Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4154 | 1 Elxis | 1 Elxis Cms | 2009-12-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2009-4164 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2009-12-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4158 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2009-12-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4165 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2009-12-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4096 | 1 Scriptlerim | 1 Radio Isetek Scripti | 2009-12-02 | 7.5 HIGH | N/A |
| RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc. | |||||
| CVE-2009-4103 | 1 Robo-ftp | 1 Robo-ftp | 2009-11-30 | 9.3 HIGH | N/A |
| Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4109 | 1 Dotnetnuke | 1 Dotnetnuke | 2009-11-30 | 5.0 MEDIUM | N/A |
| The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information. | |||||
| CVE-2009-4070 | 1 Gforge | 1 Gforge | 2009-11-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2009-3303 | 1 Gforge | 1 Gforge | 2009-11-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter. | |||||
| CVE-2009-4069 | 1 Gforge | 1 Gforge | 2009-11-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3961 | 1 Jos De Ruijter | 1 Superseriousstats | 2009-11-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "incorrect regexp." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3930 | 1 Christos Zoulas | 1 File | 2009-11-24 | 9.3 HIGH | N/A |
| Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow. | |||||
| CVE-2009-3840 | 1 Hp | 1 Openview Network Node Manager | 2009-11-24 | 5.0 MEDIUM | N/A |
| The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet. | |||||
| CVE-2009-3841 | 2 Hp, Microsoft | 2 Discovery\&dependency Mapping Inventory, Windows | 2009-11-24 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
| CVE-2009-2661 | 1 Strongswan | 1 Strongswan | 2009-11-24 | 5.0 MEDIUM | N/A |
| The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. | |||||
| CVE-2009-2823 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-24 | 4.3 MEDIUM | N/A |
| The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. | |||||
| CVE-2008-5248 | 1 Xine | 1 Xine-lib | 2009-11-24 | 4.3 MEDIUM | N/A |
| xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators." | |||||
| CVE-2002-2353 | 1 Tftpd32 | 1 Tftpd32 | 2009-11-24 | 6.4 MEDIUM | N/A |
| tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests. | |||||
| CVE-2009-4056 | 1 Betsy | 1 Betsy Cms | 2009-11-24 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the popup parameter. | |||||
| CVE-2009-4047 | 1 P-hd | 1 Phd Help Desk | 2009-11-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||