| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2009-5000 | Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileN... | | |
| CVE-2009-5001 | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-... | | |
| CVE-2009-5002 | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-... | | |
| CVE-2009-5003 | SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attack... | E | |
| CVE-2009-5004 | qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer... | | |
| CVE-2009-5005 | The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enter... | S | |
| CVE-2009-5006 | The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the... | S | |
| CVE-2009-5007 | The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitra... | | |
| CVE-2009-5008 | Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not pro... | | |
| CVE-2009-5009 | Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers t... | | |
| CVE-2009-5010 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attac... | S | |
| CVE-2009-5011 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attac... | | |
| CVE-2009-5012 | ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which... | | |
| CVE-2009-5013 | Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote aut... | | |
| CVE-2009-5014 | The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, w... | | |
| CVE-2009-5015 | The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even whe... | | |
| CVE-2009-5016 | Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easi... | E | |
| CVE-2009-5017 | Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it e... | E S | |
| CVE-2009-5018 | Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent ... | E S | |
| CVE-2009-5019 | Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, wh... | E | |
| CVE-2009-5020 | Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect... | | |
| CVE-2009-5021 | Cobbler before 1.6.1 does not properly determine whether an installation has the default password, w... | S | |
| CVE-2009-5022 | Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote... | E S | |
| CVE-2009-5023 | The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf act... | | |
| CVE-2009-5024 | ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, an... | S | |
| CVE-2009-5025 | A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user e... | | |
| CVE-2009-5026 | The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in... | E | |
| CVE-2009-5027 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2062. Reason: This candida... | R | |
| CVE-2009-5028 | Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of ser... | S | |
| CVE-2009-5029 | Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attacke... | E | |
| CVE-2009-5030 | The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a... | S | |
| CVE-2009-5031 | ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which a... | | |
| CVE-2009-5032 | The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages w... | | |
| CVE-2009-5033 | IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a cer... | | |
| CVE-2009-5034 | IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of servi... | | |
| CVE-2009-5035 | The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoi... | | |
| CVE-2009-5036 | traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cau... | | |
| CVE-2009-5037 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remot... | | |
| CVE-2009-5038 | Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after ... | | |
| CVE-2009-5039 | Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS befor... | | |
| CVE-2009-5040 | CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a... | | |
| CVE-2009-5041 | overkill has buffer overflow via long player names that can corrupt data on the server machine... | | |
| CVE-2009-5042 | python-docutils allows insecure usage of temporary files... | | |
| CVE-2009-5043 | burn allows file names to escape via mishandled quotation marks... | | |
| CVE-2009-5044 | contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbi... | S | |
| CVE-2009-5045 | Dump Servlet information leak in jetty before 6.1.22.... | | |
| CVE-2009-5046 | JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.... | | |
| CVE-2009-5047 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate... | R | |
| CVE-2009-5048 | Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.... | E | |
| CVE-2009-5049 | WebApp JSP Snoop page XSS in jetty though 6.1.21.... | E | |
| CVE-2009-5050 | konversation before 1.2.3 allows attackers to cause a denial of service.... | E | |
| CVE-2009-5051 | Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, whic... | S | |
| CVE-2009-5052 | Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack ve... | | |
| CVE-2009-5053 | Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary... | | |
| CVE-2009-5054 | Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, ... | | |
| CVE-2009-5055 | Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit sub... | E S | |
| CVE-2009-5056 | Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permiss... | E | |
| CVE-2009-5057 | The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE... | S | |
| CVE-2009-5058 | Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows re... | | |
| CVE-2009-5059 | Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might al... | | |
| CVE-2009-5060 | Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might al... | | |
| CVE-2009-5061 | Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Do... | | |
| CVE-2009-5062 | IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated us... | | |
| CVE-2009-5063 | Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows c... | S | |
| CVE-2009-5064 | ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges... | E S | |
| CVE-2009-5065 | Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser o... | E S | |
| CVE-2009-5066 | twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, wh... | | |
| CVE-2009-5067 | Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary ... | E S | |
| CVE-2009-5068 | There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v... | | |
| CVE-2009-5069 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2009-5070 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2009-5071 | Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors relat... | | |
| CVE-2009-5072 | Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61... | S | |
| CVE-2009-5073 | IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote au... | S | |
| CVE-2009-5074 | Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.99... | | |
| CVE-2009-5075 | Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) ... | | |
| CVE-2009-5076 | CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypas... | E S | |
| CVE-2009-5077 | CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator pri... | E | |
| CVE-2009-5078 | contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program wit... | S | |
| CVE-2009-5079 | The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU trof... | S | |
| CVE-2009-5080 | The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2gr... | S | |
| CVE-2009-5081 | The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scr... | S | |
| CVE-2009-5082 | The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Lin... | S | |
| CVE-2009-5083 | IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID rely... | | |
| CVE-2009-5084 | IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.d... | S | |
| CVE-2009-5085 | IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID prov... | S | |
| CVE-2009-5086 | Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1... | | |
| CVE-2009-5087 | Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.... | E | |
| CVE-2009-5088 | SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute ... | E | |
| CVE-2009-5089 | Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to... | E | |
| CVE-2009-5090 | SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is ... | E | |
| CVE-2009-5091 | SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute... | E | |
| CVE-2009-5092 | Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and... | | |
| CVE-2009-5093 | Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attacke... | E | |
| CVE-2009-5094 | SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to exe... | E | |
| CVE-2009-5095 | PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote att... | E | |
| CVE-2009-5096 | Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drup... | S | |
| CVE-2009-5097 | Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers... | | |
| CVE-2009-5098 | The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mo... | E | |
| CVE-2009-5099 | Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier a... | E | |
| CVE-2009-5100 | Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using... | E | |
| CVE-2009-5101 | Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allo... | E | |
| CVE-2009-5102 | SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to e... | E | |
| CVE-2009-5103 | Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inj... | E | |
| CVE-2009-5104 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2009-5105 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2009-5106 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2009-5107 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-5108 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2009-5109 | Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitra... | E | |
| CVE-2009-5110 | dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP request... | | |
| CVE-2009-5111 | GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial H... | | |
| CVE-2009-5112 | wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation pat... | E | |
| CVE-2009-5113 | Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows rem... | E | |
| CVE-2009-5114 | Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote att... | E | |
| CVE-2009-5115 | McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee... | | |
| CVE-2009-5116 | McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows... | | |
| CVE-2009-5117 | The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and ... | | |
| CVE-2009-5118 | Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to... | | |
| CVE-2009-5119 | The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web ... | | |
| CVE-2009-5120 | The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web ... | | |
| CVE-2009-5121 | Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based black... | | |
| CVE-2009-5122 | The Personal Email Manager component in Websense Email Security before 7.2 allows remote attackers t... | | |
| CVE-2009-5123 | The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers t... | | |
| CVE-2009-5124 | The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers t... | | |
| CVE-2009-5125 | Comodo Internet Security before 3.9.95478.509 allows remote attackers to bypass malware detection in... | | |
| CVE-2009-5126 | The Antivirus component in Comodo Internet Security before 3.8.65951.477 allows remote attackers to ... | | |
| CVE-2009-5127 | The Antivirus component in Comodo Internet Security before 3.8.64739.471 allows remote attackers to ... | | |
| CVE-2009-5128 | The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (mem... | | |
| CVE-2009-5129 | The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (int... | | |
| CVE-2009-5130 | The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of... | | |
| CVE-2009-5131 | The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in th... | | |
| CVE-2009-5132 | The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 106 and 7.x before... | | |
| CVE-2009-5134 | Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and poss... | E | |
| CVE-2009-5135 | The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbit... | E | |
| CVE-2009-5136 | The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT... | | |
| CVE-2009-5137 | Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arb... | E | |
| CVE-2009-5138 | GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version... | E S | |
| CVE-2009-5139 | The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an ... | E | |
| CVE-2009-5140 | The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a respons... | | |
| CVE-2009-5141 | Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users... | E | |
| CVE-2009-5142 | Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mi... | E S | |
| CVE-2009-5143 | GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservic... | | |
| CVE-2009-5144 | mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a direc... | S | |
| CVE-2009-5145 | Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.... | | |
| CVE-2009-5146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2009-5147 | DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens... | S | |
| CVE-2009-5149 | Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 ha... | E S | |
| CVE-2009-5150 | Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuratio... | E | |
| CVE-2009-5151 | The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition ... | E | |
| CVE-2009-5152 | Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race ... | E | |
| CVE-2009-5153 | In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the N... | | |
| CVE-2009-5154 | An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm f... | E | |
| CVE-2009-5155 | In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses al... | E S | |
| CVE-2009-5156 | An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bi... | E | |
| CVE-2009-5157 | On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacter... | E | |
| CVE-2009-5158 | The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Goo... | | |
| CVE-2009-5159 | Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allo... | E |