe... | | |
| CVE-2009-3736 | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Librar... | S | |
| CVE-2009-3737 | The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is use... | | |
| CVE-2009-3739 | Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controll... | | |
| CVE-2009-3741 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3742 | Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to i... | | |
| CVE-2009-3743 | Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript befo... | | |
| CVE-2009-3744 | rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of ser... | E | |
| CVE-2009-3745 | Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Editio... | E S | |
| CVE-2009-3746 | XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proxima... | S | |
| CVE-2009-3747 | Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to in... | E | |
| CVE-2009-3748 | Multiple cross-site scripting (XSS) vulnerabilities in the Web Administrator in Websense Personal Em... | E S | |
| CVE-2009-3749 | The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 ... | E S | |
| CVE-2009-3750 | SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary S... | E | |
| CVE-2009-3751 | Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject ... | E | |
| CVE-2009-3752 | SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQ... | E | |
| CVE-2009-3753 | Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary cod... | E | |
| CVE-2009-3754 | Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQ... | E | |
| CVE-2009-3755 | Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject ... | E | |
| CVE-2009-3756 | phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) foot... | E | |
| CVE-2009-3757 | Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in ... | E | |
| CVE-2009-3758 | SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenC... | E | |
| CVE-2009-3759 | Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource ... | E | |
| CVE-2009-3760 | Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Re... | E | |
| CVE-2009-3762 | Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integri... | | |
| CVE-2009-3763 | Unspecified vulnerability in the Access Manager / OpenSSO component in Oracle OpenSSO Enterprise 7.1... | | |
| CVE-2009-3764 | Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO Enterprise 8.0 allows remote at... | | |
| CVE-2009-3765 | mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' characte... | | |
| CVE-2009-3766 | mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify th... | S | |
| CVE-2009-3767 | libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used... | S | |
| CVE-2009-3768 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2009-3769 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2009-3770 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2009-3771 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2009-3772 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2009-3773 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2009-3774 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2009-3775 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2009-3776 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2009-3777 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2009-3778 | SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows re... | S | |
| CVE-2009-3779 | Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a modul... | S | |
| CVE-2009-3780 | Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, ... | S | |
| CVE-2009-3781 | The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly ch... | S | |
| CVE-2009-3782 | Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authe... | S | |
| CVE-2009-3783 | Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for D... | S | |
| CVE-2009-3784 | Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows... | S | |
| CVE-2009-3785 | Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2... | S | |
| CVE-2009-3786 | Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.... | S | |
| CVE-2009-3787 | files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and re... | E | |
| CVE-2009-3788 | SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbi... | E S | |
| CVE-2009-3789 | Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to in... | E S | |
| CVE-2009-3790 | Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to ... | | |
| CVE-2009-3791 | Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a... | S | |
| CVE-2009-3792 | Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to... | S | |
| CVE-2009-3793 | Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ado... | S | |
| CVE-2009-3794 | Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows... | S | |
| CVE-2009-3795 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3796 | Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arb... | S | |
| CVE-2009-3797 | Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execut... | S | |
| CVE-2009-3798 | Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arb... | S | |
| CVE-2009-3799 | Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.... | S | |
| CVE-2009-3800 | Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.... | S | |
| CVE-2009-3801 | SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbi... | | |
| CVE-2009-3802 | Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid... | E | |
| CVE-2009-3803 | Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote at... | E | |
| CVE-2009-3804 | Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenti... | E | |
| CVE-2009-3805 | gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denia... | E | |
| CVE-2009-3806 | SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arb... | | |
| CVE-2009-3807 | Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of servi... | E | |
| CVE-2009-3808 | MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) ... | E | |
| CVE-2009-3809 | Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of servic... | E | |
| CVE-2009-3810 | Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a den... | E | |
| CVE-2009-3811 | Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute ar... | E | |
| CVE-2009-3812 | Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV tr... | E | |
| CVE-2009-3813 | Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arb... | E | |
| CVE-2009-3814 | Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to exec... | E | |
| CVE-2009-3815 | RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sens... | E | |
| CVE-2009-3816 | Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in I... | S | |
| CVE-2009-3817 | PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) ... | E | |
| CVE-2009-3818 | Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension ... | S | |
| CVE-2009-3819 | Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TY... | S | |
| CVE-2009-3820 | SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows r... | | |
| CVE-2009-3821 | Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 ... | S | |
| CVE-2009-3822 | PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 fo... | E | |
| CVE-2009-3823 | Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enab... | E | |
| CVE-2009-3824 | Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 al... | E | |
| CVE-2009-3825 | Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and ex... | E | |
| CVE-2009-3826 | Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking v... | S | |
| CVE-2009-3828 | The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and acc... | E | |
| CVE-2009-3829 | Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbit... | S | |
| CVE-2009-3830 | The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 a... | E | |
| CVE-2009-3831 | Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (m... | | |
| CVE-2009-3832 | Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user ... | S | |
| CVE-2009-3833 | Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to ... | E | |
| CVE-2009-3834 | SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joom... | E S | |
| CVE-2009-3835 | SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers t... | E | |
| CVE-2009-3836 | ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows ... | | |
| CVE-2009-3837 | Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary cod... | E | |
| CVE-2009-3838 | Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 server... | E | |
| CVE-2009-3839 | Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, ... | S | |
| CVE-2009-3840 | The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) ... | E S | |
| CVE-2009-3841 | Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60... | | |
| CVE-2009-3842 | Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.... | S | |
| CVE-2009-3843 | HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tom... | | |
| CVE-2009-3844 | Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recove... | E | |
| CVE-2009-3845 | The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows r... | S | |
| CVE-2009-3846 | Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.0... | S | |
| CVE-2009-3847 | Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows r... | S | |
| CVE-2009-3848 | Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7... | S | |
| CVE-2009-3849 | Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7... | S | |
| CVE-2009-3850 | Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend ... | E | |
| CVE-2009-3851 | Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command ... | S | |
| CVE-2009-3852 | Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10... | | |
| CVE-2009-3853 | Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivol... | S | |
| CVE-2009-3854 | Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM... | S | |
| CVE-2009-3855 | Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (... | S | |
| CVE-2009-3856 | Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allo... | E | |
| CVE-2009-3857 | Buffer overflow in Softonic International SciTE 1.72 allows user-assisted remote attackers to cause ... | E | |
| CVE-2009-3858 | Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web... | E | |
| CVE-2009-3859 | Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.1... | E S | |
| CVE-2009-3860 | Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create... | E | |
| CVE-2009-3861 | Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibl... | | |
| CVE-2009-3862 | The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf... | S | |
| CVE-2009-3863 | Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remot... | E | |
| CVE-2009-3864 | The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 be... | S | |
| CVE-2009-3865 | The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE ... | S | |
| CVE-2009-3866 | The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use ... | S | |
| CVE-2009-3867 | Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0... | S | |
| CVE-2009-3868 | Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x b... | S | |
| CVE-2009-3869 | Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java ... | S | |
| CVE-2009-3870 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3870. Reason: This candidat... | R | |
| CVE-2009-3871 | Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Jav... | S | |
| CVE-2009-3872 | Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 2... | S | |
| CVE-2009-3873 | The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Updat... | S | |
| CVE-2009-3874 | Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in J... | S | |
| CVE-2009-3875 | The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5... | S | |
| CVE-2009-3876 | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before U... | S | |
| CVE-2009-3877 | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before U... | S | |
| CVE-2009-3878 | Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack ... | | |
| CVE-2009-3879 | Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Ja... | | |
| CVE-2009-3880 | The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update... | | |
| CVE-2009-3881 | Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence... | | |
| CVE-2009-3882 | Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22... | | |
| CVE-2009-3883 | Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Sw... | | |
| CVE-2009-3884 | The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and Open... | | |
| CVE-2009-3885 | Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause ... | | |
| CVE-2009-3886 | The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the int... | | |
| CVE-2009-3887 | ytnef has directory traversal... | E | |
| CVE-2009-3888 | The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a m... | | |
| CVE-2009-3889 | The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable pe... | E | |
| CVE-2009-3890 | Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.ph... | S | |
| CVE-2009-3891 | Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows... | S | |
| CVE-2009-3892 | Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x be... | S | |
| CVE-2009-3893 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-3894 | Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privi... | S | |
| CVE-2009-3895 | Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exi... | S | |
| CVE-2009-3896 | src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x b... | E S | |
| CVE-2009-3897 | Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installat... | S | |
| CVE-2009-3898 | Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) ... | E S | |
| CVE-2009-3899 | Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 th... | S | |
| CVE-2009-3900 | Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.... | E S | |
| CVE-2009-3901 | Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to injec... | E | |
| CVE-2009-3902 | Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote... | E | |
| CVE-2009-3903 | Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analy... | | |
| CVE-2009-3904 | classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative acc... | E S | |
| CVE-2009-3905 | Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to injec... | | |
| CVE-2009-3906 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3606. Reason: This candidat... | R | |
| CVE-2009-3907 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3607. Reason: This candidat... | R | |
| CVE-2009-3908 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3608. Reason: This candidat... | R | |
| CVE-2009-3909 | Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 mig... | S | |
| CVE-2009-3911 | Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers ... | E | |
| CVE-2009-3912 | Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read ar... | E | |
| CVE-2009-3913 | SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execut... | | |
| CVE-2009-3914 | Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for D... | S | |
| CVE-2009-3915 | Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link modul... | S | |
| CVE-2009-3916 | Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x bef... | S | |
| CVE-2009-3917 | Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1... | S | |
| CVE-2009-3918 | Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x... | S | |
| CVE-2009-3919 | Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6... | S | |
| CVE-2009-3920 | An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal... | S | |
| CVE-2009-3921 | The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does no... | S | |
| CVE-2009-3922 | Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x... | S | |
| CVE-2009-3923 | The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not... | S | |
| CVE-2009-3924 | Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when E... | S | |
| CVE-2009-3925 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3926 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3927 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3928 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3929 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3930 | Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers ... | | |
| CVE-2009-3931 | Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.1... | | |
| CVE-2009-3932 | The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a... | | |
| CVE-2009-3933 | WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a... | S | |
| CVE-2009-3934 | The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframelo... | | |
| CVE-2009-3935 | Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the... | S | |
| CVE-2009-3936 | Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x befor... | S | |
| CVE-2009-3937 | Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to ... | | |
| CVE-2009-3938 | Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka lib... | E S | |
| CVE-2009-3939 | The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world... | E | |
| CVE-2009-3940 | Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.... | S | |
| CVE-2009-3941 | Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character i... | S | |
| CVE-2009-3942 | Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character ... | | |
| CVE-2009-3943 | Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attac... | E | |
| CVE-2009-3944 | Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause ... | | |
| CVE-2009-3945 | Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5... | | |
| CVE-2009-3946 | Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain th... | | |
| CVE-2009-3947 | Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows remote attackers to cause a denia... | E | |
| CVE-2009-3948 | JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a denial of service (memory consu... | E | |
| CVE-2009-3949 | cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentica... | E | |
| CVE-2009-3950 | Multiple cross-site scripting (XSS) vulnerabilities in Bractus SunTrack allow remote attackers to in... | | |
| CVE-2009-3951 | Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.3... | S | |
| CVE-2009-3952 | Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attack... | S | |
| CVE-2009-3953 | The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac... | KEV S | |
| CVE-2009-3954 | The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and ... | S | |
| CVE-2009-3955 | Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote a... | S | |
| CVE-2009-3956 | The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ... | S | |
| CVE-2009-3957 | Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow att... | S | |
| CVE-2009-3958 | Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before ... | S | |
| CVE-2009-3959 | Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x befor... | S | |
| CVE-2009-3960 | Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, Li... | KEV E | |
| CVE-2009-3961 | SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p... | S | |
| CVE-2009-3962 | The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T wit... | E | |
| CVE-2009-3963 | Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vect... | S | |
| CVE-2009-3964 | SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allow... | E | |
| CVE-2009-3965 | SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execut... | E | |
| CVE-2009-3966 | Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative acc... | E | |
| CVE-2009-3967 | SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers... | E | |
| CVE-2009-3968 | Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary ... | E | |
| CVE-2009-3969 | Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service... | E | |
| CVE-2009-3970 | SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script... | E | |
| CVE-2009-3971 | SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows re... | E | |
| CVE-2009-3972 | SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Jooml... | E | |
| CVE-2009-3973 | SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute... | E | |
| CVE-2009-3974 | Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3... | S | |
| CVE-2009-3975 | SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to e... | E | |
| CVE-2009-3976 | Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (applica... | E | |
| CVE-2009-3977 | Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node ... | E S | |
| CVE-2009-3978 | The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox... | S | |
| CVE-2009-3979 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.... | S | |
| CVE-2009-3980 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, Se... | S | |
| CVE-2009-3981 | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2... | S | |
| CVE-2009-3982 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6,... | S | |
| CVE-2009-3983 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote atta... | S | |
| CVE-2009-3984 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote atta... | S | |
| CVE-2009-3985 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote atta... | S | |
| CVE-2009-3986 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote atta... | S | |
| CVE-2009-3987 | The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonk... | S | |
| CVE-2009-3988 | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not pro... | | |
| CVE-2009-3989 | Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not bloc... | S | |
| CVE-2009-3990 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3991 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3993 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-3994 | Stack-based buffer overflow in the GetUID function in src-IL/src/il_dicom.c in DevIL 1.7.8 allows re... | S | |
| CVE-2009-3995 | Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before... | S | |
| CVE-2009-3996 | Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and... | S | |
| CVE-2009-3997 | Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow re... | S | |
| CVE-2009-3999 | Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows re... | |