Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0178 | 1 Ibm | 1 Hardware Management Console | 2017-08-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors. | |||||
| CVE-2009-0180 | 2 Nfs, Redhat | 2 Nfs-utils, Fedora | 2017-08-07 | 7.5 HIGH | N/A |
| Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. | |||||
| CVE-2009-0204 | 1 Hp | 1 Select Access | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-0206 | 1 Hp | 2 Hp-ux, Oncplus | 2017-08-07 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. | |||||
| CVE-2009-0215 | 1 Ibm | 1 Access Support Activex Control | 2017-08-07 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-0216 | 1 Ge Fanuc | 1 Ifix | 2017-08-07 | 10.0 HIGH | N/A |
| GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. | |||||
| CVE-2009-0218 | 2 Ldra, Particlesoftware | 2 Tbbrowse, Intralaunch | 2017-08-07 | 9.3 HIGH | N/A |
| Insecure method vulnerability in Particle Software IntraLaunch Application Launcher ActiveX control in IntraLaunch.ocx, as used in LDRA TBbrowse and possibly other products, allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2009-0240 | 1 Tigris | 1 Websvn | 2017-08-07 | 3.5 LOW | N/A |
| listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter. | |||||
| CVE-2009-0255 | 1 Typo3 | 1 Typo3 | 2017-08-07 | 5.0 MEDIUM | N/A |
| The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | |||||
| CVE-2009-0256 | 1 Typo3 | 1 Typo3 | 2017-08-07 | 7.5 HIGH | N/A |
| Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. | |||||
| CVE-2009-0257 | 1 Typo3 | 1 Typo3 | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. | |||||
| CVE-2009-0258 | 1 Typo3 | 1 Typo3 | 2017-08-07 | 10.0 HIGH | N/A |
| The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. | |||||
| CVE-2009-0264 | 1 Fujitsu | 1 Systemcastwizard Lite | 2017-08-07 | 10.0 HIGH | N/A |
| Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors. | |||||
| CVE-2009-0277 | 1 Sun | 2 Opensolaris, Ultrasparc | 2017-08-07 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors. | |||||
| CVE-2009-0278 | 1 Sun | 1 Java System Application Server | 2017-08-07 | 5.0 MEDIUM | N/A |
| Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. | |||||
| CVE-2009-0313 | 1 Kegel | 1 Winetricks | 2017-08-07 | 6.9 MEDIUM | N/A |
| winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file. | |||||
| CVE-2009-0316 | 1 Vim | 1 Vim | 2017-08-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. | |||||
| CVE-2009-0326 | 1 Dark Age Cms | 1 Dark Age Cms | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0332 | 1 Avbooklibrary | 1 Avbooklibrary | 2017-08-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components. | |||||
| CVE-2009-0347 | 1 Autonomy | 1 Ultraseek | 2017-08-07 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | |||||