Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 206216 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0588 1 Redhat 2 Certificate System, Dogtag Certificate System 2009-06-08 6.5 MEDIUM N/A
agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field.
CVE-2009-0759 1 Znc 1 Znc 2009-06-08 6.5 MEDIUM N/A
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.
CVE-2009-2005 1 Dokeos 1 Dokeos 2009-06-08 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.
CVE-2009-1844 1 Drupal 1 Drupal 2009-06-07 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the "HTML exports of books" feature; and (2) allow remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via the help text of an arbitrary vocabulary. NOTE: vector 1 exists because of an incomplete fix for CVE-2009-1575.
CVE-2009-1942 1 Drupal 1 Quiz 2009-06-07 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-0856 1 Ibm 2 Websphere Application Server, Z\/os 2009-06-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1908 1 Openskip 1 Skip 2009-06-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1909 1 Openskip 1 Skip 2009-06-04 7.5 HIGH N/A
SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-1880 1 Mt312 1 Rep-bbs 2009-06-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) model.php and (2) config.php with timestamps before 20090521.
CVE-2003-1572 1 Sun 1 Jmf 2009-06-01 9.3 HIGH N/A
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
CVE-2004-2763 1 Sun 2 Iplanet Web Server, One Web Server 2009-06-01 5.8 MEDIUM N/A
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
CVE-2009-1851 1 Benjamin Curtis 1 Phpbugtracker 2009-06-01 7.5 HIGH N/A
SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3870 2009-06-01 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3870. Reason: This candidate is a duplicate of CVE-2008-3870. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2008-3870 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2009-1755 1 Nlnetlabs 1 Nsd 2009-05-28 5.0 MEDIUM N/A
Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.
CVE-2009-1800 1 Chinagames 1 Igame 2009-05-28 7.5 HIGH N/A
Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argument to the CreateChinagames method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information.
CVE-2008-6800 2009-05-26 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not a security issue. It was originally created based on one vendor's misinterpretation of an upstream changelog comment that referred to a race condition in the winbind daemon (aka winbindd) in Samba before 3.0.32. The upstream vendor states: "The Samba Team sees no way to exploit this race condition by a user of the system or an external attacker. In order to be able to trigger the race condition a privileged user (root) need to intentionally kill a winbind child process and carefully time the killing to trigger the race condition. Although, if the user is already privileged, it can more easily just kill the parent process directly." CVE concurs with the dispute. Notes: CVE users should not use this identifier.
CVE-2009-1785 1 Ulteo 1 Open Virtual Desktop 2009-05-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop 1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter to header.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1555 1 Cisco 1 Wvc54gca 2009-05-22 5.0 MEDIUM N/A
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390.
CVE-2009-1556 1 Cisco 1 Wvc54gca 2009-05-22 3.5 LOW N/A
img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507.
CVE-2009-1591 1 Cgi Rescue 1 Cgi Web Mailer 2009-05-22 4.3 MEDIUM N/A
CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form.