Medium
CVE-2009-3901
Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified v…
Read moreAll CVEs — 2009
Page 5/34.
Browse all CVEs by publication year. Use filters to refine.
CVSS ≥ 0.0
2009-11-06
Critical
CVE-2009-3850
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
Read more
Low
CVE-2009-3300
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet…
Read more
Critical
CVE-2009-2685
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
Read more2009-11-05
Critical
CVE-2009-3878
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20…
Read more
Critical
CVE-2009-3873
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafte…
Read more
Critical
CVE-2009-3871
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 befor…
Read more
Critical
CVE-2009-3869
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before…
Read more
Critical
CVE-2009-3868
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which…
Read more
Critical
CVE-2009-3867
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and J…
Read more
Critical
CVE-2009-3865
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a craft…
Read more2009-11-04
Medium
CVE-2009-3863
Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace…
Read more
Medium
CVE-2009-3862
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a d…
Read more
Medium
CVE-2009-3861
Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a…
Read more
Critical
CVE-2009-3859
Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or exe…
Read more
Medium
CVE-2009-3858
Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags.
Read more
Medium
CVE-2009-3857
Buffer overflow in Softonic International SciTE 1.72 allows user-assisted remote attackers to cause a denial of service (application crash) via a Ruby (.rb) file containing a long string, which trigg…
Read more
Medium
CVE-2009-3856
Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some…
Read more
Critical
CVE-2009-3854
Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via uns…
Read more
Critical
CVE-2009-3853
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.…
Read more
High
CVE-2009-3547
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting…
Read more
Critical
CVE-2009-3465
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issu…
Read more
Critical
CVE-2009-3464
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issu…
Read more
Critical
CVE-2009-3463
Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained…
Read more
Critical
CVE-2009-0306
Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote…
Read more2009-11-03
Medium
CVE-2009-3299
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vector…
Read more
Critical
CVE-2009-3031
Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server…
Read more2009-11-02
Critical
CVE-2009-3838
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long er…
Read more
Critical
CVE-2009-3837
Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.
Read more
High
CVE-2009-3835
SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php.
Read more
High
CVE-2009-3834
SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs…
Read more
Medium
CVE-2009-3833
Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
Read more
Medium
CVE-2009-3733
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to…
Read more
Medium
CVE-2009-3636
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to i…
Read more
Medium
CVE-2009-3635
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5…
Read more
Medium
CVE-2009-3634
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecifi…
Read more
Medium
CVE-2009-3633
Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote att…
Read more
Medium
CVE-2009-3632
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.…
Read more
High
CVE-2009-3631
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated…
Read more
Low
CVE-2009-3629
Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authentic…
Read more
Medium
CVE-2009-3628
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted…
Read more2009-10-30
Medium
CVE-2009-3832
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
Read more
Critical
CVE-2009-3831
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
Read more
Medium
CVE-2009-3830
The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl a…
Read more
High
CVE-2009-3623
The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL auth…
Read more
Medium
CVE-2009-3549
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file t…
Read more
Medium
CVE-2009-3828
The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors.
Read more2009-10-29
Medium
CVE-2009-3640
The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controlle…
Read more
Medium
CVE-2009-3627
The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, w…
Read more
Critical
CVE-2009-3373
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified…
Read more2009-10-28
Medium
CVE-2009-3826
Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a ce…
Read more
Medium
CVE-2009-3700
Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) chara…
Read more
High
CVE-2009-3825
Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Templ…
Read more
High
CVE-2009-3824
Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conten…
Read more
Medium
CVE-2009-3823
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parame…
Read more
High
CVE-2009-3822
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_…
Read more
Medium
CVE-2009-3821
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Read more
High
CVE-2009-3820
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Read more
High
CVE-2009-3817
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mo…
Read more
Medium
CVE-2009-3816
Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unsp…
Read more2009-10-27
Medium
CVE-2009-3815
RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to…
Read more
Medium
CVE-2009-3814
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/syste…
Read more
Medium
CVE-2009-3813
Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id…
Read more
Critical
CVE-2009-3812
Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code…
Read more
Critical
CVE-2009-3811
Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from th…
Read more
Critical
CVE-2009-3810
Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
Read more
Medium
CVE-2009-3809
Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file.
Read more
Critical
CVE-2009-3807
Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file.
Read more
High
CVE-2009-3806
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.
Read more
Medium
CVE-2009-3804
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly hand…
Read more
Medium
CVE-2009-3803
Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /…
Read more
Medium
CVE-2009-3802
Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information i…
Read more
High
CVE-2009-3801
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this informat…
Read more2009-10-26
Critical
CVE-2009-3790
Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) fi…
Read more
Medium
CVE-2009-3789
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.…
Read more
High
CVE-2009-3788
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.
Read more
Medium
CVE-2009-3787
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is…
Read more
Medium
CVE-2009-3786
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HT…
Read more
Medium
CVE-2009-3785
Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via…
Read more
Medium
CVE-2009-3784
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspeci…
Read more
Medium
CVE-2009-3783
Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector.
Read more
Low
CVE-2009-3782
Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users…
Read more
High
CVE-2009-3781
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access…
Read more
Medium
CVE-2009-3780
Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified…
Read more
Medium
CVE-2009-3779
Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector…
Read more
High
CVE-2009-3778
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Read more
High
CVE-2009-3625
Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
Read more
High
CVE-2009-3611
common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive infor…
Read more2009-10-23
Medium
CVE-2009-3767
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) fiel…
Read more
Critical
CVE-2009-3616
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a V…
Read more
Critical
CVE-2009-2281
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1…
Read more
Medium
CVE-2009-1297
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a syml…
Read more2009-10-22
High
CVE-2009-3760
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include…
Read more
High
CVE-2009-3759
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators fo…
Read more
High
CVE-2009-3758
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOT…
Read more
Medium
CVE-2009-3757
Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) usern…
Read more
Medium
CVE-2009-3756
phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which re…
Read more
Medium
CVE-2009-3755
Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php;…
Read more
High
CVE-2009-3754
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to d…
Read more
High
CVE-2009-3753
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request…
Read more
High
CVE-2009-3752
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.
Read more
Medium
CVE-2009-3751
Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter.
Read more
High
CVE-2009-3750
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.
Read more
Medium
CVE-2009-3748
Multiple cross-site scripting (XSS) vulnerabilities in the Web Administrator in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allow remote attackers to in…
Read more
Medium
CVE-2009-3747
Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. NOTE: this was originally reported fo…
Read more
Medium
CVE-2009-3745
Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
Read more
Medium
CVE-2009-3621
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shut…
Read more
High
CVE-2009-3620
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of…
Read more
High
CVE-2009-1479
Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
Read more
Critical
CVE-2008-3685
Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upl…
Read more
Critical
CVE-2008-3684
Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute ar…
Read more2009-10-20
Medium
CVE-2009-3730
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web scrip…
Read more
High
CVE-2009-3617
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cau…
Read more
Low
CVE-2009-2910
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register va…
Read more2009-10-19
Critical
CVE-2009-3458
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a differ…
Read more
Critical
CVE-2009-2998
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a differ…
Read more
Critical
CVE-2009-2997
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Read more
Critical
CVE-2009-2994
Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Read more
Critical
CVE-2009-2993
The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions…
Read more
Medium
CVE-2009-2992
An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial…
Read more