Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6819 | 1 Microsoft | 2 Windows 2003 Server, Windows Vista | 2009-06-28 | 4.7 MEDIUM | N/A |
| win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6835 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2009-06-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-6836 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2009-06-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors. | |||||
| CVE-2009-1628 | 2 Microsoft, Unisys | 2 Windows, Business Information Server | 2009-06-28 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet. | |||||
| CVE-2009-1849 | 1 Paessler | 2 Prtg Traffic Grapher, Prtg Traffic Grapher6.0.5.416 | 2009-06-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2076 | 1 Drupal | 2 Drupal, Views | 2009-06-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions. | |||||
| CVE-2009-0691 | 1 Foxitsoftware | 2 Foxit Reader, Jpeg2000 Jbig2 Decoder Add-on | 2009-06-25 | 9.3 HIGH | N/A |
| The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access. | |||||
| CVE-2009-2165 | 1 Serendipitynz | 1 Serene Bach | 2009-06-25 | 7.5 HIGH | N/A |
| SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | |||||
| CVE-2009-2215 | 1 Urdland | 1 Urd | 2009-06-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components. | |||||
| CVE-2004-2181 | 1 Wowbb | 1 Wowbb Web Forum | 2009-06-24 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65. | |||||
| CVE-2009-0653 | 1 Openssl | 1 Openssl | 2009-06-24 | 7.5 HIGH | N/A |
| OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. | |||||
| CVE-2009-2132 | 1 4homepages | 1 4images | 2009-06-24 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. | |||||
| CVE-2009-2146 | 1 Sugarcrm | 1 Sugarcrm | 2009-06-24 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name. | |||||
| CVE-2009-2187 | 1 Sun | 2 Opensolaris, Solaris | 2009-06-24 | 4.9 MEDIUM | N/A |
| Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages. | |||||
| CVE-2009-2174 | 1 Gupnp | 1 Gupnp | 2009-06-24 | 5.0 MEDIUM | N/A |
| GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message. | |||||
| CVE-2009-2118 | 1 Irfanview | 1 Irfanview | 2009-06-23 | 6.8 MEDIUM | N/A |
| Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow. | |||||
| CVE-2009-0690 | 1 Foxitsoftware | 2 Foxit Reader, Jpeg2000\/jbig2 Decoder Add-on | 2009-06-23 | 9.3 HIGH | N/A |
| The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read. | |||||
| CVE-2009-2170 | 1 Mahara | 1 Mahara | 2009-06-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2009-2171 | 1 Mahara | 1 Mahara | 2009-06-23 | 4.0 MEDIUM | N/A |
| Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. | |||||
| CVE-2009-1753 | 1 Emn | 1 Coccinelle | 2009-06-22 | 3.3 LOW | N/A |
| Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file." | |||||