Vulnerabilities (CVE)

Total 178820 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2282 1 Sun 2 Opensolaris, Solaris 2009-07-01 4.6 MEDIUM N/A
The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors.
CVE-2009-2291 2 Chad Phillips, Drupal 2 Logintoboggan, Drupal 2009-07-01 6.8 MEDIUM N/A
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.
CVE-2009-2186 1 Adobe 1 Shockwave Player 2009-07-01 9.3 HIGH N/A
Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465."
CVE-2009-1775 1 Ulteo 1 Open Virtual Desktop 2009-06-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php; (6) show parameter to admin/logs.php; and (7) mode parameter to admin/configuration-partial.php. NOTE: some of these details are obtained from third party information.
CVE-2009-2240 1 Ad2000 1 Free-sw Leger 2009-06-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6819 1 Microsoft 2 Windows 2003 Server, Windows Vista 2009-06-29 4.7 MEDIUM N/A
win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
CVE-2008-6835 2 Drupal, Peter Wolanin 2 Drupal, Openid 2009-06-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6836 2 Drupal, Peter Wolanin 2 Drupal, Openid 2009-06-29 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.
CVE-2009-1628 2 Microsoft, Unisys 2 Windows, Business Information Server 2009-06-29 10.0 HIGH N/A
Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVE-2009-1849 1 Paessler 2 Prtg Traffic Grapher, Prtg Traffic Grapher6.0.5.416 2009-06-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2076 1 Drupal 2 Drupal, Views 2009-06-29 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.
CVE-2009-0691 1 Foxitsoftware 2 Foxit Reader, Jpeg2000 Jbig2 Decoder Add-on 2009-06-26 9.3 HIGH N/A
The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.
CVE-2009-2165 1 Serendipitynz 1 Serene Bach 2009-06-26 7.5 HIGH N/A
SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
CVE-2009-2215 1 Urdland 1 Urd 2009-06-26 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components.
CVE-2004-2181 1 Wowbb 1 Wowbb Web Forum 2009-06-25 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
CVE-2009-0653 1 Openssl 1 Openssl 2009-06-25 7.5 HIGH N/A
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
CVE-2009-2132 1 4homepages 1 4images 2009-06-25 6.8 MEDIUM N/A
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
CVE-2009-2146 1 Sugarcrm 1 Sugarcrm 2009-06-25 6.0 MEDIUM N/A
Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name.
CVE-2009-2187 1 Sun 2 Opensolaris, Solaris 2009-06-25 4.9 MEDIUM N/A
Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages.
CVE-2009-2174 1 Gupnp 1 Gupnp 2009-06-24 5.0 MEDIUM N/A
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.