Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4820 | 1 Aspindir | 1 Angelo-emlak | 2017-08-16 | 5.0 MEDIUM | N/A |
| Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. | |||||
| CVE-2009-4822 | 1 Kasseler-cms | 1 Kasseler Cms | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters. | |||||
| CVE-2009-4825 | 1 8pixel | 1 Simple Blog | 2017-08-16 | 5.0 MEDIUM | N/A |
| 8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb. | |||||
| CVE-2009-4833 | 1 Oracle | 1 Mysql Connector\/net | 2017-08-16 | 5.8 MEDIUM | N/A |
| MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate. | |||||
| CVE-2009-4846 | 1 Deliantra | 1 Deliantra | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Deliantra Server before 2.82 allow remote attackers to execute arbitrary code via vectors related to (1) the command_gsay function in server/c_party.C and (2) the book implementation. | |||||
| CVE-2009-4847 | 1 Deliantra | 1 Deliantra | 2017-08-16 | 4.0 MEDIUM | N/A |
| Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list. | |||||
| CVE-2009-4850 | 1 Awingsoft | 1 Awakening Winds3d Viewer Plugin | 2017-08-16 | 9.3 HIGH | N/A |
| The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file. | |||||
| CVE-2009-4853 | 2 Foswiki, Jumpbox | 2 Foswiki, Jumpbox | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4856 | 1 Ecomstudio | 1 Php Easy Shopping Cart | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2009-4857 | 1 Ecomstudio | 1 Php Photo Vote1.3f | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2009-4864 | 1 I-escorts | 2 I-escorts Agency Script, I-escorts Directory Script | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4865 | 1 I-escorts | 2 I-escorts Agency Script, I-escorts Directory Script | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4866 | 1 Matt Wright | 1 Simple Search | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4875 | 1 Frederico Caldeira Knabben | 1 Fckeditor.java | 2017-08-16 | 5.0 MEDIUM | N/A |
| FCKeditor.Java 2.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed request parameter that contains "ctrl" characters. | |||||
| CVE-2009-4877 | 1 Plainblack | 1 Webgui | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors. | |||||
| CVE-2009-4878 | 1 Novell | 1 Access Manager | 2017-08-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors. | |||||
| CVE-2009-4880 | 1 Gnu | 1 Glibc | 2017-08-16 | 5.0 MEDIUM | N/A |
| Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. | |||||
| CVE-2009-4881 | 1 Gnu | 1 Glibc | 2017-08-16 | 5.0 MEDIUM | N/A |
| Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. | |||||
| CVE-2009-4888 | 1 Nskate | 1 Phortail | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) ti, and (4) txt parameters. | |||||
| CVE-2009-4897 | 1 Artifex | 3 Afpl Ghostscript, Ghostscript Fonts, Gpl Ghostscript | 2017-08-16 | 9.3 HIGH | N/A |
| Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. | |||||