CVE List - 2009 / August
Showing 501 - 527 of 527 CVEs for August 2009 (Page 6 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2008-7124 | 2009-08-31 | zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new... |
| CVE-2008-7125 | 2009-08-31 | pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of... |
| CVE-2008-7126 | 2009-08-31 | Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted... |
| CVE-2008-7127 | 2009-08-31 | osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet with a large string length value to... |
| CVE-2008-7128 | 2009-08-31 | The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors. |
| CVE-2008-7129 | 2009-08-31 | XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification. |
| CVE-2008-7130 | 2009-08-31 | Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to upload arbitrary files via unknown vectors. |
| CVE-2008-7131 | 2009-08-31 | Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to gain access to a database via a link to a victim who is already connected to the... |
| CVE-2009-3010 | 2009-08-31 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in... |
| CVE-2009-3011 | 2009-08-31 | Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting... |
| CVE-2009-3013 | 2009-08-31 | Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting... |
| CVE-2009-3014 | 2009-08-31 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within... |
| CVE-2009-3015 | 2009-08-31 | QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting... |
| CVE-2009-3016 | 2009-08-31 | Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related... |
| CVE-2009-3017 | 2009-08-31 | Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via... |
| CVE-2009-3018 | 2009-08-31 | Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks... |
| CVE-2009-3019 | 2009-08-31 | Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code... |
| CVE-2009-3020 | 2009-08-31 | win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an... |
| CVE-2009-3012 | 2009-08-31 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to... |
| CVE-2009-2944 | 2009-08-31 | Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands. |
| CVE-2009-3022 | 2009-08-31 | Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified... |
| CVE-2009-3023 | 2009-08-31 | Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command... |
| CVE-2009-3024 | 2009-08-31 | The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers... |
| CVE-2009-3025 | 2009-08-31 | Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM. |
| CVE-2009-3026 | 2009-08-31 | protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification,... |
| CVE-2009-3021 | 2009-08-31 | Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier,... |
| CVE-2008-7132 | 2009-09-01 | Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.3 beta allows remote attackers to inject arbitrary web script or HTML via the nuked_nude parameter. NOTE: the provenance of this information... |
| CVE-2008-7133 | 2009-09-01 | Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php,... |
| CVE-2008-7134 | 2009-09-01 | Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file... |
| CVE-2008-7135 | 2009-09-01 | toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136. |
| CVE-2008-7136 | 2009-09-01 | toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById... |
| CVE-2008-7137 | 2009-09-01 | WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors. |
| CVE-2008-7138 | 2009-09-01 | The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce. |
| CVE-2008-7139 | 2009-09-01 | Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of... |
| CVE-2008-7140 | 2009-09-01 | Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2)... |
| CVE-2008-7141 | 2009-09-01 | Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this information... |
| CVE-2008-7142 | 2009-09-01 | Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter. |
| CVE-2008-7143 | 2009-09-01 | phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post... |
| CVE-2008-7144 | 2009-09-01 | Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7)... |
| CVE-2008-7145 | 2009-09-01 | Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters. |
| CVE-2008-7150 | 2009-09-01 | Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which... |
| CVE-2008-7151 | 2009-09-01 | Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be... |
| CVE-2008-7152 | 2009-09-01 | Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database (SID), when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter... |
| CVE-2009-3037 | 2009-09-01 | Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance,... |
| CVE-2009-3038 | 2009-09-01 | A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service... |
| CVE-2008-7146 | 2009-09-01 | IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in... |
| CVE-2008-7147 | 2009-09-01 | Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline... |
| CVE-2008-7148 | 2009-09-01 | Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file. |
| CVE-2008-7149 | 2009-09-01 | Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords. |
| CVE-2009-3040 | 2009-09-01 | Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3)... |
| CVE-2009-3041 | 2009-09-01 | SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to... |
| CVE-2009-3042 | 2009-09-01 | SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than... |
| CVE-2009-2957 | 2009-09-02 | Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in... |
| CVE-2009-2958 | 2009-09-02 | The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a... |
| CVE-2008-7153 | 2009-09-02 | SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can... |
| CVE-2008-7154 | 2009-09-02 | Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php,... |
| CVE-2008-7155 | 2009-09-02 | NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. |
| CVE-2008-7156 | 2009-09-02 | EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php. |
| CVE-2008-7157 | 2009-09-02 | Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension,... |
| CVE-2008-7158 | 2009-09-02 | Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter... |
| CVE-2009-0200 | 2009-09-02 | Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a... |
| CVE-2009-0201 | 2009-09-02 | Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document,... |
| CVE-2009-2700 | 2009-09-02 | src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle... |
| CVE-2009-2968 | 2009-09-02 | Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via... |
| CVE-2009-3043 | 2009-09-02 | The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference)... |
| CVE-2009-3044 | 2009-09-02 | Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509... |
| CVE-2009-3045 | 2009-09-02 | Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. |
| CVE-2009-3046 | 2009-09-02 | Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked... |
| CVE-2009-3047 | 2009-09-02 | Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow... |
| CVE-2009-3048 | 2009-09-02 | Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via... |
| CVE-2009-3049 | 2009-09-02 | Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related... |
| CVE-2009-3050 | 2009-09-02 | Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later... |
| CVE-2009-3052 | 2009-09-03 | SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to... |
| CVE-2009-3053 | 2009-09-03 | Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to... |
| CVE-2009-3054 | 2009-09-03 | SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php. |
| CVE-2009-3055 | 2009-09-03 | PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter. |
| CVE-2009-3056 | 2009-09-03 | PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter. |
| CVE-2009-3058 | 2009-09-03 | Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via a long string in a .plt playlist file. |
| CVE-2009-3062 | 2009-09-03 | SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter. |
| CVE-2009-3063 | 2009-09-03 | SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. |
| CVE-2009-3064 | 2009-09-03 | Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _GET[filename] parameter. |
| CVE-2009-3065 | 2009-09-03 | PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter. |
| CVE-2009-3057 | 2009-09-03 | Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php. |
| CVE-2009-3059 | 2009-09-03 | Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php,... |
| CVE-2009-3060 | 2009-09-03 | Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php,... |
| CVE-2009-3061 | 2009-09-03 | SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained... |
| CVE-2009-3066 | 2009-09-03 | Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect... |
| CVE-2009-3067 | 2009-09-03 | Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter. |
| CVE-2008-7161 | 2009-09-04 | Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue... |
| CVE-2008-7162 | 2009-09-04 | Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file.... |
| CVE-2008-7163 | 2009-09-04 | Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter. |
| CVE-2008-7164 | 2009-09-04 | Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer... |
| CVE-2008-7165 | 2009-09-04 | Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for requests that disable Wi-Fi... |
| CVE-2009-2521 | 2009-09-04 | Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a... |
| CVE-2008-7166 | 2009-09-04 | Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory... |
| CVE-2009-3068 | 2009-09-04 | Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a... |
| CVE-2009-2697 | 2009-09-04 | The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to... |
| CVE-2009-3081 | 2009-09-04 | SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. NOTE: the provenance of this... |
| CVE-2009-2946 | 2009-09-04 | Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in... |
| CVE-2009-3082 | 2009-09-04 | SQL injection vulnerability in wcategory.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is... |