Lista CVE - 2009 / Aprile
Visualizzazione 401 - 500 di 567 CVE per Aprile 2009 (Pagina 5 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2008-6736 | 2009-04-21 | Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events... |
| CVE-2008-6737 | 2009-04-21 | Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis... |
| CVE-2008-6738 | 2009-04-21 | MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1. |
| CVE-2008-6739 | 2009-04-21 | Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. |
| CVE-2008-6740 | 2009-04-21 | PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter. |
| CVE-2008-6741 | 2009-04-21 | SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character... |
| CVE-2008-6742 | 2009-04-21 | Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value. |
| CVE-2006-7238 | 2009-04-21 | Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-1358 | 2009-04-21 | apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed... |
| CVE-2009-1336 | 2009-04-22 | fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial... |
| CVE-2009-1337 | 2009-04-22 | The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary... |
| CVE-2009-1338 | 2009-04-22 | The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the... |
| CVE-2009-1359 | 2009-04-22 | Unspecified vulnerability in the SCTP sockets implementation in Sun OpenSolaris snv_106 through snv_107 allows local users to cause a denial of service (panic) via unknown vectors. |
| CVE-2009-1360 | 2009-04-22 | The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer... |
| CVE-2009-0307 | 2009-04-22 | Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers... |
| CVE-2009-1302 | 2009-04-22 | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger... |
| CVE-2009-1303 | 2009-04-22 | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory... |
| CVE-2009-1304 | 2009-04-22 | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger... |
| CVE-2009-1305 | 2009-04-22 | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory... |
| CVE-2009-1306 | 2009-04-22 | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting... |
| CVE-2009-1307 | 2009-04-22 | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and... |
| CVE-2009-1308 | 2009-04-22 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote... |
| CVE-2009-1309 | 2009-04-22 | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an... |
| CVE-2009-1310 | 2009-04-22 | Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in... |
| CVE-2009-1311 | 2009-04-22 | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an... |
| CVE-2009-1312 | 2009-04-22 | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors... |
| CVE-2009-1362 | 2009-04-22 | SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details... |
| CVE-2009-1361 | 2009-04-22 | dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are... |
| CVE-2008-6743 | 2009-04-22 | RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2)... |
| CVE-2009-1366 | 2009-04-22 | Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal... |
| CVE-2009-1367 | 2009-04-22 | Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than... |
| CVE-2009-1368 | 2009-04-22 | Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same... |
| CVE-2009-1369 | 2009-04-22 | moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php,... |
| CVE-2009-1370 | 2009-04-22 | Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long... |
| CVE-2009-1371 | 2009-04-23 | The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding. |
| CVE-2009-1372 | 2009-04-23 | Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via... |
| CVE-2008-6744 | 2009-04-23 | Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via... |
| CVE-2008-6745 | 2009-04-23 | index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action. |
| CVE-2008-6746 | 2009-04-23 | Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name. |
| CVE-2008-6747 | 2009-04-23 | dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information. |
| CVE-2009-0146 | 2009-04-23 | Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via... |
| CVE-2009-0147 | 2009-04-23 | Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via... |
| CVE-2009-0163 | 2009-04-23 | Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via... |
| CVE-2009-0166 | 2009-04-23 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file... |
| CVE-2009-0195 | 2009-04-23 | Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary... |
| CVE-2009-0662 | 2009-04-23 | The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity... |
| CVE-2009-0664 | 2009-04-23 | Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in... |
| CVE-2009-0799 | 2009-04-23 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a... |
| CVE-2009-0800 | 2009-04-23 | Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code... |
| CVE-2009-1179 | 2009-04-23 | Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a... |
| CVE-2009-1180 | 2009-04-23 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file... |
| CVE-2009-1181 | 2009-04-23 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a... |
| CVE-2009-1182 | 2009-04-23 | Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code... |
| CVE-2009-1183 | 2009-04-23 | The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop... |
| CVE-2009-1191 | 2009-04-23 | mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with... |
| CVE-2009-1357 | 2009-04-23 | CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the... |
| CVE-2009-0165 | 2009-04-23 | Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." |
| CVE-2009-1187 | 2009-04-23 | Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to... |
| CVE-2009-1188 | 2009-04-23 | Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows... |
| CVE-2008-6748 | 2009-04-24 | Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI. |
| CVE-2008-6749 | 2009-04-24 | Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters. |
| CVE-2008-6750 | 2009-04-24 | Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct... |
| CVE-2008-6751 | 2009-04-24 | Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable... |
| CVE-2008-6752 | 2009-04-24 | adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and... |
| CVE-2009-1403 | 2009-04-24 | SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. |
| CVE-2009-1404 | 2009-04-24 | SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter. |
| CVE-2009-1405 | 2009-04-24 | Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set_lng... |
| CVE-2009-1406 | 2009-04-24 | Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter. |
| CVE-2009-1407 | 2009-04-24 | Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a certain languages[][file] parameter. |
| CVE-2009-1408 | 2009-04-24 | Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events... |
| CVE-2009-1409 | 2009-04-24 | SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the... |
| CVE-2009-1410 | 2009-04-24 | SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-1411 | 2009-04-24 | SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php. |
| CVE-2009-0063 | 2009-04-24 | Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-0064 | 2009-04-24 | Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of... |
| CVE-2009-0164 | 2009-04-24 | The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. |
| CVE-2009-0798 | 2009-04-24 | ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing... |
| CVE-2009-1192 | 2009-04-24 | The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to... |
| CVE-2009-1412 | 2009-04-24 | Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs... |
| CVE-2009-1413 | 2009-04-24 | Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of... |
| CVE-2009-1414 | 2009-04-24 | Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors. |
| CVE-2009-1433 | 2009-04-24 | SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter. |
| CVE-2008-6753 | 2009-04-27 | SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField. |
| CVE-2009-1189 | 2009-04-27 | The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key.... |
| CVE-2009-1435 | 2009-04-27 | NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE:... |
| CVE-2009-1436 | 2009-04-27 | The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain... |
| CVE-2009-1437 | 2009-04-27 | Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.... |
| CVE-2009-1438 | 2009-04-27 | Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file... |
| CVE-2009-1439 | 2009-04-27 | Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a... |
| CVE-2009-1440 | 2009-04-27 | Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename. |
| CVE-2008-6754 | 2009-04-27 | The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky. |
| CVE-2009-1444 | 2009-04-27 | PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter. |
| CVE-2009-1445 | 2009-04-27 | Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and... |
| CVE-2009-1446 | 2009-04-27 | Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it... |
| CVE-2009-1447 | 2009-04-27 | Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via... |
| CVE-2009-1443 | 2009-04-27 | Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors. |
| CVE-2008-6755 | 2009-04-27 | ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify... |
| CVE-2008-6756 | 2009-04-27 | ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. |
| CVE-2009-1190 | 2009-04-27 | Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2... |
| CVE-2009-1448 | 2009-04-27 | Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |