Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2587 | 1 Dragdropcart | 1 Dragdropcart | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php. | |||||
| CVE-2009-2588 | 1 Resalecode | 1 Hotscripts Type Php Clone Script | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php. | |||||
| CVE-2009-2589 | 1 Resalecode | 1 Hutscripts Php Website Script | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php. | |||||
| CVE-2009-2590 | 1 Resalecode | 1 Hutscripts Php Website Script | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-2595 | 1 Censura | 1 Censura | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action. | |||||
| CVE-2009-2627 | 1 Acer | 1 Lunchapp.aplunch | 2017-08-16 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121. | |||||
| CVE-2009-2643 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Professional Software | 2017-08-16 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219. | |||||
| CVE-2009-2647 | 1 Kaspersky | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2017-08-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script." | |||||
| CVE-2009-2648 | 1 Flashden | 1 Guestbook | 2017-08-16 | 5.0 MEDIUM | N/A |
| FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2009-2651 | 1 Digium | 1 Asterisk | 2017-08-16 | 5.0 MEDIUM | N/A |
| main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer. | |||||
| CVE-2009-2652 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets. | |||||
| CVE-2009-2660 | 1 Jun Furuse | 1 Camlimages | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295. | |||||
| CVE-2009-2677 | 1 Hp | 1 Insight Control Suite For Linux | 2017-08-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2009-2678 | 1 Hp | 1 Nonstop Server | 2017-08-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Open System Services (OSS) Name Server on HP NonStop G06.27, G06.28, G06.29, G06.30, H06.06, H06.07, H06.08, and J06.03 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2009-2680 | 1 Hp | 4 Storageworks 1\/8 G2 Tape Autoloader, Storageworks Msl2024 Tape Library, Storageworks Msl4048 Tape Library and 1 more | 2017-08-16 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders in HP StorageWorks 1/8 G2 Tape Autoloader firmware 2.30 and earlier, MSL2024 Tape Library firmware 4.20 and earlier, MSL4048 Tape Library firmware 6.50 and earlier, and MSL8096 Tape Library firmware 8.90 and earlier allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2009-2688 | 1 Xemacs | 1 Xemacs | 2017-08-16 | 10.0 HIGH | N/A |
| Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2691 | 1 Linux | 1 Linux Kernel | 2017-08-16 | 2.1 LOW | N/A |
| The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. | |||||
| CVE-2009-2741 | 1 Ibm | 1 Websphere Business Events | 2017-08-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2009-2742 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input. | |||||
| CVE-2009-2743 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 2.1 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. | |||||