Vulnerabilities (CVE)

Filter

128613 total CVE
CVE Vendors Products Updated CVSS
CVE-2009-4265 1 Pointdev 1 Ideal Administration 2009 2009-12-11 9.3
Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file.
CVE-2009-4264 2 Barnraiser, Aroundme 2 Aroundme, Aroundme 2009-12-11 6.8
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.
CVE-2009-4149 1 Ca 1 Service Desk 2009-12-10 4.3
Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
CVE-2009-4234 1 Micronet 1 Network Access Controller Sp1910 2009-12-09 4.3
Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2009-4233 1 Youjoomla 1 Yj Whois 2009-12-09 4.3
Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these...
CVE-2009-4232 1 Jonijnm 1 Com Kide 2009-12-09 5.0
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this...
CVE-2009-4231 1 Basic-cms 1 Sweetrice 2009-12-09 7.5
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
CVE-2009-4222 1 Smartisoft 1 Phpbazar 2009-12-08 7.5
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
CVE-2009-4217 1 Itamar Elharar 1 Com Musicgallery 2009-12-08 7.5
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of...
CVE-2009-4207 1 Nathan Haug 1 Webform 2009-12-08 4.3
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.
CVE-2009-4159 1 Ivan Kartolo 1 Direct Mail 2009-12-08 3.5
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML...
CVE-2009-4167 1 Lukas Taferner 1 It Basetag 2009-12-07 6.4
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.
CVE-2009-4163 1 Tw Productfinder 1 Tw Productfinder 2009-12-07 7.5
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4150 1 Ibm 2 Db2 Universal Database, Db2 2009-12-07 4.6
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.
CVE-2009-3304 1 Gforge 1 Gforge 2009-12-07 3.3
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php.
CVE-2009-4192 1 Interspire 1 Knowledge Manager 2009-12-04 5.0
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the...
CVE-2009-4190 1 Sun 1 Opensolaris 2009-12-04 7.8
Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of...
CVE-2009-4189 1 Hp 1 Operations Manager 2009-12-04 10.0
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager...
CVE-2009-4188 1 Hp 1 Operations Dashboard 2009-12-04 10.0
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the...
CVE-2009-4187 1 Sun 1 Java System Portal Server 2009-12-04 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.