| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6464 | 0.03 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-6463 | 0.00 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6462 | 0.00 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6461 | 0.00 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6460 | 0.00 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6459 | 0.00 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6458 | 0.00 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6457 | 0.00 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6456 | 0.00 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6455 | 0.00 | — | 0.01 | Mar 13, 2009 | Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-6454 | 0.03 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action. | |||
| CVE-2008-6453 | 0.03 | — | 0.02 | Mar 13, 2009 | Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | |||
| CVE-2008-6452 | 0.03 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-6451 | 0.03 | — | 0.01 | Mar 13, 2009 | SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509. | |||
| CVE-2009-0887 | 0.00 | — | 0.02 | Mar 12, 2009 | Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to… | |||
| CVE-2009-0886 | 0.04 | — | 0.07 | Mar 12, 2009 | Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter. | |||
| CVE-2009-0885 | 0.04 | — | 0.09 | Mar 12, 2009 | Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file. | |||
| CVE-2009-0884 | 0.00 | — | 0.03 | Mar 12, 2009 | Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets. | |||
| CVE-2009-0883 | 0.03 | — | 0.01 | Mar 12, 2009 | SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter. | |||
| CVE-2009-0882 | 0.03 | — | 0.01 | Mar 12, 2009 | Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php. | |||
| CVE-2009-0881 | 0.03 | — | 0.01 | Mar 12, 2009 | SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2009-0880 | 0.06 | — | 0.32 | Mar 12, 2009 | Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. | |||
| CVE-2009-0879 | 0.04 | — | 0.08 | Mar 12, 2009 | The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | |||
| CVE-2009-0878 | 0.00 | — | 0.02 | Mar 12, 2009 | The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height. | |||
| CVE-2009-0877 | 0.00 | — | 0.02 | Mar 12, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field. | |||
| CVE-2009-0876 | 0.03 | — | 0.01 | Mar 12, 2009 | Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN. | |||
| CVE-2009-0875 | 0.00 | — | 0.00 | Mar 12, 2009 | Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time… | |||
| CVE-2009-0874 | 0.00 | — | 0.00 | Mar 12, 2009 | Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors… | |||
| CVE-2009-0778 | 0.00 | — | 0.05 | Mar 12, 2009 | The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable… | |||
| CVE-2009-0632 | 0.00 | — | 0.03 | Mar 12, 2009 | The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged… | |||
| CVE-2009-0366 | 0.00 | — | 0.02 | Mar 12, 2009 | The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document. | |||
| CVE-2009-0873 | 0.00 | — | 0.02 | Mar 11, 2009 | The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a… | |||
| CVE-2009-0872 | 0.00 | — | 0.02 | Mar 11, 2009 | The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as… | |||
| CVE-2009-0871 | 0.00 | — | 0.03 | Mar 11, 2009 | The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP… | |||
| CVE-2009-0854 | 0.00 | — | 0.00 | Mar 11, 2009 | Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. | |||
| CVE-2009-0848 | 0.00 | — | 0.00 | Mar 11, 2009 | Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path." | |||
| CVE-2009-0713 | 0.00 | — | 0.02 | Mar 11, 2009 | Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2009-0712 | 0.00 | — | 0.00 | Mar 11, 2009 | Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors. | |||
| CVE-2009-0660 | 0.00 | — | 0.02 | Mar 11, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487. | |||
| CVE-2009-0234 | 0.03 | — | 0.34 | Mar 11, 2009 | The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by… | |||
| CVE-2009-0233 | 0.02 | — | 0.27 | Mar 11, 2009 | The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote… | |||
| CVE-2009-0094 | 0.02 | — | 0.23 | Mar 11, 2009 | The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel… | |||
| CVE-2009-0093 | 0.01 | — | 0.17 | Mar 11, 2009 | Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and… | |||
| CVE-2008-4563 | 0.02 | — | 0.29 | Mar 11, 2009 | Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute… | |||
| CVE-2008-3547 | 0.00 | — | 0.05 | Mar 10, 2009 | Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients." | |||
| CVE-2009-0870 | 0.00 | — | 0.00 | Mar 10, 2009 | The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function. | |||
| CVE-2009-0869 | 0.01 | — | 0.06 | Mar 10, 2009 | Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via… | |||
| CVE-2009-0837 | 0.09 | — | 0.76 | Mar 10, 2009 | Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file"… | |||
| CVE-2009-0836 | 0.06 | — | 0.41 | Mar 10, 2009 | Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via… | |||
| CVE-2009-0191 | 0.00 | — | 0.05 | Mar 10, 2009 | Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of… |
- CVE-2008-6464Mar 13, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-6463Mar 13, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6462Mar 13, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6461Mar 13, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6460Mar 13, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6459Mar 13, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6458Mar 13, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6457Mar 13, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6456Mar 13, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6455Mar 13, 2009risk 0.00cvss —epss 0.01
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-6454Mar 13, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action.
- CVE-2008-6453Mar 13, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
- CVE-2008-6452Mar 13, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-6451Mar 13, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.
- CVE-2009-0887Mar 12, 2009risk 0.00cvss —epss 0.02
Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to…
- CVE-2009-0886Mar 12, 2009risk 0.04cvss —epss 0.07
Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter.
- CVE-2009-0885Mar 12, 2009risk 0.04cvss —epss 0.09
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.
- CVE-2009-0884Mar 12, 2009risk 0.00cvss —epss 0.03
Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets.
- CVE-2009-0883Mar 12, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.
- CVE-2009-0882Mar 12, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php.
- CVE-2009-0881Mar 12, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2009-0880Mar 12, 2009risk 0.06cvss —epss 0.32
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
- CVE-2009-0879Mar 12, 2009risk 0.04cvss —epss 0.08
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
- CVE-2009-0878Mar 12, 2009risk 0.00cvss —epss 0.02
The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.
- CVE-2009-0877Mar 12, 2009risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.
- CVE-2009-0876Mar 12, 2009risk 0.03cvss —epss 0.01
Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
- CVE-2009-0875Mar 12, 2009risk 0.00cvss —epss 0.00
Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time…
- CVE-2009-0874Mar 12, 2009risk 0.00cvss —epss 0.00
Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors…
- CVE-2009-0778Mar 12, 2009risk 0.00cvss —epss 0.05
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable…
- CVE-2009-0632Mar 12, 2009risk 0.00cvss —epss 0.03
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged…
- CVE-2009-0366Mar 12, 2009risk 0.00cvss —epss 0.02
The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.
- CVE-2009-0873Mar 11, 2009risk 0.00cvss —epss 0.02
The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a…
- CVE-2009-0872Mar 11, 2009risk 0.00cvss —epss 0.02
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as…
- CVE-2009-0871Mar 11, 2009risk 0.00cvss —epss 0.03
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP…
- CVE-2009-0854Mar 11, 2009risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.
- CVE-2009-0848Mar 11, 2009risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."
- CVE-2009-0713Mar 11, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors.
- CVE-2009-0712Mar 11, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors.
- CVE-2009-0660Mar 11, 2009risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.
- CVE-2009-0234Mar 11, 2009risk 0.03cvss —epss 0.34
The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by…
- CVE-2009-0233Mar 11, 2009risk 0.02cvss —epss 0.27
The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote…
- CVE-2009-0094Mar 11, 2009risk 0.02cvss —epss 0.23
The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel…
- CVE-2009-0093Mar 11, 2009risk 0.01cvss —epss 0.17
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and…
- CVE-2008-4563Mar 11, 2009risk 0.02cvss —epss 0.29
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute…
- CVE-2008-3547Mar 10, 2009risk 0.00cvss —epss 0.05
Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients."
- CVE-2009-0870Mar 10, 2009risk 0.00cvss —epss 0.00
The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function.
- CVE-2009-0869Mar 10, 2009risk 0.01cvss —epss 0.06
Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…
- CVE-2009-0837Mar 10, 2009risk 0.09cvss —epss 0.76
Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file"…
- CVE-2009-0836Mar 10, 2009risk 0.06cvss —epss 0.41
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via…
- CVE-2009-0191Mar 10, 2009risk 0.00cvss —epss 0.05
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of…