Vulnerabilities (CVE)

Filter

124965 total CVE
CVE Vendors Products Updated CVSS
CVE-2008-4947 1 Guus Sliepen 1 Dhis-server 2009-08-26 6.9
dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file.
CVE-2009-1878 1 Adobe 1 Coldfusion 2009-08-26 5.8
Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2008-0749 1 Calimero.cms 1 Calimero.cms 2009-08-25 4.3
Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action.
CVE-2009-2959 1 Buildbot 1 Buildbot 2009-08-25 4.3
Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-7050 1 Wowraidmanager 1 Wowraidmanager 2009-08-24 7.5
The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication...
CVE-2008-7046 1 Ajsquare 1 Free Polling Script 2009-08-24 6.4
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is...
CVE-2009-2856 1 Sun 1 Virtual Desktop Infrastructure 2009-08-21 3.5
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI...
CVE-2009-2962 2009-08-21 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2692. Reason: This candidate is a duplicate of CVE-2009-2692. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2009-2692 instead of this...
CVE-2009-2915 1 2fly 1 Gift Delivery System 2009-08-21 7.5
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
CVE-2009-2913 1 Xzeroscripts 1 Xzero Community Classifieds 2009-08-21 4.3
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2009-2882 1 Datingpro 1 Matchmaking 2009-08-21 4.3
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php,...
CVE-2009-2860 1 Ibm 1 Db2 2009-08-21 5.0
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
CVE-2009-2858 1 Ibm 1 Db2 2009-08-21 5.0
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.
CVE-2009-2850 1 Nasa Goddard Space Flight Center 1 Common Data Format 2009-08-21 9.3
Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, and other errors in the (2)...
CVE-2009-2424 1 Clone2009 1 Ebay Clone 2009-08-21 4.3
Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
CVE-2009-2226 1 Php.s3 1 Tree Bbs 2009-08-21 4.3
Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2144 2 Edgewall, Firestats 2 Firestats, Firestats 2009-08-21 7.5
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2056 1 Cisco 1 Ios Xr 2009-08-21 3.3
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
CVE-2009-2055 1 Cisco 1 Ios Xr 2009-08-21 4.3
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
CVE-2009-1154 1 Cisco 1 Ios Xr 2009-08-21 3.3
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.