Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2429 | 1 Goahead | 1 Goahead Webserver | 2009-02-06 | 5.0 MEDIUM | N/A |
| webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. | |||||
| CVE-2002-2430 | 1 Goahead | 1 Goahead Webserver | 2009-02-06 | 5.0 MEDIUM | N/A |
| GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server. | |||||
| CVE-2009-0124 | 1 Arrl | 1 Tqsllib | 2009-02-06 | 5.0 MEDIUM | N/A |
| The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-5433 | 1 Punbb | 1 Punbb | 2009-02-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. | |||||
| CVE-2008-4474 | 1 Freeradius | 1 Freeradius | 2009-02-06 | 7.2 HIGH | N/A |
| freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. | |||||
| CVE-2009-0219 | 1 Research In Motion Limited | 3 Blackberry Enterprise Server, Blackberry Professional Software, Blackberry Unite | 2009-02-05 | 9.3 HIGH | N/A |
| The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file. | |||||
| CVE-2009-0131 | 1 Sun | 1 Opensolaris | 2009-02-05 | 4.9 MEDIUM | N/A |
| The UFS implementation in the kernel in Sun OpenSolaris snv_29 through snv_90 allows local users to cause a denial of service (panic) via the single posix_fallocate test in the SUSv3 POSIX test suite, related to an F_ALLOCSP fcntl call. | |||||
| CVE-2009-0317 | 1 Gnome | 1 Nautilus-python | 2009-02-05 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-5924 | 1 Asp-dev | 1 Xm Events Diary | 2009-02-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4536 | 1 Torrenttrader | 1 Torrenttrader | 2009-02-05 | 4.6 MEDIUM | N/A |
| TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend to other files. | |||||
| CVE-2009-0287 | 1 Keep Toolkit | 1 Keep Toolkit | 2009-02-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password. | |||||
| CVE-2009-0431 | 1 Codefixer | 1 Linkspro | 2009-02-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter. | |||||
| CVE-2008-6055 | 1 Preprojects | 1 Pre Classified Listings | 2009-02-04 | 5.0 MEDIUM | N/A |
| PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
| CVE-2009-0415 | 1 Monkey | 1 Trickle | 2009-02-04 | 3.7 LOW | N/A |
| Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path. | |||||
| CVE-2009-0276 | 1 Google | 1 Chrome | 2009-02-04 | 5.0 MEDIUM | N/A |
| Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. | |||||
| CVE-2009-0274 | 1 Novell | 1 Groupwise | 2009-02-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests. | |||||
| CVE-2008-6041 | 1 Dataspade | 1 Dataspade | 2009-02-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (4) FilterField parameters. | |||||
| CVE-2009-0382 | 1 Drupal | 2 Drupal, Internationalization | 2009-02-02 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. | |||||
| CVE-2009-0122 | 1 Hp | 1 Hplip | 2009-01-31 | 6.9 MEDIUM | N/A |
| hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories. | |||||
| CVE-2008-5184 | 1 Apple | 1 Cups | 2009-01-29 | 10.0 HIGH | N/A |
| The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | |||||