Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1273 | 1 Andrew J.korty | 1 Pam Ssh | 2009-05-13 | 5.0 MEDIUM | N/A |
| pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. | |||||
| CVE-2009-0720 | 1 Hp | 1 Openview Network Node Manager | 2009-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2009-0757 | 1 Mpfr | 1 Gnu Mpfr | 2009-05-13 | 7.5 HIGH | N/A |
| Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions. | |||||
| CVE-2009-1590 | 1 Cgi Rescue | 1 Form2mail | 2009-05-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form. | |||||
| CVE-2008-6802 | 1 Phpexplorer | 1 Phphotogallery | 2009-05-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6797 | 1 Mitel | 1 Mitel Nupoint Messenger | 2009-05-08 | 7.8 HIGH | N/A |
| The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2009-1561 | 1 Cisco | 1 Wrt54gc | 2009-05-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters. | |||||
| CVE-2009-1518 | 1 Beltane | 1 Beltane | 2009-05-05 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2001-1209 | 1 Abe Timmerman | 1 Zml.cgi | 2009-04-30 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2009-1484 | 1 Gecad | 1 Axigen Mail Server | 2009-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1301 | 1 Mpg123 | 1 Mpg123 | 2009-04-29 | 10.0 HIGH | N/A |
| Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1275 | 1 Apache | 2 Struts, Tiles | 2009-04-29 | 6.8 MEDIUM | N/A |
| Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags. | |||||
| CVE-2009-0715 | 1 Hp | 1 Storage Essentials | 2009-04-29 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors. | |||||
| CVE-2009-0664 | 1 Mahara | 1 Mahara | 2009-04-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. | |||||
| CVE-2008-6722 | 1 Novell | 1 Access Manager | 2009-04-29 | 1.9 LOW | N/A |
| Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache. | |||||
| CVE-2009-1156 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-28 | 5.7 MEDIUM | N/A |
| Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet. | |||||
| CVE-2009-1285 | 1 Phpmyadmin | 1 Phpmyadmin | 2009-04-28 | 7.5 HIGH | N/A |
| Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files. | |||||
| CVE-2009-1158 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet. | |||||
| CVE-2009-1160 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-28 | 4.3 MEDIUM | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277. | |||||
| CVE-2009-1155 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-28 | 7.8 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors. | |||||