| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6750 | 0.03 | — | 0.04 | Apr 24, 2009 | Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/. | |||
| CVE-2008-6749 | 0.03 | — | 0.02 | Apr 24, 2009 | Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters. | |||
| CVE-2008-6748 | 0.03 | — | 0.04 | Apr 24, 2009 | Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI. | |||
| CVE-2009-1188 | 0.01 | — | 0.07 | Apr 23, 2009 | Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2009-1187 | 0.01 | — | 0.07 | Apr 23, 2009 | Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc). | |||
| CVE-2009-0165 | 0.00 | — | 0.04 | Apr 23, 2009 | Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." | |||
| CVE-2009-1357 | 0.04 | — | 0.07 | Apr 23, 2009 | CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter. | |||
| CVE-2009-1191 | 0.01 | — | 0.12 | Apr 23, 2009 | mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request. | |||
| CVE-2009-1183 | 0.00 | — | 0.04 | Apr 23, 2009 | The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. | |||
| CVE-2009-1182 | 0.01 | — | 0.07 | Apr 23, 2009 | Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. | |||
| CVE-2009-1181 | 0.00 | — | 0.04 | Apr 23, 2009 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. | |||
| CVE-2009-1180 | 0.00 | — | 0.05 | Apr 23, 2009 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. | |||
| CVE-2009-1179 | 0.00 | — | 0.06 | Apr 23, 2009 | Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. | |||
| CVE-2009-0800 | 0.00 | — | 0.05 | Apr 23, 2009 | Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. | |||
| CVE-2009-0799 | 0.00 | — | 0.04 | Apr 23, 2009 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. | |||
| CVE-2009-0664 | 0.00 | — | 0.02 | Apr 23, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. | |||
| CVE-2009-0662 | 0.00 | — | 0.01 | Apr 23, 2009 | The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors. | |||
| CVE-2009-0195 | 0.00 | — | 0.05 | Apr 23, 2009 | Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments. | |||
| CVE-2009-0166 | 0.00 | — | 0.02 | Apr 23, 2009 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. | |||
| CVE-2009-0163 | 0.00 | — | 0.04 | Apr 23, 2009 | Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function… | |||
| CVE-2009-0147 | 0.00 | — | 0.03 | Apr 23, 2009 | Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)… | |||
| CVE-2009-0146 | 0.00 | — | 0.03 | Apr 23, 2009 | Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2)… | |||
| CVE-2008-6747 | 0.00 | — | 0.01 | Apr 23, 2009 | dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-6746 | 0.00 | — | 0.01 | Apr 23, 2009 | Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name. | |||
| CVE-2008-6745 | 0.03 | — | 0.06 | Apr 23, 2009 | index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action. | |||
| CVE-2008-6744 | 0.00 | — | 0.01 | Apr 23, 2009 | Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2009-1372 | 0.01 | — | 0.08 | Apr 23, 2009 | Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL. | |||
| CVE-2009-1371 | 0.00 | — | 0.03 | Apr 23, 2009 | The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding. | |||
| CVE-2009-1370 | 0.03 | — | 0.06 | Apr 22, 2009 | Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file. | |||
| CVE-2009-1369 | 0.03 | — | 0.02 | Apr 22, 2009 | moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message. | |||
| CVE-2009-1368 | 0.03 | — | 0.06 | Apr 22, 2009 | Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3. | |||
| CVE-2009-1367 | 0.03 | — | 0.01 | Apr 22, 2009 | Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a. | |||
| CVE-2009-1366 | 0.00 | — | 0.01 | Apr 22, 2009 | Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality." | |||
| CVE-2008-6743 | 0.03 | — | 0.03 | Apr 22, 2009 | RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which… | |||
| CVE-2009-1362 | 0.03 | — | 0.01 | Apr 22, 2009 | SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2009-1361 | 0.03 | — | 0.04 | Apr 22, 2009 | dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2009-1312 | 0.03 | — | 0.06 | Apr 22, 2009 | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content… | |||
| CVE-2009-1311 | 0.00 | — | 0.02 | Apr 22, 2009 | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of… | |||
| CVE-2009-1310 | 0.00 | — | 0.02 | Apr 22, 2009 | Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | |||
| CVE-2009-1309 | 0.00 | — | 0.01 | Apr 22, 2009 | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote… | |||
| CVE-2009-1308 | 0.00 | — | 0.02 | Apr 22, 2009 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay… | |||
| CVE-2009-1307 | 0.00 | — | 0.02 | Apr 22, 2009 | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2)… | |||
| CVE-2009-1306 | 0.00 | — | 0.01 | Apr 22, 2009 | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar… | |||
| CVE-2009-1305 | 0.00 | — | 0.02 | Apr 22, 2009 | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that… | |||
| CVE-2009-1304 | 0.00 | — | 0.02 | Apr 22, 2009 | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper,… | |||
| CVE-2009-1303 | 0.00 | — | 0.02 | Apr 22, 2009 | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | |||
| CVE-2009-1302 | 0.00 | — | 0.03 | Apr 22, 2009 | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1)… | |||
| CVE-2009-0307 | 0.03 | — | 0.03 | Apr 22, 2009 | Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script… | |||
| CVE-2009-1360 | 0.00 | — | 0.03 | Apr 22, 2009 | The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving… | |||
| CVE-2009-1359 | 0.00 | — | 0.00 | Apr 22, 2009 | Unspecified vulnerability in the SCTP sockets implementation in Sun OpenSolaris snv_106 through snv_107 allows local users to cause a denial of service (panic) via unknown vectors. |
- CVE-2008-6750Apr 24, 2009risk 0.03cvss —epss 0.04
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.
- CVE-2008-6749Apr 24, 2009risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.
- CVE-2008-6748Apr 24, 2009risk 0.03cvss —epss 0.04
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
- CVE-2009-1188Apr 23, 2009risk 0.01cvss —epss 0.07
Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service…
- CVE-2009-1187Apr 23, 2009risk 0.01cvss —epss 0.07
Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).
- CVE-2009-0165Apr 23, 2009risk 0.00cvss —epss 0.04
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
- CVE-2009-1357Apr 23, 2009risk 0.04cvss —epss 0.07
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.
- CVE-2009-1191Apr 23, 2009risk 0.01cvss —epss 0.12
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
- CVE-2009-1183Apr 23, 2009risk 0.00cvss —epss 0.04
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
- CVE-2009-1182Apr 23, 2009risk 0.01cvss —epss 0.07
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-1181Apr 23, 2009risk 0.00cvss —epss 0.04
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
- CVE-2009-1180Apr 23, 2009risk 0.00cvss —epss 0.05
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
- CVE-2009-1179Apr 23, 2009risk 0.00cvss —epss 0.06
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-0800Apr 23, 2009risk 0.00cvss —epss 0.05
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-0799Apr 23, 2009risk 0.00cvss —epss 0.04
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
- CVE-2009-0664Apr 23, 2009risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view.
- CVE-2009-0662Apr 23, 2009risk 0.00cvss —epss 0.01
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.
- CVE-2009-0195Apr 23, 2009risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
- CVE-2009-0166Apr 23, 2009risk 0.00cvss —epss 0.02
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
- CVE-2009-0163Apr 23, 2009risk 0.00cvss —epss 0.04
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function…
- CVE-2009-0147Apr 23, 2009risk 0.00cvss —epss 0.03
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)…
- CVE-2009-0146Apr 23, 2009risk 0.00cvss —epss 0.03
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2)…
- CVE-2008-6747Apr 23, 2009risk 0.00cvss —epss 0.01
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information.
- CVE-2008-6746Apr 23, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name.
- CVE-2008-6745Apr 23, 2009risk 0.03cvss —epss 0.06
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.
- CVE-2008-6744Apr 23, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2009-1372Apr 23, 2009risk 0.01cvss —epss 0.08
Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL.
- CVE-2009-1371Apr 23, 2009risk 0.00cvss —epss 0.03
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.
- CVE-2009-1370Apr 22, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file.
- CVE-2009-1369Apr 22, 2009risk 0.03cvss —epss 0.02
moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message.
- CVE-2009-1368Apr 22, 2009risk 0.03cvss —epss 0.06
Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.
- CVE-2009-1367Apr 22, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a.
- CVE-2009-1366Apr 22, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality."
- CVE-2008-6743Apr 22, 2009risk 0.03cvss —epss 0.03
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which…
- CVE-2009-1362Apr 22, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2009-1361Apr 22, 2009risk 0.03cvss —epss 0.04
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2009-1312Apr 22, 2009risk 0.03cvss —epss 0.06
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content…
- CVE-2009-1311Apr 22, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of…
- CVE-2009-1310Apr 22, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
- CVE-2009-1309Apr 22, 2009risk 0.00cvss —epss 0.01
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote…
- CVE-2009-1308Apr 22, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay…
- CVE-2009-1307Apr 22, 2009risk 0.00cvss —epss 0.02
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2)…
- CVE-2009-1306Apr 22, 2009risk 0.00cvss —epss 0.01
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar…
- CVE-2009-1305Apr 22, 2009risk 0.00cvss —epss 0.02
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that…
- CVE-2009-1304Apr 22, 2009risk 0.00cvss —epss 0.02
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper,…
- CVE-2009-1303Apr 22, 2009risk 0.00cvss —epss 0.02
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
- CVE-2009-1302Apr 22, 2009risk 0.00cvss —epss 0.03
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1)…
- CVE-2009-0307Apr 22, 2009risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script…
- CVE-2009-1360Apr 22, 2009risk 0.00cvss —epss 0.03
The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving…
- CVE-2009-1359Apr 22, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the SCTP sockets implementation in Sun OpenSolaris snv_106 through snv_107 allows local users to cause a denial of service (panic) via unknown vectors.