| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2009-4000 | Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 all... | | |
| CVE-2009-4001 | Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via ... | S | |
| CVE-2009-4002 | Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to ex... | S | |
| CVE-2009-4003 | Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to exe... | S | |
| CVE-2009-4004 | Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsys... | | |
| CVE-2009-4005 | The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 ... | S | |
| CVE-2009-4006 | Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.... | | |
| CVE-2009-4007 | Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD befo... | S | |
| CVE-2009-4008 | Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query... | S | |
| CVE-2009-4009 | Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of ser... | S | |
| CVE-2009-4010 | Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS d... | S | |
| CVE-2009-4011 | dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a b... | | |
| CVE-2009-4012 | Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execu... | S | |
| CVE-2009-4013 | Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.... | S | |
| CVE-2009-4014 | Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, a... | S | |
| CVE-2009-4015 | Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attacker... | S | |
| CVE-2009-4016 | Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (... | S | |
| CVE-2009-4017 | PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created whe... | S | |
| CVE-2009-4018 | The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does ... | E S | |
| CVE-2009-4019 | mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors duri... | | |
| CVE-2009-4020 | Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers ... | S | |
| CVE-2009-4021 | The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.3... | | |
| CVE-2009-4022 | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1,... | S | |
| CVE-2009-4023 | Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendm... | E S | |
| CVE-2009-4024 | Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4... | S | |
| CVE-2009-4025 | Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute ... | S | |
| CVE-2009-4026 | The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers t... | S | |
| CVE-2009-4027 | Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows ... | S | |
| CVE-2009-4028 | The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before ... | E | |
| CVE-2009-4029 | The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 ... | E S | |
| CVE-2009-4030 | MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TA... | | |
| CVE-2009-4031 | The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the... | S | |
| CVE-2009-4032 | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject... | S | |
| CVE-2009-4033 | A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insuff... | | |
| CVE-2009-4034 | PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x... | S | |
| CVE-2009-4035 | The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.... | | |
| CVE-2009-4036 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2009-4037 | Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC... | S | |
| CVE-2009-4038 | Multiple cross-site scripting (XSS) vulnerabilities in NCH Software Axon Virtual PBX 2.10 and 2.11 a... | | |
| CVE-2009-4039 | Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject ar... | S | |
| CVE-2009-4040 | Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used... | S | |
| CVE-2009-4041 | UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of service (infinite loop) via c... | S | |
| CVE-2009-4042 | Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows... | S | |
| CVE-2009-4043 | Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.... | S | |
| CVE-2009-4044 | The Web Services module 6.x for Drupal does not perform the expected access control, which allows re... | | |
| CVE-2009-4045 | Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers t... | S | |
| CVE-2009-4046 | Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote atta... | S | |
| CVE-2009-4047 | Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to ... | E | |
| CVE-2009-4048 | Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of ser... | E | |
| CVE-2009-4049 | Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.... | E | |
| CVE-2009-4050 | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to r... | | |
| CVE-2009-4051 | Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via ... | E | |
| CVE-2009-4052 | Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rationa... | S | |
| CVE-2009-4053 | Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticate... | | |
| CVE-2009-4054 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3672. Reason: This candida... | R | |
| CVE-2009-4055 | rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, a... | E | |
| CVE-2009-4056 | Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to inc... | E | |
| CVE-2009-4057 | SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for ... | E | |
| CVE-2009-4058 | SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to ... | E | |
| CVE-2009-4059 | SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attac... | E | |
| CVE-2009-4060 | SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote att... | | |
| CVE-2009-4061 | Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for D... | S | |
| CVE-2009-4062 | Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 f... | S | |
| CVE-2009-4063 | Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before ... | S | |
| CVE-2009-4064 | Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal ... | S | |
| CVE-2009-4065 | Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x... | S | |
| CVE-2009-4066 | Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList In... | S | |
| CVE-2009-4067 | Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kern... | E S | |
| CVE-2009-4069 | Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other vers... | S | |
| CVE-2009-4070 | SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attac... | S | |
| CVE-2009-4071 | Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a w... | S | |
| CVE-2009-4072 | Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a ... | | |
| CVE-2009-4073 | The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a lo... | | |
| CVE-2009-4074 | The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-ch... | | |
| CVE-2009-4075 | Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99... | S | |
| CVE-2009-4076 | Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote... | | |
| CVE-2009-4077 | Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote... | | |
| CVE-2009-4078 | Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attack... | S | |
| CVE-2009-4079 | Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers... | S | |
| CVE-2009-4080 | Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemo... | S | |
| CVE-2009-4081 | Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via ... | S | |
| CVE-2009-4082 | PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (... | E | |
| CVE-2009-4083 | Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attacker... | | |
| CVE-2009-4084 | SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers... | | |
| CVE-2009-4085 | PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 a... | | |
| CVE-2009-4086 | CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject a... | E | |
| CVE-2009-4087 | Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows rem... | E | |
| CVE-2009-4088 | Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attack... | E S | |
| CVE-2009-4089 | telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbi... | E | |
| CVE-2009-4090 | Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier sc... | E S | |
| CVE-2009-4091 | comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allo... | E | |
| CVE-2009-4092 | Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier... | E | |
| CVE-2009-4093 | Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly... | E | |
| CVE-2009-4094 | PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezin... | E | |
| CVE-2009-4095 | myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of... | S | |
| CVE-2009-4096 | RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access con... | E | |
| CVE-2009-4097 | Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlie... | E | |
| CVE-2009-4098 | Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows... | | |
| CVE-2009-4099 | SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4,... | E | |
| CVE-2009-4100 | Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which a... | | |
| CVE-2009-4101 | infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges... | | |
| CVE-2009-4102 | Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, whi... | | |
| CVE-2009-4103 | Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause ... | | |
| CVE-2009-4104 | SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for ... | E | |
| CVE-2009-4105 | TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by se... | E | |
| CVE-2009-4106 | Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier all... | E | |
| CVE-2009-4107 | Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remote attackers to execute arbitr... | E | |
| CVE-2009-4108 | XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (cr... | E | |
| CVE-2009-4109 | The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing f... | | |
| CVE-2009-4110 | Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4... | | |
| CVE-2009-4111 | Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possi... | E | |
| CVE-2009-4112 | Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying ... | E | |
| CVE-2009-4113 | Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 Cut... | E | |
| CVE-2009-4114 | kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does n... | E | |
| CVE-2009-4115 | Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 al... | E | |
| CVE-2009-4116 | Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is dis... | E | |
| CVE-2009-4117 | Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used... | E | |
| CVE-2009-4118 | The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Win... | E | |
| CVE-2009-4119 | Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x befor... | S | |
| CVE-2009-4120 | Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers ... | E | |
| CVE-2009-4121 | Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 a... | E | |
| CVE-2009-4123 | The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.... | | |
| CVE-2009-4124 | Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p37... | S | |
| CVE-2009-4127 | Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assi... | | |
| CVE-2009-4128 | GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with th... | E S | |
| CVE-2009-4129 | Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spo... | | |
| CVE-2009-4130 | Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozil... | | |
| CVE-2009-4131 | The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux ke... | S | |
| CVE-2009-4132 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4214. Reason: This candida... | R | |
| CVE-2009-4133 | Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node fo... | | |
| CVE-2009-4134 | Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of ser... | S | |
| CVE-2009-4135 | The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain pr... | S | |
| CVE-2009-4136 | PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x... | S | |
| CVE-2009-4137 | The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings ... | | |
| CVE-2009-4138 | drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used,... | S | |
| CVE-2009-4139 | Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java site packages (aka spacewalk-j... | S | |
| CVE-2009-4140 | Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through... | E | |
| CVE-2009-4141 | Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before ... | E S | |
| CVE-2009-4142 | The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 seque... | E S | |
| CVE-2009-4143 | PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vec... | | |
| CVE-2009-4144 | NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certifica... | | |
| CVE-2009-4145 | nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions... | S | |
| CVE-2009-4146 | The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2... | E | |
| CVE-2009-4147 | The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and ... | E S | |
| CVE-2009-4148 | DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScri... | E | |
| CVE-2009-4149 | Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote ... | S | |
| CVE-2009-4150 | dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits executi... | S | |
| CVE-2009-4151 | Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.... | S | |
| CVE-2009-4152 | Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.... | | |
| CVE-2009-4153 | Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 ha... | S | |
| CVE-2009-4154 | Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attac... | E | |
| CVE-2009-4155 | Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrar... | | |
| CVE-2009-4156 | PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier all... | E | |
| CVE-2009-4157 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader... | E | |
| CVE-2009-4158 | SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remot... | S | |
| CVE-2009-4159 | Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend modu... | S | |
| CVE-2009-4160 | Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) ... | S | |
| CVE-2009-4161 | Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and ea... | | |
| CVE-2009-4162 | Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows... | S | |
| CVE-2009-4163 | SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier f... | | |
| CVE-2009-4164 | Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and ... | | |
| CVE-2009-4165 | SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for T... | | |
| CVE-2009-4166 | SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attacker... | S | |
| CVE-2009-4167 | Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TY... | | |
| CVE-2009-4168 | Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin... | E | |
| CVE-2009-4169 | Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for... | | |
| CVE-2009-4170 | WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtai... | E | |
| CVE-2009-4171 | An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 ver... | E | |
| CVE-2009-4172 | Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8... | E | |
| CVE-2009-4173 | Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before ... | E | |
| CVE-2009-4174 | The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is... | E | |
| CVE-2009-4175 | CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive info... | E | |
| CVE-2009-4176 | Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM... | S | |
| CVE-2009-4177 | Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 a... | S | |
| CVE-2009-4178 | Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51,... | S | |
| CVE-2009-4179 | Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, ... | S | |
| CVE-2009-4180 | Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.5... | S | |
| CVE-2009-4181 | Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7... | S | |
| CVE-2009-4182 | Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allo... | | |
| CVE-2009-4183 | Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 and 6.10 allows local users to ... | | |
| CVE-2009-4184 | Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (1... | | |
| CVE-2009-4185 | Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (... | E | |
| CVE-2009-4186 | Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a ... | E | |
| CVE-2009-4187 | Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Port... | S | |
| CVE-2009-4188 | HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allow... | | |
| CVE-2009-4189 | HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows rem... | | |
| CVE-2009-4190 | Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause ... | | |
| CVE-2009-4191 | Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 plat... | | |
| CVE-2009-4192 | Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allow... | E | |
| CVE-2009-4193 | Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tm... | S | |
| CVE-2009-4194 | Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibl... | E | |
| CVE-2009-4195 | Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remot... | E | |
| CVE-2009-4196 | Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V1... | E | |
| CVE-2009-4197 | rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that doe... | E | |
| CVE-2009-4198 | SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to exec... | E | |
| CVE-2009-4199 | Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1... | E | |
| CVE-2009-4200 | SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote at... | E | |
| CVE-2009-4201 | Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote ... | E | |
| CVE-2009-4202 | Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.... | E | |
| CVE-2009-4203 | Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remot... | E | |
| CVE-2009-4204 | SQL injection vulnerability in read.php in Flashlight Free Edition allows remote attackers to execut... | E | |
| CVE-2009-4205 | Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to... | E | |
| CVE-2009-4206 | SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier al... | E | |
| CVE-2009-4207 | Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x... | S | |
| CVE-2009-4208 | SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to... | E | |
| CVE-2009-4209 | Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow rem... | E | |
| CVE-2009-4210 | The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote att... | S | |
| CVE-2009-4211 | The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the So... | | |
| CVE-2009-4212 | Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto librar... | S | |
| CVE-2009-4214 | Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, a... | S | |
| CVE-2009-4215 | Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (E... | S | |
| CVE-2009-4216 | Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and ... | E | |
| CVE-2009-4217 | SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joom... | E | |
| CVE-2009-4218 | Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) ... | E | |
| CVE-2009-4219 | Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.... | E | |
| CVE-2009-4220 | PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and e... | E | |
| CVE-2009-4221 | SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attacke... | E | |
| CVE-2009-4222 | phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, wh... | E | |
| CVE-2009-4223 | PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote... | E | |
| CVE-2009-4224 | Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remo... | E | |
| CVE-2009-4225 | Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestP... | E | |
| CVE-2009-4226 | Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remo... | E S | |
| CVE-2009-4227 | Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and ea... | E | |
| CVE-2009-4228 | Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to c... | | |
| CVE-2009-4229 | Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to e... | E | |
| CVE-2009-4230 | Multiple stack-based buffer overflows in src/Task.cc in the FastCGI program in IIPImage Server befor... | | |
| CVE-2009-4231 | Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote... | E | |
| CVE-2009-4232 | The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, w... | | |
| CVE-2009-4233 | Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x ... | | |
| CVE-2009-4234 | Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Acce... | E | |
| CVE-2009-4235 | acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions ... | S | |
| CVE-2009-4236 | The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in... | S | |
| CVE-2009-4237 | Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers ... | E S | |
| CVE-2009-4238 | Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to ... | E S | |
| CVE-2009-4239 | Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1... | | |
| CVE-2009-4240 | Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSp... | | |
| CVE-2009-4241 | Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12... | S | |
| CVE-2009-4242 | Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/g... | S | |
| CVE-2009-4243 | RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 th... | S | |
| CVE-2009-4244 | Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12... | S | |
| CVE-2009-4245 | Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12... | S | |
| CVE-2009-4246 | Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.1... | S | |
| CVE-2009-4247 | Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer ... | S | |
| CVE-2009-4248 | Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.... | S | |
| CVE-2009-4249 | Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals... | E | |
| CVE-2009-4250 | Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews bef... | E | |
| CVE-2009-4251 | Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assis... | E | |
| CVE-2009-4252 | Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) ... | E S | |
| CVE-2009-4253 | Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attack... | E | |
| CVE-2009-4254 | PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to ... | | |
| CVE-2009-4255 | Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote... | E | |
| CVE-2009-4256 | Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attacker... | E | |
| CVE-2009-4257 | Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealP... | S | |
| CVE-2009-4261 | Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2... | S | |
| CVE-2009-4262 | Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control... | E | |
| CVE-2009-4263 | SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to ex... | E | |
| CVE-2009-4264 | PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, ... | E | |
| CVE-2009-4265 | Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows ... | E | |
| CVE-2009-4266 | Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Scrip... | E | |
| CVE-2009-4267 | The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authentic... | | |
| CVE-2009-4268 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2009-4269 | The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby ... | | |
| CVE-2009-4270 | Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8... | E | |
| CVE-2009-4271 | The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause ... | | |
| CVE-2009-4272 | A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux ... | E | |
| CVE-2009-4273 | stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell ... | S | |
| CVE-2009-4274 | Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dep... | | |
| CVE-2009-4275 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2009-4276 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2009-4277 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4278 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4279 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4280 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4281 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4282 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4283 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4284 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4285 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4286 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4287 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4288 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4289 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4290 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4291 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2009-4292 | Buffer overflow in the URL filtering function in Internet Initiative Japan SEIL/X1, SEIL/X2, and SEI... | | |
| CVE-2009-4293 | Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enab... | | |
| CVE-2009-4294 | Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0... | S | |
| CVE-2009-4295 | Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on e... | S | |
| CVE-2009-4296 | SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earl... | S | |
| CVE-2009-4297 | Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 befor... | S | |
| CVE-2009-4298 | The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username... | S | |
| CVE-2009-4299 | mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ... | S | |
| CVE-2009-4300 | Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store t... | S | |
| CVE-2009-4301 | mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does ... | S | |
| CVE-2009-4302 | login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the... | S | |
| CVE-2009-4303 | Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secret... | S | |
| CVE-2009-4304 | Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, whi... | S | |
| CVE-2009-4305 | SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 all... | S | |
| CVE-2009-4306 | Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ex... | | |
| CVE-2009-4307 | The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows us... | E S | |
| CVE-2009-4308 | The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before ... | | |
| CVE-2009-4309 | Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows ... | S | |
| CVE-2009-4310 | Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows... | S | |
| CVE-2009-4311 | Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Serv... | S | |
| CVE-2009-4312 | Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Serv... | S | |
| CVE-2009-4313 | ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server... | S | |
| CVE-2009-4314 | Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, ... | S | |
| CVE-2009-4315 | Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is... | E | |
| CVE-2009-4316 | Cross-site scripting (XSS) vulnerability in searchresults_main.php in ZeeLyrics 3x allows remote att... | | |
| CVE-2009-4317 | Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote attackers t... | E | |
| CVE-2009-4318 | Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote att... | E | |
| CVE-2009-4319 | PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlie... | E | |
| CVE-2009-4320 | Cross-site scripting (XSS) vulnerability in searchform.php in The Next Generation of Genealogy Siteb... | E | |
| CVE-2009-4321 | extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attacke... | E | |
| CVE-2009-4322 | extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a... | E | |
| CVE-2009-4323 | The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs,... | | |
| CVE-2009-4324 | Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and... | KEV E | |
| CVE-2009-4325 | The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 ... | E S | |
| CVE-2009-4326 | The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9... | S | |
| CVE-2009-4327 | The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not prope... | S | |
| CVE-2009-4328 | Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote aut... | S | |
| CVE-2009-4329 | Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote ... | E S | |
| CVE-2009-4330 | Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has... | S | |
| CVE-2009-4331 | The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability ... | E S | |
| CVE-2009-4332 | db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows att... | S | |
| CVE-2009-4333 | The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the pass... | S | |
| CVE-2009-4334 | The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 b... | S | |
| CVE-2009-4335 | Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component ... | S | |
| CVE-2009-4336 | Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extensi... | | |
| CVE-2009-4337 | SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and ... | | |
| CVE-2009-4338 | SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remo... | | |
| CVE-2009-4339 | SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows r... | | |
| CVE-2009-4340 | Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.... | | |
| CVE-2009-4341 | SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 a... | | |
| CVE-2009-4342 | SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remot... | | |
| CVE-2009-4343 | Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4... | | |
| CVE-2009-4344 | Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYP... | | |
| CVE-2009-4345 | Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allo... | | |
| CVE-2009-4346 | Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extens... | | |
| CVE-2009-4347 | Cross-site scripting (XSS) vulnerability in daloradius-users/login.php in daloRADIUS 0.9-8 and earli... | E | |
| CVE-2009-4348 | Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allo... | E | |
| CVE-2009-4349 | Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold... | E | |
| CVE-2009-4350 | SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to ex... | E | |
| CVE-2009-4351 | SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disa... | E | |
| CVE-2009-4352 | Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0... | | |
| CVE-2009-4353 | The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly oth... | | |
| CVE-2009-4354 | TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID... | | |
| CVE-2009-4355 | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earli... | | |
| CVE-2009-4356 | Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote at... | E S | |
| CVE-2009-4357 | CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use o... | | |
| CVE-2009-4358 | freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working direc... | S | |
| CVE-2009-4359 | Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS ... | E | |
| CVE-2009-4360 | SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows ... | E | |
| CVE-2009-4361 | Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (... | | |
| CVE-2009-4362 | Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (a... | | |
| CVE-2009-4363 | Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupwa... | E S | |
| CVE-2009-4364 | Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers t... | | |
| CVE-2009-4365 | Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 all... | E | |
| CVE-2009-4366 | Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attacke... | E | |
| CVE-2009-4367 | The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.... | E | |
| CVE-2009-4368 | Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors... | S | |
| CVE-2009-4369 | Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or... | E S | |
| CVE-2009-4370 | Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal ... | S | |
| CVE-2009-4371 | Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drup... | E S | |
| CVE-2009-4372 | AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions be... | E | |
| CVE-2009-4373 | Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open So... | E | |
| CVE-2009-4374 | Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source ... | E | |
| CVE-2009-4375 | SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Securi... | E | |
| CVE-2009-4376 | Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0... | E S | |
| CVE-2009-4377 | The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause... | E | |
| CVE-2009-4378 | The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a de... | S | |
| CVE-2009-4379 | Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote ... | S | |
| CVE-2009-4380 | Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to ... | S | |
| CVE-2009-4381 | Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remo... | E | |
| CVE-2009-4382 | Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remo... | E | |
| CVE-2009-4383 | Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote atta... | S | |
| CVE-2009-4384 | Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remo... | E | |
| CVE-2009-4385 | Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) all... | E | |
| CVE-2009-4386 | SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System f... | E | |
| CVE-2009-4387 | The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Pa... | E S | |
| CVE-2009-4388 | Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allow... | S | |
| CVE-2009-4389 | Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allow... | | |
| CVE-2009-4390 | SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to ex... | | |
| CVE-2009-4391 | Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows... | S | |
| CVE-2009-4392 | SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 ... | S | |
| CVE-2009-4393 | SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earl... | | |
| CVE-2009-4394 | SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYP... | | |
| CVE-2009-4395 | Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and ea... | | |
| CVE-2009-4396 | SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension... | | |
| CVE-2009-4397 | Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resourc... | | |
| CVE-2009-4398 | Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_... | | |
| CVE-2009-4399 | SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartg... | | |
| CVE-2009-4400 | Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) ex... | | |
| CVE-2009-4401 | SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3... | | |
| CVE-2009-4402 | The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified admini... | | |
| CVE-2009-4403 | Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to in... | E | |
| CVE-2009-4404 | Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a ... | | |
| CVE-2009-4405 | Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, p... | | |
| CVE-2009-4406 | Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched... | E | |
| CVE-2009-4407 | Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier ver... | | |
| CVE-2009-4408 | Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly e... | | |
| CVE-2009-4409 | The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) f... | | |
| CVE-2009-4410 | The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-... | | |
| CVE-2009-4411 | The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, fol... | S | |
| CVE-2009-4412 | Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users t... | | |
| CVE-2009-4413 | The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other ve... | E | |
| CVE-2009-4414 | SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and p... | | |
| CVE-2009-4415 | Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions ... | | |
| CVE-2009-4416 | Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other ... | S | |
| CVE-2009-4417 | The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-depend... | E | |
| CVE-2009-4418 | The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a deni... | | |
| CVE-2009-4419 | Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module ... | | |
| CVE-2009-4420 | Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 thro... | | |
| CVE-2009-4421 | Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows r... | E | |
| CVE-2009-4422 | Multiple cross-site scripting (XSS) vulnerabilities in the GetURLArguments function in jpgraph.php i... | | |
| CVE-2009-4423 | SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arb... | E | |
| CVE-2009-4424 | SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attac... | E | |
| CVE-2009-4425 | Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 allows remote attackers to in... | E | |
| CVE-2009-4426 | Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, all... | E | |
| CVE-2009-4427 | Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to incl... | E | |
| CVE-2009-4428 | SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! all... | E | |
| CVE-2009-4429 | Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.... | E S | |
| CVE-2009-4430 | SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitr... | E | |
| CVE-2009-4431 | PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pr... | E | |
| CVE-2009-4432 | SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execut... | E | |
| CVE-2009-4433 | Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remot... | E | |
| CVE-2009-4434 | Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote at... | E | |
| CVE-2009-4435 | Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and ex... | E | |
| CVE-2009-4436 | Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to ... | E | |
| CVE-2009-4437 | Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute... | E | |
| CVE-2009-4438 | The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and ... | S | |
| CVE-2009-4439 | Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 bef... | S | |
| CVE-2009-4440 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.... | S | |
| CVE-2009-4441 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.... | S | |
| CVE-2009-4442 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.... | S | |
| CVE-2009-4443 | Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Se... | S | |
| CVE-2009-4444 | Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before... | | |
| CVE-2009-4445 | Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party... | | |
| CVE-2009-4446 | Cross-site scripting (XSS) vulnerability in admin.php in phpInstantGallery 1.1 allows remote attacke... | E | |
| CVE-2009-4447 | Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settin... | E | |
| CVE-2009-4448 | inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows r... | S | |
| CVE-2009-4449 | Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier version... | E | |
| CVE-2009-4450 | Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote att... | E | |
| CVE-2009-4451 | Unrestricted file upload vulnerability in upper.php in kandalf upper 0.1 allows remote attackers to ... | E | |
| CVE-2009-4452 | Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.3... | E | |
| CVE-2009-4453 | Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allo... | E | |
| CVE-2009-4454 | vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbit... | E | |
| CVE-2009-4455 | The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1,... | | |
| CVE-2009-4456 | SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier version... | E | |
| CVE-2009-4457 | Multiple unspecified vulnerabilities in the Vsftpd Webmin module before 1.3b for the Vsftpd server h... | | |
| CVE-2009-4458 | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly othe... | E | |
| CVE-2009-4459 | Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, w... | E | |
| CVE-2009-4460 | Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow r... | E | |
| CVE-2009-4461 | Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inj... | E | |
| CVE-2009-4462 | Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom ... | E | |
| CVE-2009-4463 | Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration servic... | E | |
| CVE-2009-4464 | Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows ... | E | |
| CVE-2009-4465 | DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which... | E | |
| CVE-2009-4466 | DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to... | E | |
| CVE-2009-4467 | misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address ... | E | |
| CVE-2009-4468 | Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inje... | E | |
| CVE-2009-4469 | Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc.php in phpPowerCards 2.0 allow... | E | |
| CVE-2009-4470 | SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitra... | E | |
| CVE-2009-4471 | Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 and earlier allow remote atta... | E | |
| CVE-2009-4472 | Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attacker... | E | |
| CVE-2009-4473 | Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx i... | S | |
| CVE-2009-4474 | SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remot... | E | |
| CVE-2009-4475 | SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attacke... | E | |
| CVE-2009-4476 | Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attacker... | | |
| CVE-2009-4477 | SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execut... | E | |
| CVE-2009-4478 | Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers... | E | |
| CVE-2009-4479 | LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (heap memory corru... | | |
| CVE-2009-4480 | Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execu... | | |
| CVE-2009-4481 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3111. Reason: This candida... | R | |
| CVE-2009-4482 | Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote attackers to execute arbitrary code... | | |
| CVE-2009-4483 | Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial ... | | |
| CVE-2009-4484 | Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCryp... | E S | |
| CVE-2009-4485 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-4486 | Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote a... | S | |
| CVE-2009-4487 | nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allo... | E S | |
| CVE-2009-4488 | Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might all... | E | |
| CVE-2009-4489 | header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable chara... | E S | |
| CVE-2009-4490 | mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might a... | E | |
| CVE-2009-4491 | thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might all... | E | |
| CVE-2009-4492 | WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 th... | E S | |
| CVE-2009-4493 | Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters... | | |
| CVE-2009-4494 | AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might a... | E | |
| CVE-2009-4495 | Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow r... | E | |
| CVE-2009-4496 | Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might a... | E | |
| CVE-2009-4497 | Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attac... | | |
| CVE-2009-4498 | The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arb... | | |
| CVE-2009-4499 | SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbi... | | |
| CVE-2009-4500 | The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers... | | |
| CVE-2009-4501 | The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote ... | S | |
| CVE-2009-4502 | The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solari... | E | |
| CVE-2009-4505 | Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remo... | E | |
| CVE-2009-4509 | The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses pre... | S | |
| CVE-2009-4510 | The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, w... | S | |
| CVE-2009-4511 | Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Vid... | S | |
| CVE-2009-4512 | Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, ... | E | |
| CVE-2009-4513 | Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.... | | |
| CVE-2009-4514 | Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x bef... | S | |
| CVE-2009-4515 | The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminv... | S | |
| CVE-2009-4516 | Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module ... | S | |
| CVE-2009-4517 | Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a ... | S | |
| CVE-2009-4518 | Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal all... | S | |
| CVE-2009-4519 | Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknown impact and attack vectors.... | | |
| CVE-2009-4520 | The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, all... | S | |
| CVE-2009-4521 | Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Rep... | E | |
| CVE-2009-4522 | Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attacker... | E | |
| CVE-2009-4523 | Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject... | E | |
| CVE-2009-4524 | Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal al... | S | |
| CVE-2009-4525 | Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module ... | S | |
| CVE-2009-4526 | The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before ... | S | |
| CVE-2009-4527 | The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal,... | S | |
| CVE-2009-4528 | The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated ... | S | |
| CVE-2009-4529 | InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source co... | E | |
| CVE-2009-4530 | Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appen... | E | |
| CVE-2009-4531 | httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appendi... | E | |
| CVE-2009-4532 | Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x... | S | |
| CVE-2009-4533 | The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent ... | S | |
| CVE-2009-4534 | Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, a... | | |
| CVE-2009-4535 | Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appen... | E | |
| CVE-2009-4536 | drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles ... | | |
| CVE-2009-4537 | drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly c... | | |
| CVE-2009-4538 | drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not p... | | |
| CVE-2009-4539 | Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager 1.2.0 allows remote attackers ... | E | |
| CVE-2009-4540 | SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitra... | E | |
| CVE-2009-4541 | Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attac... | E | |
| CVE-2009-4542 | Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remo... | E | |
| CVE-2009-4543 | PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Li... | E | |
| CVE-2009-4544 | Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk... | E | |
| CVE-2009-4545 | Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, ... | E | |
| CVE-2009-4546 | globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and g... | E | |
| CVE-2009-4547 | Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to injec... | E | |
| CVE-2009-4548 | Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to ... | E | |
| CVE-2009-4549 | Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote attackers to execute arbitrary... | E | |
| CVE-2009-4550 | SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! a... | E | |
| CVE-2009-4551 | SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to exec... | E | |
| CVE-2009-4552 | Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote atta... | E | |
| CVE-2009-4553 | Stack-based buffer overflow in iRehearse allows remote attackers to cause a denial of service (appli... | E | |
| CVE-2009-4554 | Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attacke... | E | |
| CVE-2009-4555 | Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and Agor... | | |
| CVE-2009-4556 | Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permi... | | |
| CVE-2009-4557 | Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x ... | S | |
| CVE-2009-4558 | The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6... | S | |
| CVE-2009-4559 | Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal al... | S | |
| CVE-2009-4560 | SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arb... | E | |
| CVE-2009-4561 | Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc ... | E | |
| CVE-2009-4562 | Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attack... | E | |
| CVE-2009-4563 | Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allow... | E | |
| CVE-2009-4564 | SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allo... | E | |
| CVE-2009-4565 | sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X... | S | |
| CVE-2009-4566 | SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitr... | | |
| CVE-2009-4567 | Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow re... | E | |
| CVE-2009-4568 | Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remo... | S | |
| CVE-2009-4569 | SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary ... | E | |
| CVE-2009-4570 | Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrar... | E | |
| CVE-2009-4571 | Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execu... | E | |
| CVE-2009-4572 | Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack t... | E | |
| CVE-2009-4573 | Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Jo... | | |
| CVE-2009-4574 | SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attac... | E | |
| CVE-2009-4575 | Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for J... | E | |
| CVE-2009-4576 | SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote a... | E | |
| CVE-2009-4577 | SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote at... | E | |
| CVE-2009-4578 | Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! ... | E | |
| CVE-2009-4579 | Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Jooml... | E | |
| CVE-2009-4580 | Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 allow remote attackers to inje... | E | |
| CVE-2009-4581 | Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when mag... | E | |
| CVE-2009-4582 | SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote at... | E | |
| CVE-2009-4583 | SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attacke... | E | |
| CVE-2009-4584 | admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentic... | E | |
| CVE-2009-4585 | UranyumSoft Listing Service stores sensitive information under the web root with insufficient access... | E | |
| CVE-2009-4586 | Multiple cross-site scripting (XSS) vulnerabilities in index.html in Wowd client before 1.3.1 allow ... | E | |
| CVE-2009-4587 | Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an... | E | |
| CVE-2009-4588 | Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta,... | E | |
| CVE-2009-4589 | Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink ... | E S | |
| CVE-2009-4590 | Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engi... | | |
| CVE-2009-4591 | SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote ... | S | |
| CVE-2009-4592 | Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) befor... | | |
| CVE-2009-4593 | The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the... | S | |
| CVE-2009-4594 | Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domi... | S | |
| CVE-2009-4595 | SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to e... | | |
| CVE-2009-4596 | Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers t... | E | |
| CVE-2009-4597 | Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authentica... | E | |
| CVE-2009-4598 | SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attac... | E | |
| CVE-2009-4599 | Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! all... | E | |
| CVE-2009-4600 | SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 a... | E | |
| CVE-2009-4601 | Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows ... | E | |
| CVE-2009-4602 | Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x throug... | | |
| CVE-2009-4603 | Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.2... | | |
| CVE-2009-4604 | PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mambo... | E | |
| CVE-2009-4605 | scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize f... | S | |
| CVE-2009-4606 | South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security d... | | |
| CVE-2009-4607 | The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "les... | | |
| CVE-2009-4608 | Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlie... | | |
| CVE-2009-4609 | The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive informa... | E | |
| CVE-2009-4610 | Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote att... | E | |
| CVE-2009-4611 | Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable c... | E | |
| CVE-2009-4612 | Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6... | E | |
| CVE-2009-4613 | SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 a... | | |
| CVE-2009-4614 | Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2.0 and earlier allow remote att... | E | |
| CVE-2009-4615 | SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to ... | E | |
| CVE-2009-4616 | Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote ... | E | |
| CVE-2009-4617 | Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script a... | E | |
| CVE-2009-4618 | Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execut... | E | |
| CVE-2009-4619 | SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows rem... | E | |
| CVE-2009-4620 | SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote atta... | E | |
| CVE-2009-4621 | SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote atta... | E | |
| CVE-2009-4622 | PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0... | E | |
| CVE-2009-4623 | Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attac... | E | |
| CVE-2009-4624 | SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute ar... | E | |
| CVE-2009-4625 | SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.... | E | |
| CVE-2009-4626 | Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include ... | E | |
| CVE-2009-4627 | Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier a... | E | |
| CVE-2009-4628 | SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! a... | E S | |
| CVE-2009-4629 | Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetc... | | |
| CVE-2009-4630 | Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of do... | | |
| CVE-2009-4631 | Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial ... | E | |
| CVE-2009-4632 | oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might all... | E | |
| CVE-2009-4633 | vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, whic... | E | |
| CVE-2009-4634 | Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and po... | E | |
| CVE-2009-4635 | FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code ... | E | |
| CVE-2009-4636 | FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that trigg... | E S | |
| CVE-2009-4637 | FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitra... | E | |
| CVE-2009-4638 | Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and poss... | E | |
| CVE-2009-4639 | The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a deni... | E | |
| CVE-2009-4640 | Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service... | E | |
| CVE-2009-4641 | gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting ap... | S | |
| CVE-2009-4642 | gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time,... | | |
| CVE-2009-4643 | Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in J... | | |
| CVE-2009-4644 | Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators t... | E | |
| CVE-2009-4645 | Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Ap... | E | |
| CVE-2009-4646 | Static code injection vulnerability in the administrative web interface in Accellion Secure File Tra... | E | |
| CVE-2009-4647 | Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 ... | E | |
| CVE-2009-4648 | Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensiti... | E | |
| CVE-2009-4649 | Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inje... | E | |
| CVE-2009-4650 | SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 f... | E | |
| CVE-2009-4651 | Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) compone... | E | |
| CVE-2009-4652 | The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, ... | E | |
| CVE-2009-4653 | Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remo... | E | |
| CVE-2009-4654 | Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remo... | E | |
| CVE-2009-4655 | The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it e... | E | |
| CVE-2009-4656 | Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4... | E | |
| CVE-2009-4657 | The administrator package for Xerver 4.32 does not require authentication, which allows remote attac... | E | |
| CVE-2009-4658 | Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-... | E | |
| CVE-2009-4659 | Unspecified vulnerability in MP3-Cutter Ease Audio Cutter 1.20 allows user-assisted remote attackers... | E | |
| CVE-2009-4660 | Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows ... | E | |
| CVE-2009-4661 | Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers... | E | |
| CVE-2009-4662 | Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7... | | |
| CVE-2009-4663 | Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX control allows remote attacker... | E | |
| CVE-2009-4664 | Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileg... | | |
| CVE-2009-4665 | Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cut... | E S | |
| CVE-2009-4666 | Multiple PHP remote file inclusion vulnerabilities in Webradev Download Protect 1.0 allow remote att... | E | |
| CVE-2009-4667 | SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execut... | E | |
| CVE-2009-4668 | Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote a... | E | |
| CVE-2009-4669 | Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbit... | E | |
| CVE-2009-4670 | admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attacke... | E | |
| CVE-2009-4671 | Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administ... | E | |
| CVE-2009-4672 | Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remo... | E | |
| CVE-2009-4673 | SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers... | E | |
| CVE-2009-4674 | admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows rem... | E | |
| CVE-2009-4675 | admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not re... | E | |
| CVE-2009-4676 | Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote a... | | |
| CVE-2009-4677 | Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote a... | | |
| CVE-2009-4678 | Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers ... | E | |
| CVE-2009-4679 | Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.... | E | |
| CVE-2009-4680 | SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execu... | E | |
| CVE-2009-4681 | Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attac... | E | |
| CVE-2009-4682 | Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inj... | E | |
| CVE-2009-4683 | Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include an... | E | |
| CVE-2009-4684 | Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject a... | E | |
| CVE-2009-4685 | Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remo... | E | |
| CVE-2009-4686 | Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote atta... | E | |
| CVE-2009-4687 | SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote atta... | E | |
| CVE-2009-4688 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Websit... | E | |
| CVE-2009-4689 | SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote a... | E | |
| CVE-2009-4690 | Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow re... | E | |
| CVE-2009-4691 | SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers t... | E | |
| CVE-2009-4692 | Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote ... | E | |
| CVE-2009-4693 | Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to ... | E | |
| CVE-2009-4694 | Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote ... | E | |
| CVE-2009-4695 | SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to ... | E | |
| CVE-2009-4696 | SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitr... | E | |
| CVE-2009-4697 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote atta... | E | |
| CVE-2009-4698 | Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote a... | E | |
| CVE-2009-4699 | Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inje... | E | |
| CVE-2009-4700 | Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arb... | E | |
| CVE-2009-4701 | SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows re... | | |
| CVE-2009-4702 | SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows... | S | |
| CVE-2009-4703 | SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier fo... | | |
| CVE-2009-4704 | Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 all... | | |
| CVE-2009-4705 | Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.... | S | |
| CVE-2009-4706 | Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO... | S | |
| CVE-2009-4707 | Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubm... | | |
| CVE-2009-4708 | SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension... | | |
| CVE-2009-4709 | SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.... | S | |
| CVE-2009-4710 | SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and e... | | |
| CVE-2009-4711 | SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote... | S | |
| CVE-2009-4712 | SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 all... | E | |
| CVE-2009-4713 | Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar a... | E | |
| CVE-2009-4714 | Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attacker... | E | |
| CVE-2009-4715 | Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote a... | E | |
| CVE-2009-4716 | Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZWebSearch allows remote attacke... | E | |
| CVE-2009-4717 | Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers ... | E | |
| CVE-2009-4718 | SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers ... | | |
| CVE-2009-4719 | SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute a... | E S | |
| CVE-2009-4720 | SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute... | | |
| CVE-2009-4721 | Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow re... | E | |
| CVE-2009-4722 | SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when... | E | |
| CVE-2009-4723 | Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to includ... | E | |
| CVE-2009-4724 | SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attacke... | E | |
| CVE-2009-4725 | Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlie... | E | |
| CVE-2009-4726 | Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read ... | E | |
| CVE-2009-4727 | SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attacker... | E | |
| CVE-2009-4728 | SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote ... | E | |
| CVE-2009-4729 | Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attac... | E | |
| CVE-2009-4730 | SQL injection vulnerability in report.php in x10 Adult Media Script 1.7 allows remote attackers to e... | E | |
| CVE-2009-4731 | SQL injection vulnerability in photos.php in Model Agency Manager PRO (formerly Modeling Agency Cont... | E | |
| CVE-2009-4732 | SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is dis... | E | |
| CVE-2009-4733 | SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disable... | E | |
| CVE-2009-4734 | SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows re... | E | |
| CVE-2009-4735 | SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2... | E | |
| CVE-2009-4736 | Cross-site scripting (XSS) vulnerability in search.php in CommonSense CMS 5.0 allows remote attacker... | E | |
| CVE-2009-4737 | Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 1... | S | |
| CVE-2009-4738 | Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate servi... | S | |
| CVE-2009-4739 | PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to ex... | E | |
| CVE-2009-4740 | Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for T... | | |
| CVE-2009-4741 | Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows... | | |
| CVE-2009-4742 | Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary... | E | |
| CVE-2009-4743 | Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pr... | E | |
| CVE-2009-4744 | Cross-site scripting (XSS) vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allow... | | |
| CVE-2009-4745 | Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attack... | | |
| CVE-2009-4746 | Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote att... | | |
| CVE-2009-4747 | PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control ... | E | |
| CVE-2009-4748 | SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier f... | E | |
| CVE-2009-4749 | Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execut... | E | |
| CVE-2009-4750 | PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to exe... | E | |
| CVE-2009-4751 | SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to ... | E | |
| CVE-2009-4752 | PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote a... | E | |
| CVE-2009-4753 | Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 a... | E | |
| CVE-2009-4754 | Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrar... | E | |
| CVE-2009-4755 | Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute... | E | |
| CVE-2009-4756 | Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remot... | E | |
| CVE-2009-4757 | Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a den... | E | |
| CVE-2009-4758 | Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial ... | E | |
| CVE-2009-4759 | Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (... | E | |
| CVE-2009-4760 | Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient acces... | E | |
| CVE-2009-4761 | Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrar... | E | |
| CVE-2009-4762 | MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circu... | S | |
| CVE-2009-4763 | Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2.4, has unknown i... | | |
| CVE-2009-4764 | Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document... | | |
| CVE-2009-4765 | CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access contr... | E | |
| CVE-2009-4766 | YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores sensitive information under t... | E | |
| CVE-2009-4767 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote... | E | |
| CVE-2009-4768 | Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b an... | | |
| CVE-2009-4769 | Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, an... | E | |
| CVE-2009-4770 | The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass... | E | |
| CVE-2009-4771 | The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x... | S | |
| CVE-2009-4772 | Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart modu... | S | |
| CVE-2009-4773 | Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercar... | S | |
| CVE-2009-4774 | Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode ... | S | |
| CVE-2009-4775 | Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers t... | E | |
| CVE-2009-4776 | Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for... | | |
| CVE-2009-4777 | Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - Vi... | | |
| CVE-2009-4778 | Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Res... | S | |
| CVE-2009-4779 | Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attacker... | E | |
| CVE-2009-4780 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remo... | E | |
| CVE-2009-4781 | TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local... | E | |
| CVE-2009-4782 | Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, possibly 0.01, allow remote attac... | E | |
| CVE-2009-4783 | Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execu... | E | |
| CVE-2009-4784 | SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote a... | E | |
| CVE-2009-4785 | SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote at... | E | |
| CVE-2009-4786 | Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to ... | S | |
| CVE-2009-4787 | Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attack... | | |
| CVE-2009-4788 | Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect... | S | |
| CVE-2009-4789 | Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! all... | E | |
| CVE-2009-4790 | Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated us... | | |
| CVE-2009-4791 | Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote at... | E S | |
| CVE-2009-4792 | SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remo... | E | |
| CVE-2009-4793 | Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 all... | E | |
| CVE-2009-4794 | Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitr... | E | |
| CVE-2009-4795 | Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication i... | E S | |
| CVE-2009-4796 | Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/list... | E | |
| CVE-2009-4797 | SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execu... | E | |
| CVE-2009-4798 | Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary... | E | |
| CVE-2009-4799 | Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, whi... | E | |
| CVE-2009-4800 | Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated user... | E | |
| CVE-2009-4801 | EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete ar... | E | |
| CVE-2009-4802 | SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows r... | S | |
| CVE-2009-4803 | SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier... | | |
| CVE-2009-4804 | Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3... | S | |
| CVE-2009-4805 | Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow r... | E | |
| CVE-2009-4806 | admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative au... | E | |
| CVE-2009-4807 | Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers t... | E | |
| CVE-2009-4808 | admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and ... | E | |
| CVE-2009-4809 | Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows ... | E | |
| CVE-2009-4810 | The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain... | E S | |
| CVE-2009-4811 | VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware W... | E S | |
| CVE-2009-4812 | Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct... | E | |
| CVE-2009-4813 | Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows rem... | E | |
| CVE-2009-4814 | Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers ... | E | |
| CVE-2009-4815 | Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read... | | |
| CVE-2009-4816 | Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows rem... | E | |
| CVE-2009-4817 | Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers t... | E | |
| CVE-2009-4818 | Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 all... | E | |
| CVE-2009-4819 | Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attacke... | E | |
| CVE-2009-4820 | Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, w... | E | |
| CVE-2009-4821 | The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi... | E | |
| CVE-2009-4822 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote ... | E | |
| CVE-2009-4823 | Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.... | E | |
| CVE-2009-4824 | Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attack... | | |
| CVE-2009-4825 | 8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, ... | E | |
| CVE-2009-4826 | Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Pa... | E | |
| CVE-2009-4827 | Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attac... | E | |
| CVE-2009-4828 | Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka ... | E | |
| CVE-2009-4829 | Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6... | S | |
| CVE-2009-4830 | Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication ... | S | |
| CVE-2009-4831 | Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which... | | |
| CVE-2009-4832 | The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via ... | E | |
| CVE-2009-4833 | MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during con... | E S | |
| CVE-2009-4834 | lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted par... | E | |
| CVE-2009-4835 | The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_r... | | |
| CVE-2009-4836 | Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attac... | E | |
| CVE-2009-4837 | Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) bef... | E | |
| CVE-2009-4838 | SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) befor... | | |
| CVE-2009-4839 | Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), po... | | |
| CVE-2009-4840 | Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2... | E | |
| CVE-2009-4841 | Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio ... | E | |
| CVE-2009-4842 | Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allo... | | |
| CVE-2009-4843 | ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for J... | E | |
| CVE-2009-4844 | ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, w... | | |
| CVE-2009-4845 | The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credential... | | |
| CVE-2009-4846 | Multiple buffer overflows in Deliantra Server before 2.82 allow remote attackers to execute arbitrar... | S | |
| CVE-2009-4847 | Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon ... | S | |
| CVE-2009-4848 | Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and ... | E | |
| CVE-2009-4849 | Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 78... | E | |
| CVE-2009-4850 | The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary p... | E | |
| CVE-2009-4851 | The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes i... | S | |
| CVE-2009-4852 | Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote at... | | |
| CVE-2009-4853 | Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System ... | | |
| CVE-2009-4854 | addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the r... | E | |
| CVE-2009-4855 | SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary S... | E | |
| CVE-2009-4856 | Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remot... | E | |
| CVE-2009-4857 | Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers... | E | |
| CVE-2009-4858 | Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote ... | E | |
| CVE-2009-4859 | Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3... | E | |
| CVE-2009-4860 | SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to exe... | E | |
| CVE-2009-4861 | Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote... | E | |
| CVE-2009-4862 | Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQ... | E | |
| CVE-2009-4863 | Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arb... | E | |
| CVE-2009-4864 | Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Scr... | E | |
| CVE-2009-4865 | Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agenc... | E | |
| CVE-2009-4866 | Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search ... | E | |
| CVE-2009-4867 | Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application ... | E | |
| CVE-2009-4868 | Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inj... | E | |
| CVE-2009-4869 | Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attacker... | E | |
| CVE-2009-4870 | Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execu... | E | |
| CVE-2009-4871 | SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers... | E | |
| CVE-2009-4872 | Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote... | E | |
| CVE-2009-4873 | Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows re... | E | |
| CVE-2009-4874 | TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which ... | E | |
| CVE-2009-4875 | FCKeditor.Java 2.4 allows remote attackers to cause a denial of service (infinite loop) via a malfor... | | |
| CVE-2009-4876 | admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct ... | E | |
| CVE-2009-4877 | Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote atta... | | |
| CVE-2009-4878 | Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allo... | | |
| CVE-2009-4879 | The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Di... | | |
| CVE-2009-4880 | Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2... | E S | |
| CVE-2009-4881 | Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in... | | |
| CVE-2009-4882 | Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 all... | E S | |
| CVE-2009-4883 | SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to e... | E | |
| CVE-2009-4884 | Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, a... | E | |
| CVE-2009-4885 | Cross-site scripting (XSS) vulnerability in templates/1/login.php in phpCommunity 2 2.1.8 allows rem... | E | |
| CVE-2009-4886 | Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read ... | E | |
| CVE-2009-4887 | PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register... | E | |
| CVE-2009-4888 | Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to ... | E | |
| CVE-2009-4889 | SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows... | E | |
| CVE-2009-4890 | Multiple cross-site scripting (XSS) vulnerabilities in the login application in vBook 4.2.17 allow r... | | |
| CVE-2009-4891 | SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute ... | E | |
| CVE-2009-4892 | SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute... | E | |
| CVE-2009-4893 | Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allo... | | |
| CVE-2009-4894 | Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remot... | S | |
| CVE-2009-4895 | Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32... | S | |
| CVE-2009-4896 | Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List M... | S | |
| CVE-2009-4897 | Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute... | S | |
| CVE-2009-4898 | Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hij... | | |
| CVE-2009-4899 | pixelpost 1.7.1 has SQL injection... | | |
| CVE-2009-4900 | pixelpost 1.7.1 has XSS... | | |
| CVE-2009-4901 | The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in M... | S | |
| CVE-2009-4902 | Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daem... | | |
| CVE-2009-4903 | Cross-site scripting (XSS) vulnerability in index.php in oBlog allows remote attackers to inject arb... | | |
| CVE-2009-4904 | article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a d... | E | |
| CVE-2009-4905 | Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow ... | E | |
| CVE-2009-4906 | Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote atta... | E | |
| CVE-2009-4907 | Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack... | E | |
| CVE-2009-4908 | Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitr... | E | |
| CVE-2009-4909 | admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks vi... | E | |
| CVE-2009-4910 | Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances ... | S | |
| CVE-2009-4911 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with softw... | S | |
| CVE-2009-4912 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an... | S | |
| CVE-2009-4913 | The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with softwar... | S | |
| CVE-2009-4914 | Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1... | S | |
| CVE-2009-4915 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with softw... | S | |
| CVE-2009-4916 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with softw... | S | |
| CVE-2009-4917 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with softw... | S | |
| CVE-2009-4918 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remot... | S | |
| CVE-2009-4919 | Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before... | S | |
| CVE-2009-4920 | Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices wit... | S | |
| CVE-2009-4921 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remot... | S | |
| CVE-2009-4922 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with softw... | | |
| CVE-2009-4923 | Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 558... | S | |
| CVE-2009-4924 | Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes ... | | |
| CVE-2009-4925 | Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce conte... | E | |
| CVE-2009-4926 | Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO... | E | |
| CVE-2009-4927 | WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a ... | E | |
| CVE-2009-4928 | PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers t... | E | |
| CVE-2009-4929 | admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which al... | E | |
| CVE-2009-4930 | Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Que... | | |
| CVE-2009-4931 | Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial o... | E | |
| CVE-2009-4932 | Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote attackers to cause a denial of ... | E | |
| CVE-2009-4933 | Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute ... | E | |
| CVE-2009-4934 | Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attacker... | E | |
| CVE-2009-4935 | SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execu... | E | |
| CVE-2009-4936 | Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execu... | E | |
| CVE-2009-4937 | Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to in... | E | |
| CVE-2009-4938 | SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla!... | E | |
| CVE-2009-4939 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attac... | E | |
| CVE-2009-4940 | SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to exe... | E | |
| CVE-2009-4941 | Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers ... | | |
| CVE-2009-4942 | Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the... | | |
| CVE-2009-4943 | index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_ad... | | |
| CVE-2009-4944 | Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to in... | | |
| CVE-2009-4945 | AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remot... | | |
| CVE-2009-4946 | Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla... | | |
| CVE-2009-4947 | SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allo... | E | |
| CVE-2009-4948 | Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allow... | S | |
| CVE-2009-4949 | SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote atta... | S | |
| CVE-2009-4950 | SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extensi... | S | |
| CVE-2009-4951 | Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 an... | | |
| CVE-2009-4952 | Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier... | | |
| CVE-2009-4953 | Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before ... | S | |
| CVE-2009-4954 | SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before... | S | |
| CVE-2009-4955 | SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allow... | S | |
| CVE-2009-4956 | Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 f... | S | |
| CVE-2009-4957 | Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to... | E | |
| CVE-2009-4958 | SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows rem... | E | |
| CVE-2009-4959 | SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for T... | | |
| CVE-2009-4960 | Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote att... | E | |
| CVE-2009-4961 | Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to i... | E | |
| CVE-2009-4962 | Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via... | E | |
| CVE-2009-4963 | Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows rem... | S | |
| CVE-2009-4964 | Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via ... | E | |
| CVE-2009-4965 | SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows re... | | |
| CVE-2009-4966 | SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO... | | |
| CVE-2009-4967 | SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attacker... | S | |
| CVE-2009-4968 | SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier fo... | | |
| CVE-2009-4969 | SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 a... | | |
| CVE-2009-4970 | SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers t... | | |
| CVE-2009-4971 | SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote... | S | |
| CVE-2009-4972 | Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5... | | |
| CVE-2009-4973 | SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbit... | E | |
| CVE-2009-4974 | Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to... | E | |
| CVE-2009-4975 | Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to ... | S | |
| CVE-2009-4976 | Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to... | S | |
| CVE-2009-4977 | PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated u... | E | |
| CVE-2009-4978 | Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbi... | E | |
| CVE-2009-4979 | Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow rem... | | |
| CVE-2009-4980 | Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remo... | | |
| CVE-2009-4981 | Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote at... | | |
| CVE-2009-4982 | SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is dis... | E | |
| CVE-2009-4983 | Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attacker... | E | |
| CVE-2009-4984 | Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow... | E | |
| CVE-2009-4985 | SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote a... | E | |
| CVE-2009-4986 | Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled... | E | |
| CVE-2009-4987 | admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authen... | E | |
| CVE-2009-4988 | Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.32... | E | |
| CVE-2009-4989 | Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attac... | E | |
| CVE-2009-4990 | Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows ... | | |
| CVE-2009-4991 | Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows ... | E | |
| CVE-2009-4992 | SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to... | E | |
| CVE-2009-4993 | PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attack... | E | |
| CVE-2009-4994 | Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0... | S | |
| CVE-2009-4995 | Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.... | | |
| CVE-2009-4996 | Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is presse... | | |
| CVE-2009-4997 | gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate se... | | |
| CVE-2009-4998 | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 ... | | |
| CVE-2009-4999 | Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Appli... | |