Lista CVE - 2009 / Agosto
Visualizzazione 1 - 100 di 527 CVE per Agosto 2009 (Pagina 1 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2008-6887 | 2009-08-03 | SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter. |
| CVE-2008-6888 | 2009-08-03 | Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter. |
| CVE-2008-6889 | 2009-08-03 | SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. |
| CVE-2008-6890 | 2009-08-03 | SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter. |
| CVE-2008-6891 | 2009-08-03 | Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp,... |
| CVE-2009-2404 | 2009-08-03 | Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote... |
| CVE-2009-2652 | 2009-08-03 | Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing... |
| CVE-2009-2653 | 2009-08-03 | The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a... |
| CVE-2009-2654 | 2009-08-03 | Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with... |
| CVE-2009-2655 | 2009-08-03 | mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with... |
| CVE-2008-6892 | 2009-08-03 | SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572. |
| CVE-2008-6893 | 2009-08-03 | Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. |
| CVE-2008-6894 | 2009-08-03 | Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName... |
| CVE-2008-6895 | 2009-08-03 | 3CX Phone System 6.0.806.0 allows remote attackers to cause a denial of service (unstable service or crash) via unspecified vectors, as demonstrated by vulnerability scans from Nessus or SAINT. |
| CVE-2008-6896 | 2009-08-03 | login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path. |
| CVE-2009-2204 | 2009-08-03 | Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message... |
| CVE-2009-2656 | 2009-08-03 | Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated... |
| CVE-2009-2198 | 2009-08-04 | Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. |
| CVE-2009-2470 | 2009-08-04 | Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. |
| CVE-2009-2658 | 2009-08-04 | Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request. |
| CVE-2009-2659 | 2009-08-04 | The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal... |
| CVE-2009-2660 | 2009-08-04 | Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to... |
| CVE-2009-2661 | 2009-08-04 | The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote... |
| CVE-2009-2662 | 2009-08-04 | The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors... |
| CVE-2009-2663 | 2009-08-04 | libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly... |
| CVE-2009-2664 | 2009-08-04 | The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly... |
| CVE-2009-2665 | 2009-08-04 | The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute... |
| CVE-2009-2657 | 2009-08-04 | nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2. |
| CVE-2009-2579 | 2009-08-05 | SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog... |
| CVE-2009-2667 | 2009-08-05 | Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability." |
| CVE-2009-2669 | 2009-08-05 | A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by... |
| CVE-2009-2670 | 2009-08-05 | The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to... |
| CVE-2009-2671 | 2009-08-05 | The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to... |
| CVE-2009-2672 | 2009-08-05 | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access... |
| CVE-2009-2673 | 2009-08-05 | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to... |
| CVE-2009-2674 | 2009-08-05 | Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code... |
| CVE-2009-2675 | 2009-08-05 | Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent... |
| CVE-2009-2676 | 2009-08-05 | Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier;... |
| CVE-2009-2687 | 2009-08-05 | The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields,... |
| CVE-2009-2688 | 2009-08-05 | Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate... |
| CVE-2009-2668 | 2009-08-05 | Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series... |
| CVE-2008-6897 | 2009-08-05 | Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) "a"... |
| CVE-2008-6898 | 2009-08-05 | Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary... |
| CVE-2008-6899 | 2009-08-05 | Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir,... |
| CVE-2008-6900 | 2009-08-06 | Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable... |
| CVE-2008-6901 | 2009-08-06 | Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..... |
| CVE-2008-6902 | 2009-08-06 | Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via... |
| CVE-2008-6903 | 2009-08-06 | Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for... |
| CVE-2008-6904 | 2009-08-06 | Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary... |
| CVE-2009-0151 | 2009-08-06 | The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications... |
| CVE-2009-1723 | 2009-08-06 | CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to... |
| CVE-2009-2412 | 2009-08-06 | Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service... |
| CVE-2009-2625 | 2009-08-06 | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and... |
| CVE-2009-1726 | 2009-08-06 | Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash)... |
| CVE-2009-1727 | 2009-08-06 | Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers... |
| CVE-2009-1728 | 2009-08-06 | Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code... |
| CVE-2009-2188 | 2009-08-06 | Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application... |
| CVE-2009-2190 | 2009-08-06 | launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. |
| CVE-2009-2191 | 2009-08-06 | Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash)... |
| CVE-2009-2192 | 2009-08-06 | MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe... |
| CVE-2009-2193 | 2009-08-06 | Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a... |
| CVE-2009-2194 | 2009-08-06 | Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing... |
| CVE-2008-6905 | 2009-08-06 | Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3)... |
| CVE-2008-6906 | 2009-08-06 | Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username. |
| CVE-2008-6907 | 2009-08-06 | Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password... |
| CVE-2008-6908 | 2009-08-06 | Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges. |
| CVE-2008-6909 | 2009-08-06 | Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that... |
| CVE-2008-6910 | 2009-08-06 | Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges... |
| CVE-2008-6911 | 2009-08-06 | SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to... |
| CVE-2008-6912 | 2009-08-07 | Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php. |
| CVE-2008-6913 | 2009-08-07 | Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in... |
| CVE-2008-6914 | 2009-08-07 | Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in... |
| CVE-2008-6915 | 2009-08-07 | Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter. |
| CVE-2008-6916 | 2009-08-07 | Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. |
| CVE-2008-6917 | 2009-08-07 | SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter). |
| CVE-2009-2666 | 2009-08-07 | socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle... |
| CVE-2009-2711 | 2009-08-07 | XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain... |
| CVE-2009-2712 | 2009-08-07 | Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading... |
| CVE-2009-2713 | 2009-08-07 | The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented... |
| CVE-2009-2714 | 2009-08-07 | Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors. |
| CVE-2009-2715 | 2009-08-07 | Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction. |
| CVE-2009-0668 | 2009-08-07 | Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving... |
| CVE-2009-0669 | 2009-08-07 | Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. |
| CVE-2009-2411 | 2009-08-07 | Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff... |
| CVE-2008-6918 | 2009-08-10 | Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a... |
| CVE-2008-6919 | 2009-08-10 | profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin." |
| CVE-2008-6920 | 2009-08-10 | Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing... |
| CVE-2008-6921 | 2009-08-10 | Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct... |
| CVE-2008-6922 | 2009-08-10 | Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox,... |
| CVE-2008-6923 | 2009-08-10 | SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. |
| CVE-2009-1896 | 2009-08-10 | The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the... |
| CVE-2009-2026 | 2009-08-10 | Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0... |
| CVE-2009-2415 | 2009-08-10 | Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows. |
| CVE-2009-2475 | 2009-08-10 | Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared... |
| CVE-2009-2476 | 2009-08-10 | The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access... |
| CVE-2009-2689 | 2009-08-10 | JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to... |
| CVE-2009-2690 | 2009-08-10 | The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via... |
| CVE-2008-6924 | 2009-08-10 | Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4)... |
| CVE-2008-6925 | 2009-08-10 | Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance... |
| CVE-2008-6926 | 2009-08-10 | Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show... |