Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2421 | 1 Apple | 1 Safari | 2018-10-10 | 5.0 MEDIUM | N/A |
| The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol. | |||||
| CVE-2009-2431 | 1 Wordpress | 1 Wordpress | 2018-10-10 | 5.0 MEDIUM | N/A |
| WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source. | |||||
| CVE-2009-2533 | 1 Realnetworks | 2 Helix Server, Helix Server Mobile | 2018-10-10 | 5.0 MEDIUM | N/A |
| rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers. | |||||
| CVE-2009-2534 | 1 Realnetworks | 2 Helix Server, Helix Server Mobile | 2018-10-10 | 5.0 MEDIUM | N/A |
| RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI. | |||||
| CVE-2009-2256 | 1 Netgear | 1 Dg632 | 2018-10-10 | 7.8 HIGH | N/A |
| The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. | |||||
| CVE-2009-2301 | 1 Radware | 2 Appwall, Gateway | 2018-10-10 | 7.8 HIGH | N/A |
| The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. | |||||
| CVE-2009-2303 | 1 Avatic | 1 Aardvark Topsites Php | 2018-10-10 | 5.0 MEDIUM | N/A |
| index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message. | |||||
| CVE-2009-2304 | 1 Avatic | 1 Aardvark Topsites Php | 2018-10-10 | 5.0 MEDIUM | N/A |
| index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message. | |||||
| CVE-2009-2318 | 1 Axesstel | 1 Mv 410r | 2018-10-10 | 7.8 HIGH | N/A |
| The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116. | |||||
| CVE-2009-2320 | 1 Axesstel | 1 Mv 410r | 2018-10-10 | 7.5 HIGH | N/A |
| The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript. | |||||
| CVE-2009-1761 | 1 Ca | 1 Arcserve Backup | 2018-10-10 | 5.0 MEDIUM | N/A |
| The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. | |||||
| CVE-2009-1777 | 1 Matt Wright | 1 Formmail | 2018-10-10 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter. | |||||
| CVE-2009-1783 | 1 F-prot | 3 F-prot Antivirus, F-prot Aves, F-prot Milter | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. | |||||
| CVE-2009-1348 | 1 Mcafee | 13 Active Virus Defense, Active Virusscan, Email Gateway and 10 more | 2018-10-10 | 7.6 HIGH | N/A |
| The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. | |||||
| CVE-2009-1350 | 1 Novell | 1 Netidentity Client1.2.3 | 2018-10-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer. | |||||
| CVE-2009-1357 | 1 Sun | 1 Java System Delegated Administrator | 2018-10-10 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter. | |||||
| CVE-2009-1219 | 1 Sun | 2 Java System Calendar Server, One Calendar Server | 2018-10-10 | 5.0 MEDIUM | N/A |
| Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. | |||||
| CVE-2009-1268 | 1 Wireshark | 1 Wireshark | 2018-10-10 | 4.3 MEDIUM | N/A |
| The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. | |||||
| CVE-2009-1336 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 4.9 MEDIUM | N/A |
| fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function. | |||||
| CVE-2009-1106 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 6.4 MEDIUM | N/A |
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. | |||||