Lista CVE - 2009 / Giugno
Visualizzazione 401 - 450 di 450 CVE per Giugno 2009 (Pagina 5 di 5)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2009-2212 | 2009-06-25 | The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors. |
| CVE-2009-2213 | 2009-06-25 | The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action... |
| CVE-2009-2214 | 2009-06-25 | The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. |
| CVE-2009-2216 | 2009-06-25 | Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request. |
| CVE-2009-2217 | 2009-06-25 | Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag. |
| CVE-2009-2218 | 2009-06-25 | Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1)... |
| CVE-2009-2219 | 2009-06-25 | Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c)... |
| CVE-2009-2215 | 2009-06-25 | Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components. |
| CVE-2009-2220 | 2009-06-26 | Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences... |
| CVE-2009-2223 | 2009-06-26 | Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file... |
| CVE-2009-2224 | 2009-06-26 | Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter. |
| CVE-2009-2225 | 2009-06-26 | Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial version allows user-assisted remote attackers to execute arbitrary code via a crafted (1) m3u or (2) pls playlist file. NOTE: the... |
| CVE-2009-2221 | 2009-06-26 | Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-2222 | 2009-06-26 | Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail. |
| CVE-2009-2226 | 2009-06-26 | Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-1394 | 2009-06-26 | Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe. |
| CVE-2009-1887 | 2009-06-26 | agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request... |
| CVE-2009-2227 | 2009-06-26 | Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810. |
| CVE-2009-2228 | 2009-06-26 | Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action. |
| CVE-2009-2229 | 2009-06-26 | Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action,... |
| CVE-2009-2230 | 2009-06-26 | SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter. |
| CVE-2009-2231 | 2009-06-26 | MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. |
| CVE-2009-2232 | 2009-06-26 | SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is... |
| CVE-2009-2233 | 2009-06-26 | The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. |
| CVE-2009-1628 | 2009-06-26 | Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet. |
| CVE-2008-6837 | 2009-06-27 | SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown;... |
| CVE-2008-6838 | 2009-06-27 | Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. NOTE: the provenance of this information is... |
| CVE-2008-6839 | 2009-06-27 | Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a)... |
| CVE-2009-2234 | 2009-06-27 | Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter... |
| CVE-2009-2235 | 2009-06-27 | SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-2236 | 2009-06-27 | SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third... |
| CVE-2009-2237 | 2009-06-27 | Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes... |
| CVE-2009-2238 | 2009-06-27 | Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via... |
| CVE-2009-2239 | 2009-06-27 | SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid... |
| CVE-2009-2241 | 2009-06-27 | Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. |
| CVE-2009-2242 | 2009-06-27 | SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter. |
| CVE-2009-2243 | 2009-06-27 | SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown;... |
| CVE-2008-6835 | 2009-06-27 | Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-6836 | 2009-06-27 | Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown... |
| CVE-2009-2240 | 2009-06-27 | Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-2254 | 2009-06-30 | Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action,... |
| CVE-2009-2255 | 2009-06-30 | Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter... |
| CVE-2009-2256 | 2009-06-30 | The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. |
| CVE-2009-2257 | 2009-06-30 | The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4)... |
| CVE-2009-2258 | 2009-06-30 | Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in... |
| CVE-2009-2261 | 2009-06-30 | PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and... |
| CVE-2009-2262 | 2009-06-30 | PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoserverdata parameter. NOTE: the installation instructions specify... |
| CVE-2009-2263 | 2009-06-30 | Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page... |
| CVE-2009-2260 | 2009-06-30 | stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network. |
| CVE-2008-6840 | 2009-07-01 | Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php,... |
| CVE-2008-6841 | 2009-07-01 | PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code... |
| CVE-2009-0689 | 2009-07-01 | Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems... |
| CVE-2009-1889 | 2009-07-01 | The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash)... |
| CVE-2009-2268 | 2009-07-01 | Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script... |
| CVE-2009-2269 | 2009-07-01 | SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. |
| CVE-2009-2270 | 2009-07-01 | Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this... |
| CVE-2009-2271 | 2009-07-01 | The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for... |
| CVE-2009-2272 | 2009-07-01 | The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by... |
| CVE-2009-2273 | 2009-07-01 | The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. |
| CVE-2009-2274 | 2009-07-01 | The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to... |
| CVE-2009-2275 | 2009-07-01 | Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter. |
| CVE-2009-2276 | 2009-07-01 | SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter. |
| CVE-2009-2283 | 2009-07-01 | Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to... |
| CVE-2009-2284 | 2009-07-01 | Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. |
| CVE-2009-2285 | 2009-07-01 | Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. |
| CVE-2009-2286 | 2009-07-01 | Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects... |
| CVE-2009-2287 | 2009-07-01 | The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows... |
| CVE-2009-2288 | 2009-07-01 | statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. |
| CVE-2009-2289 | 2009-07-01 | Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade Script 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the q parameter in a gamelist action. |
| CVE-2009-2290 | 2009-07-01 | SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1)... |
| CVE-2009-2292 | 2009-07-01 | Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-2293 | 2009-07-01 | Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter. |
| CVE-2009-2282 | 2009-07-01 | The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest... |
| CVE-2009-2291 | 2009-07-01 | Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access... |
| CVE-2008-6842 | 2009-07-02 | Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter. |
| CVE-2008-6843 | 2009-07-02 | Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter. |
| CVE-2008-6844 | 2009-07-02 | The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified... |
| CVE-2008-6845 | 2009-07-02 | The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file. |
| CVE-2008-6846 | 2009-07-02 | Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a... |
| CVE-2008-6847 | 2009-07-02 | Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| CVE-2009-1421 | 2009-07-02 | Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 on HP HP-UX B.11.31 allows local users to cause a denial of service via unknown attack vectors. |
| CVE-2009-2296 | 2009-07-02 | The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create,... |
| CVE-2009-2297 | 2009-07-02 | Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a... |
| CVE-2009-2299 | 2009-07-02 | The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a... |
| CVE-2009-2300 | 2009-07-02 | The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows... |
| CVE-2009-2301 | 2009-07-02 | The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc... |
| CVE-2009-2302 | 2009-07-02 | Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search... |
| CVE-2009-2303 | 2009-07-02 | index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals... |
| CVE-2009-2304 | 2009-07-02 | index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals... |
| CVE-2009-2305 | 2009-07-02 | The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences. |
| CVE-2009-2306 | 2009-07-02 | The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via... |
| CVE-2009-2307 | 2009-07-02 | SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords... |
| CVE-2009-2308 | 2009-07-02 | Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or... |
| CVE-2009-2309 | 2009-07-02 | SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter. |
| CVE-2009-2310 | 2009-07-02 | SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. |
| CVE-2009-2311 | 2009-07-02 | SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to... |
| CVE-2009-2312 | 2009-07-02 | SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges. |
| CVE-2009-2313 | 2009-07-02 | Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name... |
| CVE-2009-2298 | 2009-07-02 | Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI... |
| CVE-2007-6728 | 2009-07-05 | Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration. |