| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-7017 | 0.03 | — | 0.01 | Aug 21, 2009 | Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate. | |||
| CVE-2008-7016 | 0.00 | — | 0.01 | Aug 21, 2009 | tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server. | |||
| CVE-2009-2925 | 0.03 | — | 0.03 | Aug 21, 2009 | Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter. | |||
| CVE-2009-2924 | 0.03 | — | 0.01 | Aug 21, 2009 | Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php. | |||
| CVE-2009-2923 | 0.03 | — | 0.03 | Aug 21, 2009 | Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php. | |||
| CVE-2009-2922 | 0.03 | — | 0.03 | Aug 21, 2009 | Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter. | |||
| CVE-2009-2921 | 0.03 | — | 0.01 | Aug 21, 2009 | Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field). | |||
| CVE-2009-2920 | 0.03 | — | 0.01 | Aug 21, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to… | |||
| CVE-2009-2919 | 0.00 | — | 0.01 | Aug 21, 2009 | Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. | |||
| CVE-2009-2918 | 0.03 | — | 0.01 | Aug 21, 2009 | The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0. | |||
| CVE-2009-2917 | 0.03 | — | 0.03 | Aug 21, 2009 | Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file. | |||
| CVE-2009-2916 | 0.00 | — | 0.03 | Aug 21, 2009 | Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname. | |||
| CVE-2009-2915 | — | 0.03 | — | 0.01 | Aug 21, 2009 | SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action. | ||
| CVE-2009-2914 | 0.00 | — | 0.01 | Aug 21, 2009 | Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2009-2913 | 0.00 | — | 0.01 | Aug 21, 2009 | Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2009-2912 | 0.00 | — | 0.00 | Aug 21, 2009 | The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls. | |||
| CVE-2009-2732 | 0.04 | — | 0.07 | Aug 21, 2009 | The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. | |||
| CVE-2009-2694 | 0.05 | — | 0.20 | Aug 21, 2009 | The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application… | |||
| CVE-2009-0638 | 0.00 | — | 0.03 | Aug 21, 2009 | The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP… | |||
| CVE-2009-2896 | 0.03 | — | 0.06 | Aug 20, 2009 | Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-2895 | 0.03 | — | 0.01 | Aug 20, 2009 | SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||
| CVE-2009-2894 | 0.03 | — | 0.01 | Aug 20, 2009 | Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php. | |||
| CVE-2009-2893 | 0.03 | — | 0.01 | Aug 20, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter. | |||
| CVE-2009-2892 | 0.03 | — | 0.01 | Aug 20, 2009 | Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie. | |||
| CVE-2009-2891 | 0.03 | — | 0.01 | Aug 20, 2009 | SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2009-2890 | 0.03 | — | 0.03 | Aug 20, 2009 | Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. | |||
| CVE-2009-2889 | 0.03 | — | 0.01 | Aug 20, 2009 | Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter. | |||
| CVE-2009-2888 | 0.03 | — | 0.01 | Aug 20, 2009 | SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter. | |||
| CVE-2009-2887 | 0.00 | — | 0.01 | Aug 20, 2009 | Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter. | |||
| CVE-2009-2886 | 0.00 | — | 0.01 | Aug 20, 2009 | SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||
| CVE-2009-2885 | 0.03 | — | 0.01 | Aug 20, 2009 | SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||
| CVE-2009-2884 | 0.03 | — | 0.01 | Aug 20, 2009 | Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter. | |||
| CVE-2009-2883 | 0.03 | — | 0.01 | Aug 20, 2009 | SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php. | |||
| CVE-2009-2882 | 0.03 | — | 0.02 | Aug 20, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to… | |||
| CVE-2009-2881 | 0.03 | — | 0.01 | Aug 20, 2009 | Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/. | |||
| CVE-2009-2860 | 0.00 | — | 0.02 | Aug 19, 2009 | Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | |||
| CVE-2009-2859 | 0.00 | — | 0.00 | Aug 19, 2009 | IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | |||
| CVE-2009-2858 | 0.00 | — | 0.02 | Aug 19, 2009 | Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure. | |||
| CVE-2009-2857 | Med | 0.36 | 5.5 | 0.00 | Aug 19, 2009 | The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and… | ||
| CVE-2009-2740 | 0.00 | — | 0.02 | Aug 19, 2009 | kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet. | |||
| CVE-2009-2627 | 0.00 | — | 0.05 | Aug 19, 2009 | Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121. | |||
| CVE-2009-2055 | Med | 0.51 | 5.9 | 0.03 | KEV | Aug 19, 2009 | Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009. | |
| CVE-2009-1884 | 0.00 | — | 0.03 | Aug 19, 2009 | Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a… | |||
| CVE-2009-0682 | 0.00 | — | 0.00 | Aug 19, 2009 | vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash)… | |||
| CVE-2008-7015 | 0.03 | — | 0.03 | Aug 19, 2009 | Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure. | |||
| CVE-2008-7014 | 0.03 | — | 0.03 | Aug 19, 2009 | fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value. | |||
| CVE-2008-7013 | 0.00 | — | 0.01 | Aug 19, 2009 | NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error. | |||
| CVE-2008-7012 | 0.04 | — | 0.07 | Aug 19, 2009 | courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters. | |||
| CVE-2008-7011 | 0.03 | — | 0.02 | Aug 19, 2009 | The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which… | |||
| CVE-2008-7010 | 0.03 | — | 0.04 | Aug 19, 2009 | Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php. |
- CVE-2008-7017Aug 21, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.
- CVE-2008-7016Aug 21, 2009risk 0.00cvss —epss 0.01
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server.
- CVE-2009-2925Aug 21, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter.
- CVE-2009-2924Aug 21, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php.
- CVE-2009-2923Aug 21, 2009risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php.
- CVE-2009-2922Aug 21, 2009risk 0.03cvss —epss 0.03
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter.
- CVE-2009-2921Aug 21, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).
- CVE-2009-2920Aug 21, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to…
- CVE-2009-2919Aug 21, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
- CVE-2009-2918Aug 21, 2009risk 0.03cvss —epss 0.01
The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0.
- CVE-2009-2917Aug 21, 2009risk 0.03cvss —epss 0.03
Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file.
- CVE-2009-2916Aug 21, 2009risk 0.00cvss —epss 0.03
Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname.
- CVE-2009-2915Aug 21, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
- CVE-2009-2914Aug 21, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2009-2913Aug 21, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2009-2912Aug 21, 2009risk 0.00cvss —epss 0.00
The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.
- CVE-2009-2732Aug 21, 2009risk 0.04cvss —epss 0.07
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
- CVE-2009-2694Aug 21, 2009risk 0.05cvss —epss 0.20
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…
- CVE-2009-0638Aug 21, 2009risk 0.00cvss —epss 0.03
The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP…
- CVE-2009-2896Aug 20, 2009risk 0.03cvss —epss 0.06
Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.
- CVE-2009-2895Aug 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
- CVE-2009-2894Aug 20, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.
- CVE-2009-2893Aug 20, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
- CVE-2009-2892Aug 20, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.
- CVE-2009-2891Aug 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2009-2890Aug 20, 2009risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
- CVE-2009-2889Aug 20, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.
- CVE-2009-2888Aug 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
- CVE-2009-2887Aug 20, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.
- CVE-2009-2886Aug 20, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.
- CVE-2009-2885Aug 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter.
- CVE-2009-2884Aug 20, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter.
- CVE-2009-2883Aug 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
- CVE-2009-2882Aug 20, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to…
- CVE-2009-2881Aug 20, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.
- CVE-2009-2860Aug 19, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
- CVE-2009-2859Aug 19, 2009risk 0.00cvss —epss 0.00
IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
- CVE-2009-2858Aug 19, 2009risk 0.00cvss —epss 0.02
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.
- risk 0.36cvss 5.5epss 0.00
The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and…
- CVE-2009-2740Aug 19, 2009risk 0.00cvss —epss 0.02
kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet.
- CVE-2009-2627Aug 19, 2009risk 0.00cvss —epss 0.05
Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121.
- risk 0.51cvss 5.9epss 0.03
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
- CVE-2009-1884Aug 19, 2009risk 0.00cvss —epss 0.03
Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a…
- CVE-2009-0682Aug 19, 2009risk 0.00cvss —epss 0.00
vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash)…
- CVE-2008-7015Aug 19, 2009risk 0.03cvss —epss 0.03
Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.
- CVE-2008-7014Aug 19, 2009risk 0.03cvss —epss 0.03
fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value.
- CVE-2008-7013Aug 19, 2009risk 0.00cvss —epss 0.01
NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.
- CVE-2008-7012Aug 19, 2009risk 0.04cvss —epss 0.07
courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
- CVE-2008-7011Aug 19, 2009risk 0.03cvss —epss 0.02
The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which…
- CVE-2008-7010Aug 19, 2009risk 0.03cvss —epss 0.04
Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.