Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1906 | 1 Ibm | 1 Db2 | 2009-06-09 | 4.3 MEDIUM | N/A |
| The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. | |||||
| CVE-2009-1807 | 1 Baofeng | 1 Storm | 2009-06-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009. | |||||
| CVE-2009-1881 | 1 Mt312 | 1 Img-bbs | 2009-06-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521. | |||||
| CVE-2009-1161 | 1 Cisco | 10 Ciscoworks Common Services, Ciscoworks Health And Utilization Monitor, Ciscoworks Lan Management Solution and 7 more | 2009-06-08 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors. | |||||
| CVE-2009-0543 | 1 Proftpd | 1 Proftpd | 2009-06-08 | 6.8 MEDIUM | N/A |
| ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. | |||||
| CVE-2009-0588 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2009-06-08 | 6.5 MEDIUM | N/A |
| agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field. | |||||
| CVE-2009-0759 | 1 Znc | 1 Znc | 2009-06-08 | 6.5 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors. | |||||
| CVE-2009-2005 | 1 Dokeos | 1 Dokeos | 2009-06-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors. | |||||
| CVE-2009-1844 | 1 Drupal | 1 Drupal | 2009-06-07 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the "HTML exports of books" feature; and (2) allow remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via the help text of an arbitrary vocabulary. NOTE: vector 1 exists because of an incomplete fix for CVE-2009-1575. | |||||
| CVE-2009-1942 | 1 Drupal | 1 Quiz | 2009-06-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-0856 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2009-06-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1908 | 1 Openskip | 1 Skip | 2009-06-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1909 | 1 Openskip | 1 Skip | 2009-06-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1880 | 1 Mt312 | 1 Rep-bbs | 2009-06-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) model.php and (2) config.php with timestamps before 20090521. | |||||
| CVE-2003-1572 | 1 Sun | 1 Jmf | 2009-06-01 | 9.3 HIGH | N/A |
| Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields. | |||||
| CVE-2004-2763 | 1 Sun | 2 Iplanet Web Server, One Web Server | 2009-06-01 | 5.8 MEDIUM | N/A |
| The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | |||||
| CVE-2009-1851 | 1 Benjamin Curtis | 1 Phpbugtracker | 2009-06-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3870 | 2009-06-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3870. Reason: This candidate is a duplicate of CVE-2008-3870. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2008-3870 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-1755 | 1 Nlnetlabs | 1 Nsd | 2009-05-28 | 5.0 MEDIUM | N/A |
| Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow. | |||||
| CVE-2009-1800 | 1 Chinagames | 1 Igame | 2009-05-28 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argument to the CreateChinagames method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. | |||||