| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6875 | 0.03 | — | 0.01 | Jul 24, 2009 | SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220. | |||
| CVE-2008-6874 | 0.03 | — | 0.01 | Jul 24, 2009 | Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp. | |||
| CVE-2009-2584 | 0.00 | — | 0.01 | Jul 23, 2009 | Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count… | |||
| CVE-2009-2583 | 0.00 | — | 0.01 | Jul 23, 2009 | Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces. | |||
| CVE-2009-2582 | 0.00 | — | 0.03 | Jul 23, 2009 | Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and… | |||
| CVE-2009-1862 | Hig | 0.65 | 7.8 | 0.25 | KEV | Jul 23, 2009 | Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash… | |
| CVE-2009-2581 | 0.00 | — | 0.01 | Jul 23, 2009 | Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScripts EsNews 1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||
| CVE-2008-6873 | 0.03 | — | 0.01 | Jul 23, 2009 | SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx. | |||
| CVE-2008-6872 | 0.03 | — | 0.06 | Jul 23, 2009 | ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb. | |||
| CVE-2008-6871 | 0.03 | — | 0.02 | Jul 23, 2009 | Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request. | |||
| CVE-2008-6870 | 0.03 | — | 0.03 | Jul 23, 2009 | Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp. | |||
| CVE-2008-6869 | 0.03 | — | 0.06 | Jul 23, 2009 | Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini. | |||
| CVE-2008-6868 | 0.00 | — | 0.01 | Jul 23, 2009 | Cross-site scripting (XSS) vulnerability in default/login.php in EditeurScripts EsBaseAdmin 2.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037. | |||
| CVE-2009-2578 | 0.00 | — | 0.01 | Jul 22, 2009 | Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | |||
| CVE-2009-2577 | 0.00 | — | 0.02 | Jul 22, 2009 | Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | |||
| CVE-2009-2576 | 0.01 | — | 0.15 | Jul 22, 2009 | Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and… | |||
| CVE-2009-2575 | 0.00 | — | 0.02 | Jul 22, 2009 | The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (memory consumption and browser crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||
| CVE-2009-2472 | 0.00 | — | 0.02 | Jul 22, 2009 | Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin… | |||
| CVE-2009-2471 | 0.00 | — | 0.04 | Jul 22, 2009 | The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper. | |||
| CVE-2009-2469 | 0.00 | — | 0.06 | Jul 22, 2009 | Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary… | |||
| CVE-2009-2468 | 0.01 | — | 0.06 | Jul 22, 2009 | Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a… | |||
| CVE-2009-2467 | 0.00 | — | 0.05 | Jul 22, 2009 | Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers… | |||
| CVE-2009-2466 | 0.01 | — | 0.07 | Jul 22, 2009 | The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and… | |||
| CVE-2009-2465 | 0.00 | — | 0.05 | Jul 22, 2009 | Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp,… | |||
| CVE-2009-2464 | 0.04 | — | 0.13 | Jul 22, 2009 | The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors… | |||
| CVE-2009-2463 | 0.01 | — | 0.06 | Jul 22, 2009 | Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory… | |||
| CVE-2009-2462 | 0.00 | — | 0.05 | Jul 22, 2009 | The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a… | |||
| CVE-2009-2574 | 0.03 | — | 0.02 | Jul 22, 2009 | index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action. | |||
| CVE-2009-2573 | 0.03 | — | 0.01 | Jul 22, 2009 | Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php. | |||
| CVE-2009-2572 | 0.00 | — | 0.01 | Jul 22, 2009 | Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes. | |||
| CVE-2009-2571 | 0.03 | — | 0.01 | Jul 22, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action. | |||
| CVE-2009-2570 | 0.04 | — | 0.12 | Jul 22, 2009 | Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX control in WinFax\DCCFAXVW.DLL in Symantec WinFax Pro 10.03 allows remote attackers to execute arbitrary code via a long argument to the AppendFax method. | |||
| CVE-2009-2569 | 0.03 | — | 0.02 | Jul 22, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remote attackers to inject arbitrary web script or HTML via (1) the nick parameter in a login action to index.php or (2) the URI in a news request to index.html. | |||
| CVE-2009-2568 | 0.03 | — | 0.06 | Jul 22, 2009 | Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file. | |||
| CVE-2009-2567 | 0.03 | — | 0.01 | Jul 22, 2009 | SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||
| CVE-2009-2566 | 0.05 | — | 0.31 | Jul 21, 2009 | Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file. | |||
| CVE-2009-2565 | 0.00 | — | 0.01 | Jul 21, 2009 | Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2564 | 0.03 | — | 0.06 | Jul 21, 2009 | NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which… | |||
| CVE-2009-2563 | 0.00 | — | 0.03 | Jul 21, 2009 | Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors. | |||
| CVE-2009-2562 | 0.00 | — | 0.03 | Jul 21, 2009 | Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. | |||
| CVE-2009-2561 | 0.00 | — | 0.02 | Jul 21, 2009 | Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors. | |||
| CVE-2009-2560 | 0.00 | — | 0.02 | Jul 21, 2009 | Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later… | |||
| CVE-2009-2559 | 0.00 | — | 0.02 | Jul 21, 2009 | Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-2558 | 0.03 | — | 0.02 | Jul 21, 2009 | system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request. | |||
| CVE-2009-2557 | 0.04 | — | 0.07 | Jul 21, 2009 | Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter. | |||
| CVE-2009-2556 | 0.00 | — | 0.02 | Jul 21, 2009 | Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation. | |||
| CVE-2009-2555 | 0.00 | — | 0.03 | Jul 21, 2009 | Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression. | |||
| CVE-2009-2554 | 0.03 | — | 0.01 | Jul 20, 2009 | SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to… | |||
| CVE-2009-2553 | 0.03 | — | 0.02 | Jul 20, 2009 | Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter. | |||
| CVE-2009-2552 | 0.03 | — | 0.02 | Jul 20, 2009 | Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter. |
- CVE-2008-6875Jul 24, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.
- CVE-2008-6874Jul 24, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp.
- CVE-2009-2584Jul 23, 2009risk 0.00cvss —epss 0.01
Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count…
- CVE-2009-2583Jul 23, 2009risk 0.00cvss —epss 0.01
Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.
- CVE-2009-2582Jul 23, 2009risk 0.00cvss —epss 0.03
Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and…
- risk 0.65cvss 7.8epss 0.25
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash…
- CVE-2009-2581Jul 23, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScripts EsNews 1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
- CVE-2008-6873Jul 23, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
- CVE-2008-6872Jul 23, 2009risk 0.03cvss —epss 0.06
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb.
- CVE-2008-6871Jul 23, 2009risk 0.03cvss —epss 0.02
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.
- CVE-2008-6870Jul 23, 2009risk 0.03cvss —epss 0.03
Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp.
- CVE-2008-6869Jul 23, 2009risk 0.03cvss —epss 0.06
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini.
- CVE-2008-6868Jul 23, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in default/login.php in EditeurScripts EsBaseAdmin 2.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037.
- CVE-2009-2578Jul 22, 2009risk 0.00cvss —epss 0.01
Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
- CVE-2009-2577Jul 22, 2009risk 0.00cvss —epss 0.02
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
- CVE-2009-2576Jul 22, 2009risk 0.01cvss —epss 0.15
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and…
- CVE-2009-2575Jul 22, 2009risk 0.00cvss —epss 0.02
The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (memory consumption and browser crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
- CVE-2009-2472Jul 22, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin…
- CVE-2009-2471Jul 22, 2009risk 0.00cvss —epss 0.04
The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.
- CVE-2009-2469Jul 22, 2009risk 0.00cvss —epss 0.06
Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary…
- CVE-2009-2468Jul 22, 2009risk 0.01cvss —epss 0.06
Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a…
- CVE-2009-2467Jul 22, 2009risk 0.00cvss —epss 0.05
Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers…
- CVE-2009-2466Jul 22, 2009risk 0.01cvss —epss 0.07
The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and…
- CVE-2009-2465Jul 22, 2009risk 0.00cvss —epss 0.05
Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp,…
- CVE-2009-2464Jul 22, 2009risk 0.04cvss —epss 0.13
The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors…
- CVE-2009-2463Jul 22, 2009risk 0.01cvss —epss 0.06
Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory…
- CVE-2009-2462Jul 22, 2009risk 0.00cvss —epss 0.05
The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a…
- CVE-2009-2574Jul 22, 2009risk 0.03cvss —epss 0.02
index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action.
- CVE-2009-2573Jul 22, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php.
- CVE-2009-2572Jul 22, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes.
- CVE-2009-2571Jul 22, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action.
- CVE-2009-2570Jul 22, 2009risk 0.04cvss —epss 0.12
Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX control in WinFax\DCCFAXVW.DLL in Symantec WinFax Pro 10.03 allows remote attackers to execute arbitrary code via a long argument to the AppendFax method.
- CVE-2009-2569Jul 22, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remote attackers to inject arbitrary web script or HTML via (1) the nick parameter in a login action to index.php or (2) the URI in a news request to index.html.
- CVE-2009-2568Jul 22, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
- CVE-2009-2567Jul 22, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
- CVE-2009-2566Jul 21, 2009risk 0.05cvss —epss 0.31
Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
- CVE-2009-2565Jul 21, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2564Jul 21, 2009risk 0.03cvss —epss 0.06
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which…
- CVE-2009-2563Jul 21, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
- CVE-2009-2562Jul 21, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
- CVE-2009-2561Jul 21, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.
- CVE-2009-2560Jul 21, 2009risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later…
- CVE-2009-2559Jul 21, 2009risk 0.00cvss —epss 0.02
Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information.
- CVE-2009-2558Jul 21, 2009risk 0.03cvss —epss 0.02
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request.
- CVE-2009-2557Jul 21, 2009risk 0.04cvss —epss 0.07
Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter.
- CVE-2009-2556Jul 21, 2009risk 0.00cvss —epss 0.02
Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation.
- CVE-2009-2555Jul 21, 2009risk 0.00cvss —epss 0.03
Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
- CVE-2009-2554Jul 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to…
- CVE-2009-2553Jul 20, 2009risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter.
- CVE-2009-2552Jul 20, 2009risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter.