Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7191 | 1 Pps.jussieu | 1 Polipo | 2009-09-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL. | |||||
| CVE-2009-3113 | 1 Oxid | 1 Eshop | 2009-09-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter. | |||||
| CVE-2009-3112 | 1 Oxidforge | 2 Oxid Eshop, Oxid Eshop4.0.0.2 14967 | 2009-09-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter. | |||||
| CVE-2009-3120 | 1 Bigace | 1 Bigace | 2009-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3124 | 1 Ipmotor | 1 Quarkmail | 2009-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a .. (dot dot) in the tf parameter. | |||||
| CVE-2009-3118 | 1 Danneo | 1 Cms | 2009-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php. | |||||
| CVE-2009-3050 | 1 Htmldoc | 1 Htmldoc | 2009-09-10 | 10.0 HIGH | N/A |
| Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries. | |||||
| CVE-2009-2266 | 1 Oxid | 1 Eshop | 2009-09-10 | 5.0 MEDIUM | N/A |
| OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie. | |||||
| CVE-2009-3119 | 2 Php-fusion, X-iweb.ru | 2 Php-fusion, Download System Msf | 2009-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter. | |||||
| CVE-2008-7190 | 1 Adium | 1 Adium | 2009-09-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS). | |||||
| CVE-2009-3092 | 1 Asus | 1 Asus Wl-500w | 2009-09-09 | 10.0 HIGH | N/A |
| Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-7146 | 1 Intralearn | 1 Intralearn | 2009-09-09 | 5.0 MEDIUM | N/A |
| IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message. | |||||
| CVE-2009-0627 | 1 Cisco | 3 Nexus 5000, Nexus 7000, Nx-os | 2009-09-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609. | |||||
| CVE-2009-3096 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2009-09-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3066 | 1 Propertywatchscript | 1 Property Watch | 2009-09-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php. | |||||
| CVE-2009-2701 | 1 Zope | 1 Zodb | 2009-09-09 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors. | |||||
| CVE-2008-7149 | 1 Agilewiki | 1 Agilewiki | 2009-09-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords. | |||||
| CVE-2009-3101 | 1 Sun | 2 Opensolaris, Solaris | 2009-09-09 | 4.9 MEDIUM | N/A |
| xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches. | |||||
| CVE-2009-3060 | 1 Allpublication | 1 Jboard | 2009-09-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_user_message.php, or (3) the user_title parameter to inc/head.inc.php, reachable through any PHP script. | |||||
| CVE-2008-7166 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2009-09-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364. | |||||