| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6587 | 0.00 | — | 0.01 | Apr 3, 2009 | Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter. | |||
| CVE-2008-6586 | 0.03 | — | 0.03 | Apr 3, 2009 | Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the… | |||
| CVE-2008-6585 | 0.03 | — | 0.01 | Apr 3, 2009 | Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action. | |||
| CVE-2008-6584 | 0.00 | — | 0.02 | Apr 3, 2009 | html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/… | |||
| CVE-2008-6583 | 0.04 | — | 0.07 | Apr 3, 2009 | Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file. | |||
| CVE-2009-1238 | 0.03 | — | 0.01 | Apr 2, 2009 | Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads,… | |||
| CVE-2009-1237 | 0.03 | — | 0.01 | Apr 2, 2009 | Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call. | |||
| CVE-2009-1236 | 0.04 | — | 0.08 | Apr 2, 2009 | Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort… | |||
| CVE-2009-1235 | 0.03 | — | 0.01 | Apr 2, 2009 | XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain… | |||
| CVE-2009-1234 | 0.04 | — | 0.07 | Apr 2, 2009 | Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected. | |||
| CVE-2009-1233 | 0.03 | — | 0.04 | Apr 2, 2009 | Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. | |||
| CVE-2009-1232 | 0.03 | — | 0.05 | Apr 2, 2009 | Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also… | |||
| CVE-2009-1231 | 0.00 | — | 0.02 | Apr 2, 2009 | Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors. | |||
| CVE-2009-1230 | 0.03 | — | 0.02 | Apr 2, 2009 | Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action. | |||
| CVE-2009-1229 | 0.03 | — | 0.01 | Apr 2, 2009 | SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter. | |||
| CVE-2009-1228 | 0.03 | — | 0.02 | Apr 2, 2009 | Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter). | |||
| CVE-2009-1227 | 0.04 | — | 0.07 | Apr 2, 2009 | NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP… | |||
| CVE-2009-1226 | 0.03 | — | 0.02 | Apr 2, 2009 | core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter. | |||
| CVE-2009-1225 | 0.03 | — | 0.01 | Apr 2, 2009 | Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. | |||
| CVE-2009-1224 | 0.03 | — | 0.01 | Apr 2, 2009 | SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter. | |||
| CVE-2009-1223 | 0.00 | — | 0.01 | Apr 2, 2009 | aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb. | |||
| CVE-2009-1222 | 0.03 | — | 0.02 | Apr 2, 2009 | Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter. | |||
| CVE-2008-6582 | 0.03 | — | 0.01 | Apr 2, 2009 | SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||
| CVE-2008-6581 | 0.03 | — | 0.03 | Apr 2, 2009 | login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. | |||
| CVE-2008-6580 | 0.03 | — | 0.02 | Apr 2, 2009 | The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. | |||
| CVE-2003-1571 | 0.03 | — | 0.03 | Apr 2, 2009 | Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that… | |||
| CVE-2008-6579 | 0.00 | — | 0.01 | Apr 1, 2009 | Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." | |||
| CVE-2008-6578 | 0.00 | — | 0.03 | Apr 1, 2009 | Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors. | |||
| CVE-2008-6577 | 0.00 | — | 0.03 | Apr 1, 2009 | Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. | |||
| CVE-2008-6576 | 0.00 | — | 0.02 | Apr 1, 2009 | Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via… | |||
| CVE-2008-6575 | 0.00 | — | 0.01 | Apr 1, 2009 | Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors. | |||
| CVE-2008-6574 | 0.00 | — | 0.01 | Apr 1, 2009 | Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials. | |||
| CVE-2008-6573 | 0.00 | — | 0.01 | Apr 1, 2009 | Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager… | |||
| CVE-2009-1220 | 0.04 | — | 0.09 | Apr 1, 2009 | Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows… | |||
| CVE-2009-1219 | 0.04 | — | 0.09 | Apr 1, 2009 | Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid… | |||
| CVE-2009-1218 | 0.03 | — | 0.04 | Apr 1, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to… | |||
| CVE-2007-4475 | 0.06 | — | 0.40 | Apr 1, 2009 | Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method. | |||
| CVE-2009-1217 | 0.04 | — | 0.16 | Apr 1, 2009 | Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by… | |||
| CVE-2009-1216 | 0.02 | — | 0.24 | Apr 1, 2009 | Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before… | |||
| CVE-2008-4825 | 0.00 | — | 0.03 | Apr 1, 2009 | Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file. | |||
| CVE-2008-3871 | 0.00 | — | 0.03 | Apr 1, 2009 | Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file. | |||
| CVE-2009-1215 | 0.00 | — | 0.00 | Apr 1, 2009 | Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. | |||
| CVE-2009-1214 | 0.00 | — | 0.00 | Apr 1, 2009 | GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. | |||
| CVE-2009-1213 | 0.00 | — | 0.01 | Apr 1, 2009 | Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing. | |||
| CVE-2009-1212 | 0.03 | — | 0.06 | Apr 1, 2009 | Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods. | |||
| CVE-2009-1211 | 0.00 | — | 0.01 | Apr 1, 2009 | Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with… | |||
| CVE-2009-1210 | 0.04 | — | 0.15 | Apr 1, 2009 | Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party… | |||
| CVE-2009-1209 | — | 0.04 | — | 0.12 | Apr 1, 2009 | Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute. | ||
| CVE-2009-1208 | 0.00 | — | 0.02 | Apr 1, 2009 | SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings. | |||
| CVE-2009-1207 | 0.00 | — | 0.00 | Apr 1, 2009 | Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files. |
- CVE-2008-6587Apr 3, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter.
- CVE-2008-6586Apr 3, 2009risk 0.03cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the…
- CVE-2008-6585Apr 3, 2009risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
- CVE-2008-6584Apr 3, 2009risk 0.00cvss —epss 0.02
html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/…
- CVE-2008-6583Apr 3, 2009risk 0.04cvss —epss 0.07
Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file.
- CVE-2009-1238Apr 2, 2009risk 0.03cvss —epss 0.01
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads,…
- CVE-2009-1237Apr 2, 2009risk 0.03cvss —epss 0.01
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
- CVE-2009-1236Apr 2, 2009risk 0.04cvss —epss 0.08
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort…
- CVE-2009-1235Apr 2, 2009risk 0.03cvss —epss 0.01
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain…
- CVE-2009-1234Apr 2, 2009risk 0.04cvss —epss 0.07
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.
- CVE-2009-1233Apr 2, 2009risk 0.03cvss —epss 0.04
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.
- CVE-2009-1232Apr 2, 2009risk 0.03cvss —epss 0.05
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also…
- CVE-2009-1231Apr 2, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors.
- CVE-2009-1230Apr 2, 2009risk 0.03cvss —epss 0.02
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
- CVE-2009-1229Apr 2, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.
- CVE-2009-1228Apr 2, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter).
- CVE-2009-1227Apr 2, 2009risk 0.04cvss —epss 0.07
NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP…
- CVE-2009-1226Apr 2, 2009risk 0.03cvss —epss 0.02
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
- CVE-2009-1225Apr 2, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
- CVE-2009-1224Apr 2, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter.
- CVE-2009-1223Apr 2, 2009risk 0.00cvss —epss 0.01
aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.
- CVE-2009-1222Apr 2, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter.
- CVE-2008-6582Apr 2, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
- CVE-2008-6581Apr 2, 2009risk 0.03cvss —epss 0.03
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.
- CVE-2008-6580Apr 2, 2009risk 0.03cvss —epss 0.02
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.
- CVE-2003-1571Apr 2, 2009risk 0.03cvss —epss 0.03
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that…
- CVE-2008-6579Apr 1, 2009risk 0.00cvss —epss 0.01
Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."
- CVE-2008-6578Apr 1, 2009risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.
- CVE-2008-6577Apr 1, 2009risk 0.00cvss —epss 0.03
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.
- CVE-2008-6576Apr 1, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via…
- CVE-2008-6575Apr 1, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.
- CVE-2008-6574Apr 1, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.
- CVE-2008-6573Apr 1, 2009risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager…
- CVE-2009-1220Apr 1, 2009risk 0.04cvss —epss 0.09
Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows…
- CVE-2009-1219Apr 1, 2009risk 0.04cvss —epss 0.09
Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid…
- CVE-2009-1218Apr 1, 2009risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to…
- CVE-2007-4475Apr 1, 2009risk 0.06cvss —epss 0.40
Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.
- CVE-2009-1217Apr 1, 2009risk 0.04cvss —epss 0.16
Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by…
- CVE-2009-1216Apr 1, 2009risk 0.02cvss —epss 0.24
Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before…
- CVE-2008-4825Apr 1, 2009risk 0.00cvss —epss 0.03
Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.
- CVE-2008-3871Apr 1, 2009risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.
- CVE-2009-1215Apr 1, 2009risk 0.00cvss —epss 0.00
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
- CVE-2009-1214Apr 1, 2009risk 0.00cvss —epss 0.00
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
- CVE-2009-1213Apr 1, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.
- CVE-2009-1212Apr 1, 2009risk 0.03cvss —epss 0.06
Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods.
- CVE-2009-1211Apr 1, 2009risk 0.00cvss —epss 0.01
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with…
- CVE-2009-1210Apr 1, 2009risk 0.04cvss —epss 0.15
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party…
- CVE-2009-1209Apr 1, 2009risk 0.04cvss —epss 0.12
Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.
- CVE-2009-1208Apr 1, 2009risk 0.00cvss —epss 0.02
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
- CVE-2009-1207Apr 1, 2009risk 0.00cvss —epss 0.00
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.