| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-0294 | 0.03 | — | 0.02 | Jan 27, 2009 | Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5)… | |||
| CVE-2009-0293 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||
| CVE-2009-0292 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter. | |||
| CVE-2009-0291 | 0.04 | — | 0.07 | Jan 27, 2009 | Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter. | |||
| CVE-2009-0032 | 0.00 | — | 0.00 | Jan 27, 2009 | CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. | |||
| CVE-2009-0290 | 0.03 | — | 0.03 | Jan 27, 2009 | Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI… | |||
| CVE-2009-0289 | 0.00 | — | 0.02 | Jan 27, 2009 | k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request. | |||
| CVE-2009-0288 | 0.00 | — | 0.03 | Jan 27, 2009 | Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request. | |||
| CVE-2009-0287 | 0.00 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password. | |||
| CVE-2009-0286 | 0.03 | — | 0.06 | Jan 27, 2009 | Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter. | |||
| CVE-2009-0285 | 0.03 | — | 0.01 | Jan 27, 2009 | Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||
| CVE-2009-0284 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||
| CVE-2009-0283 | 0.03 | — | 0.01 | Jan 27, 2009 | Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||
| CVE-2009-0282 | 0.00 | — | 0.06 | Jan 27, 2009 | Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request… | |||
| CVE-2009-0281 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||
| CVE-2009-0280 | 0.03 | — | 0.03 | Jan 27, 2009 | Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. | |||
| CVE-2009-0279 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2009-0278 | 0.00 | — | 0.02 | Jan 27, 2009 | Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. | |||
| CVE-2009-0277 | 0.00 | — | 0.01 | Jan 27, 2009 | Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors. | |||
| CVE-2008-5981 | 0.03 | — | 0.02 | Jan 27, 2009 | PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. | |||
| CVE-2008-5980 | 0.03 | — | 0.03 | Jan 27, 2009 | Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. | |||
| CVE-2008-5979 | 0.03 | — | 0.02 | Jan 27, 2009 | Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter. | |||
| CVE-2008-5978 | 0.03 | — | 0.01 | Jan 27, 2009 | Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp. | |||
| CVE-2008-5977 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action. | |||
| CVE-2008-5976 | 0.03 | — | 0.01 | Jan 27, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field. | |||
| CVE-2008-5975 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-5974 | 0.03 | — | 0.01 | Jan 27, 2009 | Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields. | |||
| CVE-2008-5973 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||
| CVE-2008-5972 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2008-5971 | 0.03 | — | 0.01 | Jan 27, 2009 | Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2008-5970 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-5969 | 0.03 | — | 0.02 | Jan 27, 2009 | SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2009-0275 | 0.03 | — | 0.05 | Jan 26, 2009 | Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250.… | |||
| CVE-2008-5968 | 0.03 | — | 0.03 | Jan 26, 2009 | Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292. | |||
| CVE-2008-5967 | 0.03 | — | 0.03 | Jan 26, 2009 | admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. | |||
| CVE-2008-5966 | 0.03 | — | 0.02 | Jan 26, 2009 | globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter. | |||
| CVE-2008-5965 | 0.04 | — | 0.06 | Jan 26, 2009 | Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter. | |||
| CVE-2009-0271 | 0.00 | — | 0.02 | Jan 26, 2009 | Directory traversal vulnerability in the TFTP service in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors. | |||
| CVE-2009-0270 | 0.00 | — | 0.06 | Jan 26, 2009 | Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet. | |||
| CVE-2009-0269 | 0.00 | — | 0.01 | Jan 26, 2009 | fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return… | |||
| CVE-2009-0268 | 0.00 | — | 0.00 | Jan 26, 2009 | Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl. | |||
| CVE-2009-0267 | 0.00 | — | 0.03 | Jan 26, 2009 | libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989. | |||
| CVE-2009-0266 | 0.03 | — | 0.04 | Jan 26, 2009 | Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2009-0265 | Hig | 0.49 | 7.5 | 0.02 | Jan 26, 2009 | Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to… | ||
| CVE-2009-0264 | 0.00 | — | 0.02 | Jan 26, 2009 | Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors. | |||
| CVE-2008-5260 | 0.00 | — | 0.06 | Jan 26, 2009 | Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value. | |||
| CVE-2009-0263 | 0.04 | — | 0.17 | Jan 23, 2009 | Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file. | |||
| CVE-2009-0262 | 0.03 | — | 0.06 | Jan 23, 2009 | Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-0261 | 0.04 | — | 0.13 | Jan 23, 2009 | Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\DefaultSkin\DefaultSkin.ini file with a large ColumnHeaderSpan value. | |||
| CVE-2009-0260 | 0.03 | — | 0.05 | Jan 23, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter… |
- CVE-2009-0294Jan 27, 2009risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5)…
- CVE-2009-0293Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
- CVE-2009-0292Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.
- CVE-2009-0291Jan 27, 2009risk 0.04cvss —epss 0.07
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
- CVE-2009-0032Jan 27, 2009risk 0.00cvss —epss 0.00
CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.
- CVE-2009-0290Jan 27, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI…
- CVE-2009-0289Jan 27, 2009risk 0.00cvss —epss 0.02
k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request.
- CVE-2009-0288Jan 27, 2009risk 0.00cvss —epss 0.03
Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request.
- CVE-2009-0287Jan 27, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.
- CVE-2009-0286Jan 27, 2009risk 0.03cvss —epss 0.06
Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.
- CVE-2009-0285Jan 27, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.
- CVE-2009-0284Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
- CVE-2009-0283Jan 27, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.
- CVE-2009-0282Jan 27, 2009risk 0.00cvss —epss 0.06
Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request…
- CVE-2009-0281Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
- CVE-2009-0280Jan 27, 2009risk 0.03cvss —epss 0.03
Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.
- CVE-2009-0279Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2009-0278Jan 27, 2009risk 0.00cvss —epss 0.02
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.
- CVE-2009-0277Jan 27, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors.
- CVE-2008-5981Jan 27, 2009risk 0.03cvss —epss 0.02
PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb.
- CVE-2008-5980Jan 27, 2009risk 0.03cvss —epss 0.03
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
- CVE-2008-5979Jan 27, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.
- CVE-2008-5978Jan 27, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
- CVE-2008-5977Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action.
- CVE-2008-5976Jan 27, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field.
- CVE-2008-5975Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-5974Jan 27, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
- CVE-2008-5973Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
- CVE-2008-5972Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2008-5971Jan 27, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.
- CVE-2008-5970Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5969Jan 27, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2009-0275Jan 26, 2009risk 0.03cvss —epss 0.05
Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250.…
- CVE-2008-5968Jan 26, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.
- CVE-2008-5967Jan 26, 2009risk 0.03cvss —epss 0.03
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
- CVE-2008-5966Jan 26, 2009risk 0.03cvss —epss 0.02
globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.
- CVE-2008-5965Jan 26, 2009risk 0.04cvss —epss 0.06
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter.
- CVE-2009-0271Jan 26, 2009risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the TFTP service in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
- CVE-2009-0270Jan 26, 2009risk 0.00cvss —epss 0.06
Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.
- CVE-2009-0269Jan 26, 2009risk 0.00cvss —epss 0.01
fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return…
- CVE-2009-0268Jan 26, 2009risk 0.00cvss —epss 0.00
Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.
- CVE-2009-0267Jan 26, 2009risk 0.00cvss —epss 0.03
libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989.
- CVE-2009-0266Jan 26, 2009risk 0.03cvss —epss 0.04
Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- risk 0.49cvss 7.5epss 0.02
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to…
- CVE-2009-0264Jan 26, 2009risk 0.00cvss —epss 0.02
Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors.
- CVE-2008-5260Jan 26, 2009risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value.
- CVE-2009-0263Jan 23, 2009risk 0.04cvss —epss 0.17
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
- CVE-2009-0262Jan 23, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
- CVE-2009-0261Jan 23, 2009risk 0.04cvss —epss 0.13
Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\DefaultSkin\DefaultSkin.ini file with a large ColumnHeaderSpan value.
- CVE-2009-0260Jan 23, 2009risk 0.03cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter…