CVE List - 2009 / August
Showing 301 - 400 of 527 CVEs for August 2009 (Page 4 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2009-2857 | 2009-08-19 | The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause... |
| CVE-2009-2055 | 2009-08-19 | Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the... |
| CVE-2009-2858 | 2009-08-19 | Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to... |
| CVE-2009-2859 | 2009-08-19 | IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. |
| CVE-2009-2860 | 2009-08-19 | Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets." |
| CVE-2009-2881 | 2009-08-20 | Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/. |
| CVE-2009-2883 | 2009-08-20 | SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the... |
| CVE-2009-2884 | 2009-08-20 | Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter. |
| CVE-2009-2885 | 2009-08-20 | SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter. |
| CVE-2009-2886 | 2009-08-20 | SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter. |
| CVE-2009-2887 | 2009-08-20 | Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter. |
| CVE-2009-2888 | 2009-08-20 | SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter. |
| CVE-2009-2889 | 2009-08-20 | Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter. |
| CVE-2009-2890 | 2009-08-20 | Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. |
| CVE-2009-2891 | 2009-08-20 | SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| CVE-2009-2892 | 2009-08-20 | Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie. |
| CVE-2009-2894 | 2009-08-20 | Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php... |
| CVE-2009-2895 | 2009-08-20 | SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| CVE-2009-2896 | 2009-08-20 | Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt)... |
| CVE-2009-2882 | 2009-08-20 | Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3)... |
| CVE-2009-2893 | 2009-08-20 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post... |
| CVE-2009-0638 | 2009-08-20 | The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to... |
| CVE-2009-2694 | 2009-08-20 | The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a... |
| CVE-2009-2732 | 2009-08-20 | The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header... |
| CVE-2009-2912 | 2009-08-20 | The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related... |
| CVE-2009-2913 | 2009-08-20 | Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information... |
| CVE-2009-2914 | 2009-08-20 | Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file.... |
| CVE-2009-2916 | 2009-08-21 | Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in... |
| CVE-2009-2917 | 2009-08-21 | Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1)... |
| CVE-2009-2918 | 2009-08-21 | The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the... |
| CVE-2009-2919 | 2009-08-21 | Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. |
| CVE-2009-2920 | 2009-08-21 | Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the... |
| CVE-2009-2921 | 2009-08-21 | Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword... |
| CVE-2009-2922 | 2009-08-21 | Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter. |
| CVE-2009-2923 | 2009-08-21 | Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in... |
| CVE-2009-2924 | 2009-08-21 | Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter... |
| CVE-2009-2925 | 2009-08-21 | Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter. |
| CVE-2009-2915 | 2009-08-21 | SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action. |
| CVE-2008-7016 | 2009-08-21 | tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link... |
| CVE-2008-7017 | 2009-08-21 | Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field... |
| CVE-2008-7018 | 2009-08-21 | Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New... |
| CVE-2008-7019 | 2009-08-21 | Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies. |
| CVE-2008-7020 | 2009-08-21 | McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users... |
| CVE-2008-7021 | 2009-08-21 | Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image... |
| CVE-2008-7022 | 2009-08-21 | Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method. |
| CVE-2008-7023 | 2009-08-21 | Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only... |
| CVE-2008-7024 | 2009-08-21 | admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the... |
| CVE-2008-7025 | 2009-08-21 | TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response. |
| CVE-2008-7026 | 2009-08-21 | Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an... |
| CVE-2008-7027 | 2009-08-21 | Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1. |
| CVE-2008-7028 | 2009-08-21 | RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value. |
| CVE-2009-1879 | 2009-08-21 | Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value,... |
| CVE-2009-2473 | 2009-08-21 | neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via... |
| CVE-2009-2474 | 2009-08-21 | neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509... |
| CVE-2009-1154 | 2009-08-21 | Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many... |
| CVE-2009-2056 | 2009-08-21 | Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended... |
| CVE-2009-2926 | 2009-08-21 | Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno... |
| CVE-2009-2927 | 2009-08-21 | SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter. |
| CVE-2009-2928 | 2009-08-21 | Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839. |
| CVE-2009-2929 | 2009-08-21 | Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6)... |
| CVE-2009-2930 | 2009-08-21 | Cross-site scripting (XSS) vulnerability in the Search feature in elka CMS (aka Elkapax) allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default... |
| CVE-2009-2931 | 2009-08-21 | Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter. |
| CVE-2009-2932 | 2009-08-21 | Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel... |
| CVE-2009-2933 | 2009-08-21 | SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter. |
| CVE-2009-2934 | 2009-08-21 | Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D allow remote attackers to execute arbitrary code via a long string in a (1) .pls or (2)... |
| CVE-2003-1574 | 2009-08-24 | TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these... |
| CVE-2008-7029 | 2009-08-24 | Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar,... |
| CVE-2008-7030 | 2009-08-24 | Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly... |
| CVE-2008-7031 | 2009-08-24 | Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via... |
| CVE-2008-7032 | 2009-08-24 | Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create... |
| CVE-2008-7033 | 2009-08-24 | SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php,... |
| CVE-2008-7034 | 2009-08-24 | PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 allows remote attackers to execute arbitrary PHP code via a URL in unspecified vectors that modify the _smarty_compile_path... |
| CVE-2008-7035 | 2009-08-24 | Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the resistance field. NOTE: the provenance... |
| CVE-2008-7036 | 2009-08-24 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject... |
| CVE-2008-7037 | 2009-08-24 | The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute... |
| CVE-2008-7038 | 2009-08-24 | SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue... |
| CVE-2008-7039 | 2009-08-24 | Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of... |
| CVE-2008-7040 | 2009-08-24 | SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was... |
| CVE-2008-7041 | 2009-08-24 | AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php. |
| CVE-2008-7042 | 2009-08-24 | PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter. |
| CVE-2008-7043 | 2009-08-24 | Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: this... |
| CVE-2008-7044 | 2009-08-24 | SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter. |
| CVE-2008-7045 | 2009-08-24 | AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php. |
| CVE-2008-7047 | 2009-08-24 | NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp. |
| CVE-2008-7048 | 2009-08-24 | Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or... |
| CVE-2008-7049 | 2009-08-24 | Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter... |
| CVE-2008-7051 | 2009-08-24 | AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6)... |
| CVE-2008-7052 | 2009-08-24 | Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as... |
| CVE-2008-7046 | 2009-08-24 | AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance... |
| CVE-2008-7050 | 2009-08-24 | The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always... |
| CVE-2009-2951 | 2009-08-24 | Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords. |
| CVE-2009-2952 | 2009-08-24 | Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors. |
| CVE-2009-2953 | 2009-08-24 | Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property... |
| CVE-2009-2954 | 2009-08-24 | Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the... |
| CVE-2009-2955 | 2009-08-24 | Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash... |
| CVE-2009-2956 | 2009-08-24 | The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords,... |
| CVE-2008-7053 | 2009-08-24 | LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger... |
| CVE-2008-7054 | 2009-08-24 | Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4)... |
| CVE-2008-7055 | 2009-08-24 | module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the... |
| CVE-2008-7056 | 2009-08-24 | BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request. |