Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4033 | 1 Tim Hockin | 1 Acpid | 2017-09-19 | 6.9 MEDIUM | N/A |
| A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file. | |||||
| CVE-2009-2766 | 1 Dd-wrt | 1 Dd-wrt | 2017-09-19 | 7.5 HIGH | N/A |
| httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests. | |||||
| CVE-2009-3374 | 1 Mozilla | 1 Firefox | 2017-09-19 | 7.5 HIGH | N/A |
| The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | |||||
| CVE-2009-3866 | 1 Sun | 2 Jdk, Jre | 2017-09-19 | 9.3 HIGH | N/A |
| The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. | |||||
| CVE-2009-3461 | 1 Adobe | 1 Acrobat | 2017-09-19 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors. | |||||
| CVE-2009-2690 | 1 Sun | 2 Java Se, Openjdk | 2017-09-19 | 5.0 MEDIUM | N/A |
| The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. | |||||
| CVE-2009-2602 | 1 R2newsletter | 3 R2 Newsletter Lite, R2 Newsletter Pro, R2 Newsletter Stats | 2017-09-19 | 5.0 MEDIUM | N/A |
| R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb. | |||||
| CVE-2009-3949 | 1 Vivaprograms | 1 Infinity Script | 2017-09-19 | 7.5 HIGH | N/A |
| cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters. | |||||
| CVE-2009-3525 | 1 Xen | 1 Xen | 2017-09-19 | 7.2 HIGH | N/A |
| The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. | |||||
| CVE-2009-3596 | 1 Joxtechnology | 1 Ajox Poll | 2017-09-19 | 7.5 HIGH | N/A |
| JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request. | |||||
| CVE-2009-3385 | 1 Mozilla | 1 Seamonkey | 2017-09-19 | 7.1 HIGH | N/A |
| The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation. | |||||
| CVE-2009-2558 | 1 Adminnewstools | 1 Admin News Tools | 2017-09-19 | 7.5 HIGH | N/A |
| system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request. | |||||
| CVE-2009-2689 | 1 Sun | 2 Java Se, Openjdk | 2017-09-19 | 10.0 HIGH | N/A |
| JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. | |||||
| CVE-2009-2393 | 1 Virtuenetz | 1 Virtue Online Test Generator | 2017-09-19 | 6.5 MEDIUM | N/A |
| admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privileges, which allows remote authenticated users to have an unknown impact via unspecified vectors. | |||||
| CVE-2009-3375 | 1 Mozilla | 1 Firefox | 2017-09-19 | 4.3 MEDIUM | N/A |
| content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | |||||
| CVE-2009-3716 | 1 Maniacomputer | 1 Mcshoutbox | 2017-09-19 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/. | |||||
| CVE-2009-4545 | 1 Logoshows | 1 Logoshows Bbs | 2017-09-19 | 5.0 MEDIUM | N/A |
| Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb. | |||||
| CVE-2009-2476 | 1 Sun | 2 Java Se, Openjdk | 2017-09-19 | 10.0 HIGH | N/A |
| The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. | |||||
| CVE-2009-3988 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | |||||
| CVE-2009-3182 | 1 Anantasoft | 1 Gazelle Cms | 2017-09-19 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/. | |||||