| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-2354 | 0.00 | — | 0.01 | Jul 7, 2009 | SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2009-2353 | 0.00 | — | 0.02 | Jul 7, 2009 | encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files. | |||
| CVE-2009-2352 | 0.03 | — | 0.02 | Jul 7, 2009 | Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh… | |||
| CVE-2009-2351 | 0.00 | — | 0.02 | Jul 7, 2009 | Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a… | |||
| CVE-2009-2350 | 0.04 | — | 0.14 | Jul 7, 2009 | Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the… | |||
| CVE-2008-0020 | 0.02 | — | 0.31 | Jul 7, 2009 | Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1,… | |||
| CVE-2008-0015 | Hig | 0.78 | 8.8 | 0.77 | KEV | Jul 7, 2009 | Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,… | |
| CVE-2009-2345 | 0.00 | — | 0.01 | Jul 7, 2009 | Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components. | |||
| CVE-2009-2344 | 0.04 | — | 0.09 | Jul 7, 2009 | The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components. | |||
| CVE-2009-2343 | 0.00 | — | 0.01 | Jul 7, 2009 | Cross-site scripting (XSS) vulnerability in people.php in Zoph before 0.7.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-2342 | 0.00 | — | 0.01 | Jul 7, 2009 | Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field. | |||
| CVE-2009-2341 | 0.03 | — | 0.01 | Jul 7, 2009 | SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter. | |||
| CVE-2009-2340 | 0.03 | — | 0.02 | Jul 7, 2009 | SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-2339 | 0.03 | — | 0.01 | Jul 7, 2009 | SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter. | |||
| CVE-2009-2338 | 0.03 | — | 0.02 | Jul 7, 2009 | Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter. | |||
| CVE-2009-2337 | — | 0.03 | — | 0.02 | Jul 7, 2009 | SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter. | ||
| CVE-2008-6853 | 0.03 | — | 0.01 | Jul 7, 2009 | SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter. | |||
| CVE-2008-6852 | 0.03 | — | 0.01 | Jul 7, 2009 | SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||
| CVE-2008-6851 | 0.03 | — | 0.01 | Jul 7, 2009 | SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||
| CVE-2008-6850 | 0.00 | — | 0.01 | Jul 7, 2009 | Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-6849 | 0.03 | — | 0.02 | Jul 7, 2009 | Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php. | |||
| CVE-2008-6848 | 0.03 | — | 0.02 | Jul 7, 2009 | Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action. | |||
| CVE-2009-2333 | 0.03 | — | 0.06 | Jul 5, 2009 | Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3)… | |||
| CVE-2009-2332 | 0.03 | — | 0.02 | Jul 5, 2009 | CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message. | |||
| CVE-2009-2331 | 0.03 | — | 0.02 | Jul 5, 2009 | Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php. | |||
| CVE-2009-2330 | 0.03 | — | 0.02 | Jul 5, 2009 | Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter. | |||
| CVE-2009-2329 | 0.03 | — | 0.02 | Jul 5, 2009 | KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) admin/head.php, or (2) voting_diagram.php, (3) voting.php, (4) topics_search.php, (5) topics_list.php, (6) top_part.php, (7) quick_search.php, (8) quick_reply.php,… | |||
| CVE-2009-2328 | 0.03 | — | 0.01 | Jul 5, 2009 | admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter. | |||
| CVE-2009-2327 | 0.03 | — | 0.03 | Jul 5, 2009 | Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter. | |||
| CVE-2009-2326 | 0.03 | — | 0.01 | Jul 5, 2009 | Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a… | |||
| CVE-2009-2325 | 0.03 | — | 0.03 | Jul 5, 2009 | Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter. | |||
| CVE-2009-2324 | 0.00 | — | 0.02 | Jul 5, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory. | |||
| CVE-2009-2323 | 0.00 | — | 0.01 | Jul 5, 2009 | The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the… | |||
| CVE-2009-2322 | 0.00 | — | 0.01 | Jul 5, 2009 | Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2321 | 0.00 | — | 0.02 | Jul 5, 2009 | cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string. | |||
| CVE-2009-2320 | 0.00 | — | 0.01 | Jul 5, 2009 | The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript. | |||
| CVE-2009-2319 | 0.00 | — | 0.01 | Jul 5, 2009 | The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2009-2318 | 0.00 | — | 0.01 | Jul 5, 2009 | The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116. | |||
| CVE-2009-2317 | 0.00 | — | 0.02 | Jul 5, 2009 | The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access. | |||
| CVE-2009-2316 | 0.00 | — | 0.02 | Jul 5, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later… | |||
| CVE-2009-2314 | 0.00 | — | 0.00 | Jul 5, 2009 | Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors. | |||
| CVE-2009-2295 | 0.00 | — | 0.03 | Jul 5, 2009 | Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24… | |||
| CVE-2009-2294 | 0.00 | — | 0.03 | Jul 5, 2009 | Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values. | |||
| CVE-2009-2265 | 0.10 | — | 0.84 | Jul 5, 2009 | Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution… | |||
| CVE-2009-1890 | 0.01 | — | 0.16 | Jul 5, 2009 | The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to… | |||
| CVE-2009-1648 | 0.00 | — | 0.02 | Jul 5, 2009 | The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services. | |||
| CVE-2009-1388 | Med | 0.36 | 5.5 | 0.00 | Jul 5, 2009 | The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping… | ||
| CVE-2009-0904 | 0.00 | — | 0.02 | Jul 5, 2009 | The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing… | |||
| CVE-2007-6728 | 0.00 | — | 0.01 | Jul 5, 2009 | Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration. | |||
| CVE-2007-6727 | 0.00 | — | 0.01 | Jul 5, 2009 | SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows remote attackers to execute arbitrary SQL commands via the forum parameter. |
- CVE-2009-2354Jul 7, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter.
- CVE-2009-2353Jul 7, 2009risk 0.00cvss —epss 0.02
encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files.
- CVE-2009-2352Jul 7, 2009risk 0.03cvss —epss 0.02
Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh…
- CVE-2009-2351Jul 7, 2009risk 0.00cvss —epss 0.02
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a…
- CVE-2009-2350Jul 7, 2009risk 0.04cvss —epss 0.14
Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the…
- CVE-2008-0020Jul 7, 2009risk 0.02cvss —epss 0.31
Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1,…
- risk 0.78cvss 8.8epss 0.77
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,…
- CVE-2009-2345Jul 7, 2009risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components.
- CVE-2009-2344Jul 7, 2009risk 0.04cvss —epss 0.09
The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
- CVE-2009-2343Jul 7, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in people.php in Zoph before 0.7.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
- CVE-2009-2342Jul 7, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field.
- CVE-2009-2341Jul 7, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
- CVE-2009-2340Jul 7, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.
- CVE-2009-2339Jul 7, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.
- CVE-2009-2338Jul 7, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter.
- CVE-2009-2337Jul 7, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.
- CVE-2008-6853Jul 7, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter.
- CVE-2008-6852Jul 7, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
- CVE-2008-6851Jul 7, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter.
- CVE-2008-6850Jul 7, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-6849Jul 7, 2009risk 0.03cvss —epss 0.02
Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php.
- CVE-2008-6848Jul 7, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.
- CVE-2009-2333Jul 5, 2009risk 0.03cvss —epss 0.06
Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3)…
- CVE-2009-2332Jul 5, 2009risk 0.03cvss —epss 0.02
CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message.
- CVE-2009-2331Jul 5, 2009risk 0.03cvss —epss 0.02
Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php.
- CVE-2009-2330Jul 5, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
- CVE-2009-2329Jul 5, 2009risk 0.03cvss —epss 0.02
KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) admin/head.php, or (2) voting_diagram.php, (3) voting.php, (4) topics_search.php, (5) topics_list.php, (6) top_part.php, (7) quick_search.php, (8) quick_reply.php,…
- CVE-2009-2328Jul 5, 2009risk 0.03cvss —epss 0.01
admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.
- CVE-2009-2327Jul 5, 2009risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter.
- CVE-2009-2326Jul 5, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a…
- CVE-2009-2325Jul 5, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.
- CVE-2009-2324Jul 5, 2009risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.
- CVE-2009-2323Jul 5, 2009risk 0.00cvss —epss 0.01
The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the…
- CVE-2009-2322Jul 5, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2321Jul 5, 2009risk 0.00cvss —epss 0.02
cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string.
- CVE-2009-2320Jul 5, 2009risk 0.00cvss —epss 0.01
The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript.
- CVE-2009-2319Jul 5, 2009risk 0.00cvss —epss 0.01
The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
- CVE-2009-2318Jul 5, 2009risk 0.00cvss —epss 0.01
The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116.
- CVE-2009-2317Jul 5, 2009risk 0.00cvss —epss 0.02
The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.
- CVE-2009-2316Jul 5, 2009risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later…
- CVE-2009-2314Jul 5, 2009risk 0.00cvss —epss 0.00
Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors.
- CVE-2009-2295Jul 5, 2009risk 0.00cvss —epss 0.03
Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24…
- CVE-2009-2294Jul 5, 2009risk 0.00cvss —epss 0.03
Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values.
- CVE-2009-2265Jul 5, 2009risk 0.10cvss —epss 0.84
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution…
- CVE-2009-1890Jul 5, 2009risk 0.01cvss —epss 0.16
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to…
- CVE-2009-1648Jul 5, 2009risk 0.00cvss —epss 0.02
The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.
- risk 0.36cvss 5.5epss 0.00
The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping…
- CVE-2009-0904Jul 5, 2009risk 0.00cvss —epss 0.02
The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing…
- CVE-2007-6728Jul 5, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration.
- CVE-2007-6727Jul 5, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows remote attackers to execute arbitrary SQL commands via the forum parameter.