CVE Daily
← All years

All CVEs — 2009

Page 33/34.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2009-01-21
High

CVE-2008-5920

The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2008-5919

Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in th…

CVSS: 6.8 CWE: CWE-22
Read more
Medium

CVE-2008-5918

Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INF…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5917

Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote att…

CVSS: 4.3 CWE: CWE-79
Read more
2009-01-20
High

CVE-2009-0182

Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.

CVSS: 8.8 CWE: CWE-120
Read more
Critical

CVE-2009-0181

Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters.

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2008-5516

The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.

CVSS: 7.5 CWE: CWE-78
Read more
Critical

CVE-2008-4388

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to ex…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2009-0176

Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Softwar…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2009-0175

Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2009-0174

Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5911

Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP…

CVSS: 10.0 CWE: CWE-119
Read more
2009-01-16
Medium

CVE-2009-0173

Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2009-0172

Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2009-0056

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4,…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2009-0055

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4,…

CVSS: 6.8 CWE: CWE-352
Read more
Critical

CVE-2008-4770

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows re…

CVSS: 10.0 CWE: CWE-20
Read more
High

CVE-2008-4444

Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possi…

CVSS: 7.1 CWE: CWE-20
Read more
Medium

CVE-2008-3821

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the pin…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-3818

Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card r…

CVSS: 7.8 CWE: CWE-20
Read more
Critical

CVE-2009-0135

Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audi…

CVSS: 9.3 CWE: CWE-119
Read more
2009-01-15
Critical

CVE-2009-0133

Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue…

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2009-0130

lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate ch…

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2009-0129

libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2009-0128

plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, w…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2009-0127

M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypas…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2009-0126

The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_d…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2009-0125

NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the O…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2009-0124

The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allow…

CVSS: 5.0 CWE: CWE-287
Read more
High

CVE-2009-0123

Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1…

CVSS: 7.1 CWE: CWE-200
Read more
High

CVE-2009-0029

The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a us…

CVSS: 7.2 CWE: CWE-20
Read more
Medium

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts.

CVSS: 6.8 CWE: CWE-20
Read more
High

CVE-2008-5904

The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain lengt…

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2008-5902

Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request.

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-1999-1593

Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain contr…

CVSS: 7.6 CWE: CWE-59
Read more
High

CVE-2009-0121

SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unk…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2009-0120

The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as…

CVSS: 7.8 CWE: CWE-20
Read more
Medium

CVE-2003-1567

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers…

CVSS: 5.8 CWE: CWE-200
Read more
2009-01-14
Critical

CVE-2009-0119

Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file.

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2009-0041

IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2008-4835

SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed v…

CVSS: 9.8 CWE: CWE-94
Read more
Critical

CVE-2008-4834

Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspe…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2008-5461

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity,…

CVSS: 6.8 CWE: CWE-200
Read more
Low

CVE-2008-5460

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 2.6 CWE: CWE-200
Read more
2009-01-13
High

CVE-2008-5517

The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2008-5262

Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file.

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2008-4307

Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call tha…

CVSS: 4.0 CWE: CWE-362
Read more
2009-01-12
High

CVE-2008-5895

SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5894

Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

CVSS: 6.8 CWE: CWE-22
Read more
Low

CVE-2008-5893

Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.

CVSS: 2.6 CWE: CWE-79
Read more
High

CVE-2008-5892

Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid pa…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5891

Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: so…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5890

SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5889

Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5888

Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp;…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5887

phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."

CVSS: 5.0 CWE: CWE-20
Read more
High

CVE-2008-5883

Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.

CVSS: 7.8 CWE: CWE-22
Read more
2009-01-09
Medium

CVE-2009-0113

Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_C…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2009-0112

Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name para…

CVSS: 6.8 CWE: CWE-352
Read more
High

CVE-2009-0111

SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2009-0110

SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2009-0109

SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained fr…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2009-0107

Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2009-0106

SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2009-0105

Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2009-0104

SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2009-0103

Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.p…

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2008-5882

SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows re…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5881

Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter…

CVSS: 7.5 CWE: CWE-22
Read more
2009-01-08
High

CVE-2008-5880

admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2008-5879

Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5878

Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to in…

CVSS: 5.1 CWE: CWE-22
Read more
Medium

CVE-2008-5877

Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (…

CVSS: 6.8 CWE: CWE-89
Read more
Critical

CVE-2008-5876

Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors in the B3D loader.

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2008-5875

SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id param…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5874

Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetail…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-4827

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.2…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-0067

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView…

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2008-5872

Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attac…

CVSS: 7.8 CWE: CWE-20
Read more
Medium

CVE-2008-5870

FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CV…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2008-5869

Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-5868

Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user-assisted attackers to execute arbitrary code via a long ProxyLogin value in a configuration (.cfg) file.

CVSS: 9.3 CWE: CWE-119
Read more
2009-01-07
Medium

CVE-2008-5867

Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in…

CVSS: 5.0 CWE: CWE-22
Read more
Critical

CVE-2008-5866

The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SN…

CVSS: 10.0 CWE: CWE-94
Read more
Medium

CVE-2009-0068

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-ope…

CVSS: 6.8 CWE: CWE-94
Read more
Critical

CVE-2009-0065

Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact v…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2009-0051

ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TL…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2009-0050

Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2009-0049

Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certifi…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2009-0048

OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a ma…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2009-0047

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed S…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2009-0046

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a ma…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2009-0025

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain…

CVSS: 6.8 CWE: CWE-287
Read more
Medium

CVE-2009-0021

NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certi…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2008-5077

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/…

CVSS: 5.8 CWE: CWE-20
Read more
2009-01-06
High

CVE-2008-5865

SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5864

SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL co…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5863

SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user ac…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5862

Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2008-5861

Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read arbitrary files via directory traversal sequences in the p parameter. NOTE: some of these details ar…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2008-5860

Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or…

CVSS: 5.1 CWE: CWE-22
Read more
Medium

CVE-2008-5859

SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL comm…

CVSS: 5.1 CWE: CWE-89
Read more
Medium

CVE-2008-5858

Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-20…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5856

Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2008-5854

Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email p…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5851

SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to execute arbitrary SQL commands via the seasonID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5849

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an…

CVSS: 5.0 CWE: CWE-200
Read more
2009-01-05
Medium

CVE-2009-0022

Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.

CVSS: 6.3 CWE: CWE-20
Read more
Medium

CVE-2008-5845

Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAut…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5842

Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5841

Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5839

Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element.

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2008-5838

SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid paramete…

CVSS: 7.5 CWE: CWE-89
Read more
2009-01-02
Medium

CVE-2008-5828

Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers…

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2008-5826

The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDE…

CVSS: 7.8 CWE: CWE-20
Read more
Low

CVE-2008-5825

The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination…

CVSS: 2.6 CWE: CWE-59
Read more
Medium

CVE-2008-5824

Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…

CVSS: 6.8 CWE: CWE-119
Read more
High

CVE-2008-2381

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5820

SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5819

Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot do…

CVSS: 6.8 CWE: CWE-22
Read more