Lista CVE - 2009 / Maggio
Visualizzazione 201 - 300 di 364 CVE per Maggio 2009 (Pagina 3 di 4)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2009-1639 | 2009-05-15 | Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Novell 4.03 allows user-assisted attackers to execute arbitrary code via a crafted .NKNT file. |
| CVE-2009-1649 | 2009-05-16 | Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter. |
| CVE-2009-1650 | 2009-05-16 | Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html. |
| CVE-2009-1651 | 2009-05-16 | SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. |
| CVE-2009-1652 | 2009-05-16 | admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request. |
| CVE-2009-1653 | 2009-05-16 | Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the script parameter. |
| CVE-2009-1654 | 2009-05-16 | Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. |
| CVE-2009-1655 | 2009-05-16 | Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and... |
| CVE-2009-1656 | 2009-05-16 | Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary... |
| CVE-2008-6809 | 2009-05-17 | SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter. |
| CVE-2008-6810 | 2009-05-17 | Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and... |
| CVE-2008-6811 | 2009-05-17 | Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension,... |
| CVE-2009-1657 | 2009-05-17 | Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-1658 | 2009-05-17 | Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters.... |
| CVE-2009-1659 | 2009-05-17 | Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted... |
| CVE-2009-1660 | 2009-05-17 | Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file entry in... |
| CVE-2009-1661 | 2009-05-17 | SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. |
| CVE-2009-1662 | 2009-05-17 | Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as... |
| CVE-2009-1663 | 2009-05-17 | Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing... |
| CVE-2009-1664 | 2009-05-17 | myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain... |
| CVE-2009-1665 | 2009-05-17 | myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields. |
| CVE-2009-1667 | 2009-05-18 | Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137. |
| CVE-2009-1668 | 2009-05-18 | TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of service (CPU consumption) by sending an ABOR (abort) command without an active file transfer. |
| CVE-2009-1669 | 2009-05-18 | The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these... |
| CVE-2009-1670 | 2009-05-18 | user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party... |
| CVE-2009-1671 | 2009-05-18 | Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code... |
| CVE-2009-1672 | 2009-05-18 | The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp... |
| CVE-2009-1673 | 2009-05-18 | The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD. |
| CVE-2009-1674 | 2009-05-18 | Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly... |
| CVE-2009-1675 | 2009-05-18 | Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command. |
| CVE-2009-1677 | 2009-05-18 | Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing... |
| CVE-2009-1678 | 2009-05-18 | Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the... |
| CVE-2009-0721 | 2009-05-18 | Unspecified vulnerability in Easy Login in the Sender module in HP Remote Graphics Software (RGS) 4.0.0 through 5.2.4 allows remote attackers to execute arbitrary code via unknown vectors. |
| CVE-2009-1666 | 2009-05-18 | Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite 2.50.3.0 allow remote attackers to execute arbitrary code via the ReturnConnection method in (1) CM_ADOConnection.dll, (2) CM_AddressInfoDBC.dll, and (3) CM_RecordingLocationDBC.dll, related to improper dereferencing.... |
| CVE-2009-1252 | 2009-05-19 | Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute... |
| CVE-2009-1377 | 2009-05-19 | The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch"... |
| CVE-2009-1378 | 2009-05-19 | Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records... |
| CVE-2009-1379 | 2009-05-19 | Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other... |
| CVE-2009-1418 | 2009-05-19 | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-1730 | 2009-05-20 | Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT... |
| CVE-2009-1731 | 2009-05-20 | SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie. |
| CVE-2009-1732 | 2009-05-20 | Cross-site scripting (XSS) vulnerability in admin/usermanager in IPplan 4.91a allows remote attackers to inject arbitrary web script or HTML via the grp parameter. |
| CVE-2009-1733 | 2009-05-20 | Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that (1) change the password, (2) add users, or (3) delete... |
| CVE-2009-1734 | 2009-05-20 | SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| CVE-2009-1735 | 2009-05-20 | Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from... |
| CVE-2009-1736 | 2009-05-20 | SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to... |
| CVE-2009-1737 | 2009-05-20 | Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter. |
| CVE-2009-1738 | 2009-05-20 | Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via... |
| CVE-2009-1739 | 2009-05-20 | PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username. |
| CVE-2009-1740 | 2009-05-20 | Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ActiveX Control (csviewer.ocx) 2.11.918.2006 allow remote attackers to execute arbitrary code via a long argument to the (1) SetFilePath and (2)... |
| CVE-2009-1741 | 2009-05-20 | Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. |
| CVE-2009-1742 | 2009-05-20 | code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in... |
| CVE-2009-1743 | 2009-05-21 | Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a... |
| CVE-2009-1744 | 2009-05-21 | InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood... |
| CVE-2009-1161 | 2009-05-21 | Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment... |
| CVE-2009-1593 | 2009-05-21 | Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a... |
| CVE-2009-1594 | 2009-05-21 | Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A... |
| CVE-2009-1729 | 2009-05-21 | Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the... |
| CVE-2009-0897 | 2009-05-21 | IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and... |
| CVE-2009-1745 | 2009-05-21 | Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote... |
| CVE-2009-1746 | 2009-05-21 | SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
| CVE-2008-6812 | 2009-05-21 | SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter. |
| CVE-2008-6813 | 2009-05-21 | SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter. |
| CVE-2009-1747 | 2009-05-21 | SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action. |
| CVE-2009-1748 | 2009-05-21 | Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form... |
| CVE-2009-1749 | 2009-05-21 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters. |
| CVE-2009-1750 | 2009-05-21 | Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. |
| CVE-2009-1751 | 2009-05-21 | SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-1752 | 2009-05-21 | exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these... |
| CVE-2009-1753 | 2009-05-21 | Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file." |
| CVE-2009-1756 | 2009-05-22 | SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to... |
| CVE-2009-1758 | 2009-05-22 | The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service... |
| CVE-2009-1759 | 2009-05-22 | Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash)... |
| CVE-2009-1755 | 2009-05-22 | Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly... |
| CVE-2009-1757 | 2009-05-22 | Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| CVE-2009-1635 | 2009-05-22 | Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or... |
| CVE-2009-1762 | 2009-05-22 | Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via... |
| CVE-2009-1763 | 2009-05-22 | Unspecified vulnerability in the Solaris Secure Digital slot driver (aka sdhost) in Sun OpenSolaris snv_105 through snv_108 on the x86 platform allows local users to gain privileges or cause a... |
| CVE-2009-1764 | 2009-05-22 | SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action. |
| CVE-2009-1765 | 2009-05-22 | Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter... |
| CVE-2009-1766 | 2009-05-22 | SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-1767 | 2009-05-22 | admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or... |
| CVE-2009-1768 | 2009-05-22 | Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| CVE-2009-1769 | 2009-05-22 | The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers... |
| CVE-2009-1770 | 2009-05-22 | Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. |
| CVE-2009-1771 | 2009-05-22 | index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email],... |
| CVE-2009-1774 | 2009-05-22 | Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE:... |
| CVE-2009-1772 | 2009-05-22 | Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script. |
| CVE-2009-1773 | 2009-05-22 | activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message. |
| CVE-2009-1381 | 2009-05-22 | The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in... |
| CVE-2009-1776 | 2009-05-22 | Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the... |
| CVE-2009-1777 | 2009-05-22 | CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect... |
| CVE-2009-1778 | 2009-05-22 | SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2009-1779 | 2009-05-22 | PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter. |
| CVE-2009-1780 | 2009-05-22 | admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and... |
| CVE-2009-1781 | 2009-05-22 | Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter. |
| CVE-2009-1782 | 2009-05-22 | Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security... |
| CVE-2009-1783 | 2009-05-22 | Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for... |
| CVE-2009-1784 | 2009-05-22 | The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others... |
| CVE-2009-1775 | 2009-05-22 | Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php,... |