Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0801 | 1 Squid | 1 Squid Web Proxy Cache | 2009-06-17 | 5.4 MEDIUM | N/A |
| Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | |||||
| CVE-2009-0802 | 1 Qbik | 1 Wingate | 2009-06-17 | 5.4 MEDIUM | N/A |
| Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | |||||
| CVE-2009-0803 | 1 Smoothwall | 3 Networkguardian, Schoolguardian, Smoothguardian | 2009-06-17 | 5.4 MEDIUM | N/A |
| SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | |||||
| CVE-2009-0804 | 1 Ziproxy | 1 Ziproxy | 2009-06-17 | 5.4 MEDIUM | N/A |
| Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | |||||
| CVE-2009-0764 | 1 Bookelves | 1 Kipper | 2009-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0869 | 2 Ibm, Microsoft | 2 Tivoli Storage Manager Hsm, Windows | 2009-06-16 | 10.0 HIGH | N/A |
| Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-2074 | 1 Drupal | 2 Drupal, Nodequeue | 2009-06-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names. | |||||
| CVE-2009-2078 | 2 Drupal, Heine.familiedeelstra | 2 Drupal, Booktree | 2009-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page. | |||||
| CVE-2009-2079 | 1 Drupal | 2 Drupal, Taxonomy Manager | 2009-06-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names. | |||||
| CVE-2009-2082 | 1 Creative Web Solutions | 1 Multi-level Cms | 2009-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2083 | 2 Drupal, Mattias Hutterer | 2 Drupal, Taxonomy Manager | 2009-06-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms." | |||||
| CVE-2009-2035 | 1 Drupal | 1 Services Module For Drupal | 2009-06-14 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors. | |||||
| CVE-2009-1705 | 1 Apple | 1 Safari | 2009-06-12 | 9.3 HIGH | N/A |
| CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. | |||||
| CVE-2009-0241 | 1 Ganglia | 1 Ganglia | 2009-06-12 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname. | |||||
| CVE-2009-1676 | 2009-06-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1535. Reason: This candidate is a duplicate of CVE-2009-1535. Notes: All CVE users should reference CVE-2009-1535 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-1416 | 1 Gnu | 1 Gnutls | 2009-06-09 | 7.5 HIGH | N/A |
| lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. | |||||
| CVE-2007-5613 | 1 Mortbay Jetty | 1 Jetty | 2009-06-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. | |||||
| CVE-2007-5614 | 1 Mortbay Jetty | 1 Jetty | 2009-06-09 | 7.5 HIGH | N/A |
| Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors. | |||||
| CVE-2007-5615 | 1 Mortbay Jetty | 1 Jetty | 2009-06-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2009-1589 | 1 Cgi Rescue | 1 Cgi Rescue Minibbs22 | 2009-06-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows remote attackers to send email to arbitrary recipients via unknown vectors. | |||||