Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1522 | 2 Ibm, Microsoft | 3 Aix, Tivoli Storage Manager Client, Windows | 2017-08-16 | 7.1 HIGH | N/A |
| The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | |||||
| CVE-2009-1525 | 1 Jbmc-software | 1 Directadmin | 2017-08-16 | 8.5 HIGH | N/A |
| CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action. | |||||
| CVE-2009-1552 | 1 Sco | 1 Unixware | 2017-08-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the IGMP driver in SCO Unixware Release 7.1.4 Maintenance Pack 4 allows attackers to cause a denial of service (system panic) via unspecified vectors. | |||||
| CVE-2009-1557 | 1 Cisco | 1 Wvc54gca | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi. | |||||
| CVE-2009-1558 | 1 Cisco | 1 Wvc54gca | 2017-08-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. | |||||
| CVE-2009-1559 | 1 Cisco | 1 Wvc54gca | 2017-08-16 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible. | |||||
| CVE-2009-1560 | 1 Cisco | 1 Wvc54gc | 2017-08-16 | 7.8 HIGH | N/A |
| The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code. | |||||
| CVE-2009-1572 | 1 Quagga | 1 Quagga | 2017-08-16 | 5.0 MEDIUM | N/A |
| The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. | |||||
| CVE-2009-1573 | 4 Branden Robinson, Debian, Redhat and 1 more | 4 Xvfb-run, Debian Linux, Fedora and 1 more | 2017-08-16 | 4.6 MEDIUM | N/A |
| xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | |||||
| CVE-2009-1575 | 1 Drupal | 1 Drupal | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7. | |||||
| CVE-2009-1588 | 1 Cgi Rescue | 1 Cgi Rescue Minibbs | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t before 8.95t, 8 before 8.95, 9 before 9.08, and 10 before 10.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1595 | 1 Igniterealtime | 1 Openfire | 2017-08-16 | 4.0 MEDIUM | N/A |
| The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action. | |||||
| CVE-2009-1596 | 1 Igniterealtime | 1 Openfire | 2017-08-16 | 4.0 MEDIUM | N/A |
| Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. | |||||
| CVE-2009-1601 | 1 Ubuntu | 1 Linux | 2017-08-16 | 6.8 MEDIUM | N/A |
| The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory. | |||||
| CVE-2009-1606 | 1 Dafolo | 1 Dafolocontrol | 2017-08-16 | 9.3 HIGH | N/A |
| Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1634 | 1 Novell | 1 Groupwise | 2017-08-16 | 7.5 HIGH | N/A |
| The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. | |||||
| CVE-2009-1640 | 1 Nucleustechnologies | 1 Kernel Recovery | 2017-08-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Macintosh 4.04 allows user-assisted attackers to execute arbitrary code via a crafted .AMHH file. | |||||
| CVE-2009-1656 | 1 Xerox | 1 Workcentre | 2017-08-16 | 10.0 HIGH | N/A |
| Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." | |||||
| CVE-2009-1657 | 1 B2evolution | 2 B2evolution, Starrating Plugin | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1710 | 1 Apple | 1 Safari | 2017-08-16 | 2.6 LOW | N/A |
| WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. | |||||