Vulnerabilities (CVE)

Filter

124965 total CVE
CVE Vendors Products Updated CVSS
CVE-2009-0179 1 Igno Saitz 1 Libmikmod 2009-09-02 4.3
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.
CVE-2008-5102 1 Zope 1 Zope 2009-09-01 4.0
PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
CVE-2008-1485 1 Punbb 1 Punbb 2009-09-01 4.3
Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.
CVE-2009-3012 1 Mozilla 1 Firefox 2009-09-01 4.3
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1)...
CVE-2009-3004 1 Avant Force 1 Avant Browser 2009-08-31 4.3
Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web...
CVE-2009-3000 1 Sun 2 Opensolaris, Solaris 2009-08-31 7.1
The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic...
CVE-2009-2976 1 Cisco 2 Aironet Ap1100, Aironet Ap1200 2009-08-28 7.8
Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details,...
CVE-2009-2974 1 Google 1 Chrome 2009-08-28 5.0
Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service...
CVE-2009-2861 1 Cisco 2 Aironet Ap1100, Aironet Ap1200 2009-08-28 7.3
The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of...
CVE-2008-7121 1 Mrcgiguy 1 Hot Links Sql-php 2009-08-28 4.3
Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar.
CVE-2008-7120 1 Mrcgiguy 1 Hot Links Sql-php 2009-08-28 7.5
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
CVE-2005-4845 1 Sun 1 Java Plug-in 2009-08-28 5.0
The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the...
CVE-2009-2737 1 Toni Mueller 1 Roundup 2009-08-26 5.5
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to...
CVE-2009-1896 1 Sun 1 Openjdk 2009-08-26 10.0
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows...
CVE-2009-1877 1 Adobe 1 Coldfusion 2009-08-26 4.3
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.
CVE-2009-1876 1 Adobe 1 Coldfusion 2009-08-26 5.0
Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."
CVE-2009-1875 1 Adobe 1 Coldfusion 2009-08-26 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.
CVE-2008-4960 1 Dov Grobgeld 1 Impose%2b 2009-08-26 6.9
impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files.
CVE-2008-4954 1 Fumitoshi Ukai 1 Fml 2009-08-26 6.9
mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file.
CVE-2008-4948 1 Nostatic 1 Digitaldj 2009-08-26 6.9
fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ddj_fest.tmp temporary file.