Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7228 | 1 White Dune | 1 White Dune | 2009-12-16 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101. | |||||
| CVE-2009-4161 | 2 An Searchit, Typo3 | 2 An Searchit, Typo3 | 2009-12-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4329 | 1 Ibm | 1 Db2 | 2009-12-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | |||||
| CVE-2009-4314 | 1 Sun | 2 Ray Server Software, Solaris | 2009-12-14 | 4.4 MEDIUM | N/A |
| Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device. | |||||
| CVE-2009-4316 | 1 Zeeways | 1 Zeelyrics | 2009-12-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchresults_main.php in ZeeLyrics 3x allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4318 | 1 Realestatephp | 1 Real Estate Manager | 2009-12-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4319 | 1 Eocms | 1 Eocms | 2009-12-14 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter. | |||||
| CVE-2009-4323 | 1 Zen-cart | 1 Zen Cart | 2009-12-14 | 7.5 HIGH | N/A |
| The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322. | |||||
| CVE-2009-4294 | 1 Sun | 1 Ray Server Software | 2009-12-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors. | |||||
| CVE-2009-4295 | 1 Sun | 1 Ray Server Software | 2009-12-13 | 7.8 HIGH | N/A |
| Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic. | |||||
| CVE-2009-4296 | 2 Brian Miller, Drupal | 2 Taxonomy Timer, Drupal | 2009-12-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-3906 | 2009-12-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3606. Reason: This candidate is a duplicate of CVE-2009-3606. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2009-3606 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-3907 | 2009-12-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3607. Reason: This candidate is a duplicate of CVE-2009-3607. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2009-3607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-3908 | 2009-12-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3608. Reason: This candidate is a duplicate of CVE-2009-3608. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2009-3608 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-4132 | 2009-12-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4214. Reason: This candidate is a duplicate of CVE-2009-4214. Notes: All CVE users should reference CVE-2009-4214 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-4264 | 2 Aroundme, Barnraiser | 2 Aroundme, Aroundme | 2009-12-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter. | |||||
| CVE-2009-4265 | 1 Pointdev | 1 Ideal Administration 2009 | 2009-12-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file. | |||||
| CVE-2009-4149 | 1 Ca | 1 Service Desk | 2009-12-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | |||||
| CVE-2009-4231 | 1 Basic-cms | 1 Sweetrice | 2009-12-08 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter. | |||||
| CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2009-12-08 | 5.0 MEDIUM | N/A |
| The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||