CVE List - 2009 / June
Showing 301 - 400 of 450 CVEs for June 2009 (Page 4 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2009-2112 | 2009-06-18 | Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter. |
| CVE-2009-2113 | 2009-06-18 | Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php. |
| CVE-2009-2114 | 2009-06-18 | Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4)... |
| CVE-2009-2115 | 2009-06-18 | admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message. |
| CVE-2009-2116 | 2009-06-18 | Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter. |
| CVE-2009-2117 | 2009-06-18 | uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username. |
| CVE-2009-2118 | 2009-06-18 | Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers... |
| CVE-2009-2119 | 2009-06-18 | Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or... |
| CVE-2009-2120 | 2009-06-18 | Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) ids parameter to admin.php, the (2) y parameter to members.php,... |
| CVE-2009-0958 | 2009-06-19 | Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate,... |
| CVE-2009-0959 | 2009-06-19 | The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device... |
| CVE-2009-0960 | 2009-06-19 | The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in... |
| CVE-2009-0961 | 2009-06-19 | The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might... |
| CVE-2009-1679 | 2009-06-19 | The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from... |
| CVE-2009-1680 | 2009-06-19 | Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the... |
| CVE-2009-1692 | 2009-06-19 | WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a... |
| CVE-2009-1683 | 2009-06-19 | The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset)... |
| CVE-2009-2122 | 2009-06-19 | SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-2123 | 2009-06-19 | Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei,... |
| CVE-2009-2124 | 2009-06-19 | Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. |
| CVE-2009-2127 | 2009-06-19 | Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2009-2129 | 2009-06-19 | Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action. |
| CVE-2009-2130 | 2009-06-19 | Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request. |
| CVE-2009-2131 | 2009-06-19 | Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then... |
| CVE-2009-2133 | 2009-06-19 | Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php,... |
| CVE-2009-2125 | 2009-06-19 | delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs. |
| CVE-2009-2126 | 2009-06-19 | Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field. |
| CVE-2009-2128 | 2009-06-19 | SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field. |
| CVE-2009-2132 | 2009-06-19 | Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l... |
| CVE-2009-2134 | 2009-06-19 | pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message. |
| CVE-2009-2135 | 2009-06-19 | Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors... |
| CVE-2009-2136 | 2009-06-19 | Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is... |
| CVE-2009-2137 | 2009-06-19 | Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service... |
| CVE-2009-2138 | 2009-06-19 | Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2)... |
| CVE-2009-2141 | 2009-06-22 | Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in... |
| CVE-2009-2142 | 2009-06-22 | Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters. |
| CVE-2009-2143 | 2009-06-22 | PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. |
| CVE-2009-2145 | 2009-06-22 | Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI,... |
| CVE-2009-2147 | 2009-06-22 | SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-2148 | 2009-06-22 | SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-2149 | 2009-06-22 | Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or... |
| CVE-2009-2150 | 2009-06-22 | Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might... |
| CVE-2009-2151 | 2009-06-22 | Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter. |
| CVE-2009-2152 | 2009-06-22 | SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action. |
| CVE-2009-2153 | 2009-06-22 | Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. |
| CVE-2009-2154 | 2009-06-22 | SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2009-2144 | 2009-06-22 | SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-2146 | 2009-06-22 | Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by... |
| CVE-2009-2155 | 2009-06-22 | Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this... |
| CVE-2009-2156 | 2009-06-22 | Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php;... |
| CVE-2009-2157 | 2009-06-22 | Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php... |
| CVE-2009-2158 | 2009-06-22 | account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. |
| CVE-2009-2159 | 2009-06-22 | backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a... |
| CVE-2009-2160 | 2009-06-22 | TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other... |
| CVE-2009-2161 | 2009-06-22 | Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot... |
| CVE-2009-2162 | 2009-06-22 | Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-6833 | 2009-06-22 | Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element... |
| CVE-2008-6834 | 2009-06-22 | Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter... |
| CVE-2009-2163 | 2009-06-22 | Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter. |
| CVE-2009-2164 | 2009-06-22 | Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the... |
| CVE-2009-2166 | 2009-06-22 | Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter. |
| CVE-2009-2167 | 2009-06-22 | Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username... |
| CVE-2009-2168 | 2009-06-22 | cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers... |
| CVE-2009-2165 | 2009-06-22 | SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions... |
| CVE-2009-2169 | 2009-06-22 | Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to... |
| CVE-2009-2170 | 2009-06-23 | Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CVE-2009-2171 | 2009-06-23 | Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. |
| CVE-2009-2121 | 2009-06-23 | Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a... |
| CVE-2009-2172 | 2009-06-23 | Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. |
| CVE-2009-2173 | 2009-06-23 | The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012. |
| CVE-2009-2175 | 2009-06-23 | Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of... |
| CVE-2009-2176 | 2009-06-23 | Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the... |
| CVE-2009-2177 | 2009-06-23 | code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the... |
| CVE-2009-2178 | 2009-06-23 | Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| CVE-2009-2179 | 2009-06-23 | SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter. |
| CVE-2009-2180 | 2009-06-23 | Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in... |
| CVE-2009-2181 | 2009-06-23 | Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter. |
| CVE-2009-2182 | 2009-06-23 | Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php,... |
| CVE-2009-2183 | 2009-06-23 | Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter. |
| CVE-2009-2184 | 2009-06-23 | Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter. |
| CVE-2009-0690 | 2009-06-23 | The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX)... |
| CVE-2009-0691 | 2009-06-23 | The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which... |
| CVE-2009-2174 | 2009-06-23 | GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message. |
| CVE-2009-0903 | 2009-06-24 | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level,... |
| CVE-2009-1163 | 2009-06-24 | Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets. |
| CVE-2009-1860 | 2009-06-24 | Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content. |
| CVE-2009-1886 | 2009-06-24 | Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. |
| CVE-2009-1888 | 2009-06-24 | The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to... |
| CVE-2009-2045 | 2009-06-24 | The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial... |
| CVE-2009-2046 | 2009-06-24 | The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a (1) http or (2)... |
| CVE-2009-2186 | 2009-06-24 | Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was... |
| CVE-2009-2187 | 2009-06-24 | Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a... |
| CVE-2009-2185 | 2009-06-24 | The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows... |
| CVE-2009-2208 | 2009-06-24 | FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the... |
| CVE-2009-2209 | 2009-06-24 | SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter. |
| CVE-2009-1201 | 2009-06-25 | Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass... |
| CVE-2009-1202 | 2009-06-25 | WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and... |
| CVE-2009-1203 | 2009-06-25 | WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for... |
| CVE-2009-2210 | 2009-06-25 | Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing... |
| CVE-2009-2211 | 2009-06-25 | Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via... |