| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-1338 | 0.00 | — | 0.00 | Apr 22, 2009 | The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in… | |||
| CVE-2009-1337 | 0.03 | — | 0.01 | Apr 22, 2009 | The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and… | |||
| CVE-2009-1336 | 0.00 | — | 0.00 | Apr 22, 2009 | fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function. | |||
| CVE-2009-1358 | 0.00 | — | 0.04 | Apr 21, 2009 | apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious… | |||
| CVE-2008-6742 | 0.03 | — | 0.02 | Apr 21, 2009 | Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value. | |||
| CVE-2008-6741 | 0.03 | — | 0.01 | Apr 21, 2009 | SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to… | |||
| CVE-2008-6740 | 0.03 | — | 0.02 | Apr 21, 2009 | PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter. | |||
| CVE-2008-6739 | 0.03 | — | 0.02 | Apr 21, 2009 | Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. | |||
| CVE-2008-6738 | 0.03 | — | 0.03 | Apr 21, 2009 | MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1. | |||
| CVE-2008-6737 | 0.03 | — | 0.03 | Apr 21, 2009 | Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information. | |||
| CVE-2008-6736 | 0.03 | — | 0.02 | Apr 21, 2009 | Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the… | |||
| CVE-2008-6735 | 0.03 | — | 0.02 | Apr 21, 2009 | Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie. | |||
| CVE-2008-6734 | 0.03 | — | 0.03 | Apr 21, 2009 | Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||
| CVE-2008-6733 | 0.00 | — | 0.01 | Apr 21, 2009 | Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter. | |||
| CVE-2008-6732 | 0.00 | — | 0.01 | Apr 21, 2009 | Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths." | |||
| CVE-2006-7238 | 0.00 | — | 0.01 | Apr 21, 2009 | Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-1356 | 0.03 | — | 0.05 | Apr 21, 2009 | Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file. | |||
| CVE-2009-1355 | 0.00 | — | 0.00 | Apr 21, 2009 | Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename. | |||
| CVE-2009-1354 | 0.03 | — | 0.02 | Apr 21, 2009 | Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||
| CVE-2009-1353 | 0.04 | — | 0.08 | Apr 21, 2009 | Buffer overflow in the http_parse_hex function in libz/misc.c in Zervit Webserver 0.02 allows remote attackers to cause a denial of service (daemon crash) via a long URI, related to http.c. | |||
| CVE-2009-1352 | 0.03 | — | 0.06 | Apr 21, 2009 | Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL. | |||
| CVE-2009-1351 | 0.03 | — | 0.06 | Apr 21, 2009 | Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file. | |||
| CVE-2009-1350 | 0.08 | — | 0.66 | Apr 21, 2009 | Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer. | |||
| CVE-2009-1349 | 0.03 | — | 0.01 | Apr 21, 2009 | Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allows remote attackers to inject arbitrary web script or HTML via the URI. | |||
| CVE-2009-1266 | 0.00 | — | 0.02 | Apr 21, 2009 | Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors. | |||
| CVE-2009-0718 | 0.01 | — | 0.08 | Apr 21, 2009 | Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2009-0717 | 0.00 | — | 0.02 | Apr 21, 2009 | Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2009-0716 | 0.00 | — | 0.02 | Apr 21, 2009 | Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors. | |||
| CVE-2009-0715 | 0.00 | — | 0.01 | Apr 21, 2009 | Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors. | |||
| CVE-2009-1347 | 0.03 | — | 0.01 | Apr 20, 2009 | Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field). | |||
| CVE-2009-1346 | 0.03 | — | 0.02 | Apr 20, 2009 | SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter. | |||
| CVE-2009-1345 | 0.03 | — | 0.01 | Apr 20, 2009 | SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter. | |||
| CVE-2009-1344 | 0.00 | — | 0.01 | Apr 20, 2009 | Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality. | |||
| CVE-2009-1343 | 0.00 | — | 0.01 | Apr 20, 2009 | Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles. | |||
| CVE-2009-1342 | 0.00 | — | 0.01 | Apr 20, 2009 | Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form. | |||
| CVE-2008-6731 | 0.03 | — | 0.06 | Apr 20, 2009 | Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/. | |||
| CVE-2008-6730 | 0.03 | — | 0.02 | Apr 20, 2009 | Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka… | |||
| CVE-2008-6729 | 0.03 | — | 0.01 | Apr 20, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter. | |||
| CVE-2008-6728 | 0.00 | — | 0.01 | Apr 20, 2009 | SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php. | |||
| CVE-2008-6727 | 0.03 | — | 0.01 | Apr 20, 2009 | Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||
| CVE-2009-1335 | 0.04 | — | 0.15 | Apr 17, 2009 | Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. | |||
| CVE-2009-1334 | 0.03 | — | 0.02 | Apr 17, 2009 | Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter. | |||
| CVE-2009-1333 | 0.00 | — | 0.02 | Apr 17, 2009 | Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the web interface on the HP Deskjet 6840 printer with firmware XF1M131A allows remote attackers to inject arbitrary web script or HTML via the POST request body. | |||
| CVE-2009-1332 | 0.00 | — | 0.02 | Apr 17, 2009 | The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors. | |||
| CVE-2009-1331 | 0.04 | — | 0.18 | Apr 17, 2009 | Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. | |||
| CVE-2009-1186 | 0.00 | — | 0.01 | Apr 17, 2009 | Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. | |||
| CVE-2009-1185 | 0.10 | — | 0.82 | Apr 17, 2009 | udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. | |||
| CVE-2009-0039 | 0.00 | — | 0.11 | Apr 17, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration… | |||
| CVE-2009-0038 | 0.00 | — | 0.18 | Apr 17, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to… | |||
| CVE-2008-5518 | 0.00 | — | 0.36 | Apr 17, 2009 | Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3)… |
- CVE-2009-1338Apr 22, 2009risk 0.00cvss —epss 0.00
The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in…
- CVE-2009-1337Apr 22, 2009risk 0.03cvss —epss 0.01
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and…
- CVE-2009-1336Apr 22, 2009risk 0.00cvss —epss 0.00
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.
- CVE-2009-1358Apr 21, 2009risk 0.00cvss —epss 0.04
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious…
- CVE-2008-6742Apr 21, 2009risk 0.03cvss —epss 0.02
Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value.
- CVE-2008-6741Apr 21, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to…
- CVE-2008-6740Apr 21, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter.
- CVE-2008-6739Apr 21, 2009risk 0.03cvss —epss 0.02
Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.
- CVE-2008-6738Apr 21, 2009risk 0.03cvss —epss 0.03
MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.
- CVE-2008-6737Apr 21, 2009risk 0.03cvss —epss 0.03
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.
- CVE-2008-6736Apr 21, 2009risk 0.03cvss —epss 0.02
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the…
- CVE-2008-6735Apr 21, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie.
- CVE-2008-6734Apr 21, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
- CVE-2008-6733Apr 21, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter.
- CVE-2008-6732Apr 21, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths."
- CVE-2006-7238Apr 21, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-1356Apr 21, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file.
- CVE-2009-1355Apr 21, 2009risk 0.00cvss —epss 0.00
Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.
- CVE-2009-1354Apr 21, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- CVE-2009-1353Apr 21, 2009risk 0.04cvss —epss 0.08
Buffer overflow in the http_parse_hex function in libz/misc.c in Zervit Webserver 0.02 allows remote attackers to cause a denial of service (daemon crash) via a long URI, related to http.c.
- CVE-2009-1352Apr 21, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL.
- CVE-2009-1351Apr 21, 2009risk 0.03cvss —epss 0.06
Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.
- CVE-2009-1350Apr 21, 2009risk 0.08cvss —epss 0.66
Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.
- CVE-2009-1349Apr 21, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allows remote attackers to inject arbitrary web script or HTML via the URI.
- CVE-2009-1266Apr 21, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors.
- CVE-2009-0718Apr 21, 2009risk 0.01cvss —epss 0.08
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2009-0717Apr 21, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors.
- CVE-2009-0716Apr 21, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors.
- CVE-2009-0715Apr 21, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors.
- CVE-2009-1347Apr 20, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).
- CVE-2009-1346Apr 20, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter.
- CVE-2009-1345Apr 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
- CVE-2009-1344Apr 20, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.
- CVE-2009-1343Apr 20, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles.
- CVE-2009-1342Apr 20, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form.
- CVE-2008-6731Apr 20, 2009risk 0.03cvss —epss 0.06
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
- CVE-2008-6730Apr 20, 2009risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka…
- CVE-2008-6729Apr 20, 2009risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.
- CVE-2008-6728Apr 20, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
- CVE-2008-6727Apr 20, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
- CVE-2009-1335Apr 17, 2009risk 0.04cvss —epss 0.15
Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
- CVE-2009-1334Apr 17, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.
- CVE-2009-1333Apr 17, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the web interface on the HP Deskjet 6840 printer with firmware XF1M131A allows remote attackers to inject arbitrary web script or HTML via the POST request body.
- CVE-2009-1332Apr 17, 2009risk 0.00cvss —epss 0.02
The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors.
- CVE-2009-1331Apr 17, 2009risk 0.04cvss —epss 0.18
Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid.
- CVE-2009-1186Apr 17, 2009risk 0.00cvss —epss 0.01
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
- CVE-2009-1185Apr 17, 2009risk 0.10cvss —epss 0.82
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
- CVE-2009-0039Apr 17, 2009risk 0.00cvss —epss 0.11
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration…
- CVE-2009-0038Apr 17, 2009risk 0.00cvss —epss 0.18
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to…
- CVE-2008-5518Apr 17, 2009risk 0.00cvss —epss 0.36
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3)…