CVE List - 2009 / April
Showing 1 - 100 of 567 CVEs for April 2009 (Page 1 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2009-0686 | 2009-04-01 | The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted... |
| CVE-2009-0790 | 2009-04-01 | The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause... |
| CVE-2009-1206 | 2009-04-01 | Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI Professional Version 4.11.5 and earlier allows remote attackers to gain administrative privileges via unknown vectors. |
| CVE-2009-1207 | 2009-04-01 | Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on... |
| CVE-2009-1208 | 2009-04-01 | SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks... |
| CVE-2009-1209 | 2009-04-01 | Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute. |
| CVE-2009-1210 | 2009-04-01 | Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the... |
| CVE-2009-1212 | 2009-04-01 | Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods. |
| CVE-2009-1213 | 2009-04-01 | Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests... |
| CVE-2009-1214 | 2009-04-01 | GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. |
| CVE-2009-1215 | 2009-04-01 | Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. |
| CVE-2009-1211 | 2009-04-01 | Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java,... |
| CVE-2008-3871 | 2009-04-01 | Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1)... |
| CVE-2008-4825 | 2009-04-01 | Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file. |
| CVE-2009-1216 | 2009-04-01 | Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based... |
| CVE-2009-1217 | 2009-04-01 | Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a... |
| CVE-2007-4475 | 2009-04-01 | Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to... |
| CVE-2009-1218 | 2009-04-01 | Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers... |
| CVE-2009-1219 | 2009-04-01 | Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service... |
| CVE-2009-1220 | 2009-04-01 | Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0... |
| CVE-2008-6573 | 2009-04-01 | Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified... |
| CVE-2008-6574 | 2009-04-01 | Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related... |
| CVE-2008-6575 | 2009-04-01 | Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption)... |
| CVE-2008-6576 | 2009-04-01 | Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause... |
| CVE-2008-6577 | 2009-04-01 | Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. |
| CVE-2008-6578 | 2009-04-01 | Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown... |
| CVE-2008-6579 | 2009-04-01 | Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." |
| CVE-2003-1571 | 2009-04-02 | Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct... |
| CVE-2008-6580 | 2009-04-02 | The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1)... |
| CVE-2008-6581 | 2009-04-02 | login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. |
| CVE-2008-6582 | 2009-04-02 | SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. |
| CVE-2009-1222 | 2009-04-02 | Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a ..... |
| CVE-2009-1223 | 2009-04-02 | aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for... |
| CVE-2009-1224 | 2009-04-02 | SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter. |
| CVE-2009-1226 | 2009-04-02 | core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter. |
| CVE-2009-1227 | 2009-04-02 | NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial... |
| CVE-2009-1228 | 2009-04-02 | Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter). |
| CVE-2009-1229 | 2009-04-02 | SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter. |
| CVE-2009-1230 | 2009-04-02 | Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config... |
| CVE-2009-1225 | 2009-04-02 | Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. |
| CVE-2009-1231 | 2009-04-02 | Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors. |
| CVE-2009-1232 | 2009-04-02 | Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with... |
| CVE-2009-1233 | 2009-04-02 | Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. |
| CVE-2009-1234 | 2009-04-02 | Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was... |
| CVE-2009-1235 | 2009-04-02 | XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to... |
| CVE-2009-1236 | 2009-04-02 | Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service... |
| CVE-2009-1237 | 2009-04-02 | Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a... |
| CVE-2009-1238 | 2009-04-02 | Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service... |
| CVE-2008-6583 | 2009-04-03 | Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file. |
| CVE-2008-6584 | 2009-04-03 | html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by... |
| CVE-2008-6585 | 2009-04-03 | Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action. |
| CVE-2008-6586 | 2009-04-03 | Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary... |
| CVE-2008-6587 | 2009-04-03 | Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download... |
| CVE-2008-6588 | 2009-04-03 | Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. |
| CVE-2008-6589 | 2009-04-03 | Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2008-6590 | 2009-04-03 | Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in... |
| CVE-2008-6591 | 2009-04-03 | LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. |
| CVE-2008-6592 | 2009-04-03 | thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal... |
| CVE-2008-6593 | 2009-04-03 | SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. |
| CVE-2008-6594 | 2009-04-03 | SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2008-6595 | 2009-04-03 | SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2008-6598 | 2009-04-03 | Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic." |
| CVE-2008-6599 | 2009-04-03 | cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default... |
| CVE-2008-6601 | 2009-04-03 | Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address of users via unknown vectors. |
| CVE-2008-6602 | 2009-04-03 | Unspecified vulnerability in Download Center Lite before 2.1 has unknown impact and attack vectors related to "A minor security fix." |
| CVE-2008-6603 | 2009-04-03 | MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than... |
| CVE-2009-0556 | 2009-04-03 | Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with... |
| CVE-2009-1239 | 2009-04-03 | IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might... |
| CVE-2009-1240 | 2009-04-03 | Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security... |
| CVE-2009-1241 | 2009-04-03 | Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive. |
| CVE-2008-6596 | 2009-04-03 | SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details... |
| CVE-2008-6597 | 2009-04-03 | Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is... |
| CVE-2008-6600 | 2009-04-03 | Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| CVE-2008-6604 | 2009-04-04 | Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different... |
| CVE-2008-6605 | 2009-04-06 | Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows... |
| CVE-2008-6606 | 2009-04-06 | SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-6607 | 2009-04-06 | Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to inject arbitrary web script or HTML via the thema parameter. |
| CVE-2008-6608 | 2009-04-06 | Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass... |
| CVE-2009-1242 | 2009-04-06 | The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a... |
| CVE-2009-1243 | 2009-04-06 | net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes... |
| CVE-2008-4916 | 2009-04-06 | Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and... |
| CVE-2009-0518 | 2009-04-06 | VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory,... |
| CVE-2009-0908 | 2009-04-06 | Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a... |
| CVE-2009-0909 | 2009-04-06 | Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and... |
| CVE-2009-0910 | 2009-04-06 | Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and... |
| CVE-2009-1146 | 2009-04-06 | Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build... |
| CVE-2009-1147 | 2009-04-06 | Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server... |
| CVE-2008-6609 | 2009-04-06 | Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. |
| CVE-2008-6610 | 2009-04-06 | Absolute path traversal vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2.0 allows remote attackers to list arbitrary directories and read arbitrary files via a full pathname in the file parameter. |
| CVE-2008-6611 | 2009-04-06 | SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-6612 | 2009-04-06 | Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a... |
| CVE-2008-6613 | 2009-04-06 | uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. |
| CVE-2009-1245 | 2009-04-06 | Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject,... |
| CVE-2009-1246 | 2009-04-06 | Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2)... |
| CVE-2009-1247 | 2009-04-06 | SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2009-1248 | 2009-04-06 | Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and... |
| CVE-2009-1249 | 2009-04-06 | Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in... |
| CVE-2008-6614 | 2009-04-06 | Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka... |
| CVE-2008-6615 | 2009-04-06 | SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance... |
| CVE-2008-6616 | 2009-04-06 | Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page.... |