Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0620 | 1 Cisco | 2 Application Control Engine Module, Catalyst | 2009-02-27 | 10.0 HIGH | N/A |
| Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access. | |||||
| CVE-2009-0742 | 1 Cisco | 4 Ace 4710, Application Control Engine Module, Catalyst 6500 and 1 more | 2009-02-27 | 7.8 HIGH | N/A |
| The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2009-0621 | 1 Cisco | 1 Ace 4710 | 2009-02-27 | 10.0 HIGH | N/A |
| Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access. | |||||
| CVE-2009-0622 | 1 Cisco | 4 Ace 4710, Application Control Engine Module, Catalyst 6500 and 1 more | 2009-02-27 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI). | |||||
| CVE-2008-6104 | 1 A4desk | 1 A4desk Flash Event Calendar | 2009-02-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php. | |||||
| CVE-2008-5809 | 1 Futomi | 1 Access Analyzer Cgi | 2009-02-26 | 5.8 MEDIUM | N/A |
| futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id. | |||||
| CVE-2008-5721 | 1 Sapporoworks | 1 Blackjumbodog | 2009-02-26 | 5.0 MEDIUM | N/A |
| SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-1692 | 1 Eterm | 1 Eterm | 2009-02-26 | 6.9 MEDIUM | N/A |
| Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | |||||
| CVE-2008-6279 | 1 Rakhisoftware | 1 Rakhisoftware Shopping Cart | 2009-02-26 | 7.8 HIGH | N/A |
| RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message. | |||||
| CVE-2008-6278 | 1 Rakhisoftware | 1 Rakhisoftware Shopping Cart | 2009-02-26 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters. | |||||
| CVE-2008-1142 | 7 Aterm, Eterm, Mrxvt and 4 more | 7 Aterm, Eterm, Mrxvt and 4 more | 2009-02-26 | 3.7 LOW | N/A |
| rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | |||||
| CVE-2009-0654 | 1 Tor | 1 Tor | 2009-02-25 | 5.1 MEDIUM | N/A |
| Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve." | |||||
| CVE-2009-0416 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2009-02-20 | 6.9 MEDIUM | N/A |
| The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files. | |||||
| CVE-2008-5244 | 1 Xine | 1 Xine-lib | 2009-02-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad. | |||||
| CVE-2008-6161 | 1 Sourceforge | 1 Wow Raid Manager | 2009-02-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-5717 | 1 Hitachi | 1 Jp1 Integrated Management Service Support | 2009-02-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-5719 | 1 Hitachi | 2 Groupmax Web Workflow Sdk Set For Active Server Pages, Groupmax Workflow To Development Kit For Active Server Pages | 2009-02-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-0609 | 1 Sun | 1 Java System Directory Server | 2009-02-18 | 7.8 HIGH | N/A |
| Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests. | |||||
| CVE-2009-0610 | 1 Dminnich | 1 Simple Php News | 2009-02-18 | 7.5 HIGH | N/A |
| Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0305 | 2 Microsoft, Research In Motion Limited | 2 Internet Explorer, Blackberry Application Web Loader | 2009-02-17 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method. | |||||