Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4398 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2009-12-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4379 | 1 Valarsoft | 1 Webmatic | 2009-12-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-2924. | |||||
| CVE-2009-4387 | 1 Manageengine | 2 Password Manager Pro, Password Manager Pro6.1 | 2009-12-23 | 4.3 MEDIUM | N/A |
| The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs. | |||||
| CVE-2009-4380 | 1 Valarsoft | 1 Webmatic | 2009-12-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925. | |||||
| CVE-2009-4394 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer2, Typo3 | 2009-12-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4395 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer2, Typo3 | 2009-12-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4400 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2009-12-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4401 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2009-12-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4382 | 1 Phpfaber | 1 Phpfaber Content Management System | 2009-12-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter. | |||||
| CVE-2009-4399 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2009-12-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-3792 | 1 Adobe | 1 Flash Media Server | 2009-12-22 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors. | |||||
| CVE-2009-4362 | 1 Ibm | 1 Aix | 2009-12-22 | 7.2 HIGH | N/A |
| Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3791 | 1 Adobe | 1 Flash Media Server | 2009-12-22 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors. | |||||
| CVE-2009-4361 | 1 Ibm | 1 Aix | 2009-12-22 | 7.2 HIGH | N/A |
| Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4358 | 1 Freebsd | 1 Freebsd | 2009-12-21 | 4.7 MEDIUM | N/A |
| freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. | |||||
| CVE-2009-4357 | 1 Ibm | 2 Rational Clearcase, Rational Clearquest | 2009-12-21 | 5.0 MEDIUM | N/A |
| CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. | |||||
| CVE-2009-3842 | 1 Hp | 2 Color Laserjet Cp3525 Printer, Color Laserjet M3530 Multifunction Printer | 2009-12-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 and the Color LaserJet CP3525 Printer with firmware 53.021.2 allows remote attackers to obtain "access to data" or cause a denial of service via unknown vectors. | |||||
| CVE-2009-2940 | 2 Pygresql, Python | 2 Pygresql, Python | 2009-12-19 | 7.5 HIGH | N/A |
| The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | |||||
| CVE-2009-2839 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-12-19 | 6.8 MEDIUM | N/A |
| Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
| CVE-2009-2415 | 1 Memcachedb | 1 Memcached | 2009-12-19 | 10.0 HIGH | N/A |
| Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows. | |||||