| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-3000 | 0.00 | — | 0.02 | Aug 28, 2009 | The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer… | |||
| CVE-2009-2695 | 0.00 | — | 0.01 | Aug 28, 2009 | The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the… | |||
| CVE-2008-7121 | 0.00 | — | 0.01 | Aug 28, 2009 | Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar. | |||
| CVE-2008-7120 | 0.03 | — | 0.01 | Aug 28, 2009 | SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter. | |||
| CVE-2008-7119 | 0.03 | — | 0.01 | Aug 28, 2009 | SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-7118 | 0.03 | — | 0.02 | Aug 28, 2009 | WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log. | |||
| CVE-2008-7117 | 0.03 | — | 0.02 | Aug 28, 2009 | eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks. | |||
| CVE-2008-7116 | 0.03 | — | 0.01 | Aug 28, 2009 | SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username. | |||
| CVE-2008-7115 | 0.03 | — | 0.04 | Aug 28, 2009 | The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in… | |||
| CVE-2008-7114 | 0.03 | — | 0.01 | Aug 28, 2009 | SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field. | |||
| CVE-2008-7113 | 0.00 | — | 0.01 | Aug 28, 2009 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack. | |||
| CVE-2008-7112 | 0.00 | — | 0.01 | Aug 28, 2009 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to cause a denial of service (hang or crash) via invalid field length values in a malformed (1) document or (2) request. | |||
| CVE-2008-7111 | 0.00 | — | 0.03 | Aug 28, 2009 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109. | |||
| CVE-2008-7110 | 0.03 | — | 0.03 | Aug 28, 2009 | Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to upload files to arbitrary locations via a .. (dot dot) in a request. | |||
| CVE-2008-7109 | Cri | 0.64 | 9.8 | 0.04 | Aug 28, 2009 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password. | ||
| CVE-2008-7108 | 0.00 | — | 0.01 | Aug 28, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company,… | |||
| CVE-2008-7107 | 0.03 | — | 0.01 | Aug 28, 2009 | easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface. | |||
| CVE-2008-7106 | 0.00 | — | 0.03 | Aug 27, 2009 | The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of… | |||
| CVE-2008-7105 | 0.00 | — | 0.03 | Aug 27, 2009 | Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this… | |||
| CVE-2008-7104 | 0.00 | — | 0.03 | Aug 27, 2009 | Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file. | |||
| CVE-2008-7103 | 0.04 | — | 0.10 | Aug 27, 2009 | Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value. | |||
| CVE-2008-7102 | 0.00 | — | 0.01 | Aug 27, 2009 | DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation. | |||
| CVE-2008-7101 | 0.00 | — | 0.01 | Aug 27, 2009 | Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors. | |||
| CVE-2008-7100 | 0.00 | — | 0.01 | Aug 27, 2009 | Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity." | |||
| CVE-2008-7099 | 0.03 | — | 0.02 | Aug 27, 2009 | Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-7098 | 0.03 | — | 0.02 | Aug 27, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the (1) Title and (2) Text fields; (3) the gallery, possibly the Description field in Your Pictures; (4) the forum,… | |||
| CVE-2008-7097 | 0.03 | — | 0.02 | Aug 27, 2009 | Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in… | |||
| CVE-2008-7096 | 0.00 | — | 0.00 | Aug 27, 2009 | Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or… | |||
| CVE-2009-2978 | 0.00 | — | 0.01 | Aug 27, 2009 | SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-7095 | 0.00 | — | 0.01 | Aug 27, 2009 | The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName… | |||
| CVE-2009-2977 | 0.00 | — | 0.01 | Aug 27, 2009 | The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files. | |||
| CVE-2009-2976 | 0.00 | — | 0.01 | Aug 27, 2009 | Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network. | |||
| CVE-2009-2975 | 0.00 | — | 0.02 | Aug 27, 2009 | Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows… | |||
| CVE-2009-2974 | 0.00 | — | 0.01 | Aug 27, 2009 | Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption)… | |||
| CVE-2009-2973 | 0.00 | — | 0.01 | Aug 27, 2009 | Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to… | |||
| CVE-2009-2972 | 0.00 | — | 0.03 | Aug 27, 2009 | in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb." | |||
| CVE-2009-2698 | Hig | 0.54 | 7.8 | 0.07 | Aug 27, 2009 | The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE… | ||
| CVE-2009-2935 | 0.00 | — | 0.05 | Aug 27, 2009 | Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript. | |||
| CVE-2009-2861 | 0.00 | — | 0.01 | Aug 27, 2009 | The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted… | |||
| CVE-2009-2054 | 0.00 | — | 0.03 | Aug 27, 2009 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP… | |||
| CVE-2009-2053 | 0.00 | — | 0.03 | Aug 27, 2009 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP… | |||
| CVE-2009-2052 | 0.00 | — | 0.04 | Aug 27, 2009 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of… | |||
| CVE-2009-2051 | 0.00 | — | 0.03 | Aug 27, 2009 | Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of… | |||
| CVE-2009-2050 | 0.00 | — | 0.03 | Aug 27, 2009 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466. | |||
| CVE-2009-2967 | 0.00 | — | 0.02 | Aug 26, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959. | |||
| CVE-2008-7094 | 0.00 | — | 0.01 | Aug 26, 2009 | Campaign/CampaignListener in the listener server in Unica Affinium Campaign 7.2.1.0.55 allows remote attackers to cause a denial of service (server crash) via a crafted length field that triggers (1) connection exhaustion or (2) memory allocation failure. | |||
| CVE-2008-7093 | 0.00 | — | 0.02 | Aug 26, 2009 | Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to (1) create arbitrary directories or files via a .. (dot dot) in the folder name in the new folder functionality or (2) list arbitrary files via a crafted request to… | |||
| CVE-2008-7092 | 0.00 | — | 0.02 | Aug 26, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to… | |||
| CVE-2008-7091 | 0.03 | — | 0.02 | Aug 26, 2009 | Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to… | |||
| CVE-2008-7090 | 0.04 | — | 0.08 | Aug 26, 2009 | Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter… |
- CVE-2009-3000Aug 28, 2009risk 0.00cvss —epss 0.02
The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer…
- CVE-2009-2695Aug 28, 2009risk 0.00cvss —epss 0.01
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the…
- CVE-2008-7121Aug 28, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar.
- CVE-2008-7120Aug 28, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
- CVE-2008-7119Aug 28, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-7118Aug 28, 2009risk 0.03cvss —epss 0.02
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.
- CVE-2008-7117Aug 28, 2009risk 0.03cvss —epss 0.02
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
- CVE-2008-7116Aug 28, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
- CVE-2008-7115Aug 28, 2009risk 0.03cvss —epss 0.04
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in…
- CVE-2008-7114Aug 28, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field.
- CVE-2008-7113Aug 28, 2009risk 0.00cvss —epss 0.01
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack.
- CVE-2008-7112Aug 28, 2009risk 0.00cvss —epss 0.01
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to cause a denial of service (hang or crash) via invalid field length values in a malformed (1) document or (2) request.
- CVE-2008-7111Aug 28, 2009risk 0.00cvss —epss 0.03
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109.
- CVE-2008-7110Aug 28, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to upload files to arbitrary locations via a .. (dot dot) in a request.
- risk 0.64cvss 9.8epss 0.04
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
- CVE-2008-7108Aug 28, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company,…
- CVE-2008-7107Aug 28, 2009risk 0.03cvss —epss 0.01
easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.
- CVE-2008-7106Aug 27, 2009risk 0.00cvss —epss 0.03
The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of…
- CVE-2008-7105Aug 27, 2009risk 0.00cvss —epss 0.03
Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this…
- CVE-2008-7104Aug 27, 2009risk 0.00cvss —epss 0.03
Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file.
- CVE-2008-7103Aug 27, 2009risk 0.04cvss —epss 0.10
Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value.
- CVE-2008-7102Aug 27, 2009risk 0.00cvss —epss 0.01
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.
- CVE-2008-7101Aug 27, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors.
- CVE-2008-7100Aug 27, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity."
- CVE-2008-7099Aug 27, 2009risk 0.03cvss —epss 0.02
Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-7098Aug 27, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the (1) Title and (2) Text fields; (3) the gallery, possibly the Description field in Your Pictures; (4) the forum,…
- CVE-2008-7097Aug 27, 2009risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in…
- CVE-2008-7096Aug 27, 2009risk 0.00cvss —epss 0.00
Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or…
- CVE-2009-2978Aug 27, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-7095Aug 27, 2009risk 0.00cvss —epss 0.01
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName…
- CVE-2009-2977Aug 27, 2009risk 0.00cvss —epss 0.01
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files.
- CVE-2009-2976Aug 27, 2009risk 0.00cvss —epss 0.01
Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network.
- CVE-2009-2975Aug 27, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows…
- CVE-2009-2974Aug 27, 2009risk 0.00cvss —epss 0.01
Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption)…
- CVE-2009-2973Aug 27, 2009risk 0.00cvss —epss 0.01
Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to…
- CVE-2009-2972Aug 27, 2009risk 0.00cvss —epss 0.03
in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb."
- risk 0.54cvss 7.8epss 0.07
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE…
- CVE-2009-2935Aug 27, 2009risk 0.00cvss —epss 0.05
Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.
- CVE-2009-2861Aug 27, 2009risk 0.00cvss —epss 0.01
The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted…
- CVE-2009-2054Aug 27, 2009risk 0.00cvss —epss 0.03
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP…
- CVE-2009-2053Aug 27, 2009risk 0.00cvss —epss 0.03
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP…
- CVE-2009-2052Aug 27, 2009risk 0.00cvss —epss 0.04
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of…
- CVE-2009-2051Aug 27, 2009risk 0.00cvss —epss 0.03
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of…
- CVE-2009-2050Aug 27, 2009risk 0.00cvss —epss 0.03
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.
- CVE-2009-2967Aug 26, 2009risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959.
- CVE-2008-7094Aug 26, 2009risk 0.00cvss —epss 0.01
Campaign/CampaignListener in the listener server in Unica Affinium Campaign 7.2.1.0.55 allows remote attackers to cause a denial of service (server crash) via a crafted length field that triggers (1) connection exhaustion or (2) memory allocation failure.
- CVE-2008-7093Aug 26, 2009risk 0.00cvss —epss 0.02
Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to (1) create arbitrary directories or files via a .. (dot dot) in the folder name in the new folder functionality or (2) list arbitrary files via a crafted request to…
- CVE-2008-7092Aug 26, 2009risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to…
- CVE-2008-7091Aug 26, 2009risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to…
- CVE-2008-7090Aug 26, 2009risk 0.04cvss —epss 0.08
Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter…