| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2009-2651 |
399 |
|
DoS |
2009-07-30 |
2009-08-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer. |
|
2 |
CVE-2009-2650 |
119 |
1
|
DoS Exec Code Overflow |
2009-07-30 |
2009-08-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file. |
|
3 |
CVE-2009-2649 |
264 |
|
DoS |
2009-07-30 |
2009-08-12 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value. |
|
4 |
CVE-2009-2648 |
264 |
1
|
+Info |
2009-07-30 |
2009-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function. |
|
5 |
CVE-2009-2647 |
|
|
|
2009-07-30 |
2009-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script." |
|
6 |
CVE-2009-2646 |
|
|
DoS Exec Code Mem. Corr. |
2009-07-30 |
2009-08-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219. |
|
7 |
CVE-2009-2644 |
362 |
|
DoS |
2009-07-29 |
2010-08-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds." |
|
8 |
CVE-2009-2643 |
|
|
DoS Exec Code Mem. Corr. |
2009-07-28 |
2009-07-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219. |
|
9 |
CVE-2009-2642 |
287 |
1
|
Bypass |
2009-07-28 |
2009-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13. |
|
10 |
CVE-2009-2641 |
94 |
1
|
Exec Code File Inclusion |
2009-07-28 |
2009-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. |
|
11 |
CVE-2009-2640 |
89 |
1
|
Exec Code Sql |
2009-07-28 |
2009-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action. |
|
12 |
CVE-2009-2639 |
89 |
1
|
Exec Code Sql |
2009-07-28 |
2009-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action. |
|
13 |
CVE-2009-2638 |
89 |
1
|
Exec Code Sql |
2009-07-28 |
2009-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php. |
|
14 |
CVE-2009-2637 |
94 |
1
|
Exec Code File Inclusion |
2009-07-28 |
2009-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
|
15 |
CVE-2009-2636 |
79 |
|
XSS |
2009-07-28 |
2009-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message. |
|
16 |
CVE-2009-2635 |
94 |
1
|
Exec Code File Inclusion |
2009-07-28 |
2009-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
|
17 |
CVE-2009-2634 |
94 |
1
|
Exec Code File Inclusion |
2009-07-28 |
2009-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
|
18 |
CVE-2009-2633 |
94 |
1
|
Exec Code File Inclusion |
2009-07-28 |
2009-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
|
19 |
CVE-2009-2622 |
20 |
|
DoS |
2009-07-28 |
2009-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. |
|
20 |
CVE-2009-2621 |
119 |
|
DoS Overflow |
2009-07-28 |
2009-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. |
|
21 |
CVE-2009-2620 |
20 |
1
|
DoS |
2009-07-29 |
2009-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference. |
|
22 |
CVE-2009-2619 |
89 |
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
23 |
CVE-2009-2618 |
89 |
1
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php. |
|
24 |
CVE-2009-2617 |
119 |
|
Exec Code Overflow |
2009-07-27 |
2009-07-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file. |
|
25 |
CVE-2009-2616 |
89 |
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
26 |
CVE-2009-2615 |
79 |
|
XSS |
2009-07-27 |
2009-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions SitePal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_admin_login.asp, (2) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
27 |
CVE-2009-2614 |
89 |
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
28 |
CVE-2009-2613 |
79 |
|
XSS |
2009-07-27 |
2009-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions LinkPal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_loginfailed.asp, (2) z_admin_login.asp, (3) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
29 |
CVE-2009-2612 |
89 |
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
30 |
CVE-2009-2611 |
22 |
1
|
Dir. Trav. |
2009-07-27 |
2009-07-27 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter. |
|
31 |
CVE-2009-2610 |
79 |
|
XSS |
2009-07-27 |
2009-07-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. |
|
32 |
CVE-2009-2609 |
89 |
1
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. |
|
33 |
CVE-2009-2608 |
89 |
1
|
Exec Code Sql |
2009-07-27 |
2009-07-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php and (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565. |
|
34 |
CVE-2009-2607 |
89 |
1
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php. |
|
35 |
CVE-2009-2606 |
264 |
1
|
|
2009-07-27 |
2009-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb. |
|
36 |
CVE-2009-2605 |
89 |
1
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php. |
|
37 |
CVE-2009-2604 |
89 |
1
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp. |
|
38 |
CVE-2009-2603 |
89 |
1
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters. |
|
39 |
CVE-2009-2602 |
264 |
1
|
|
2009-07-27 |
2009-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb. |
|
40 |
CVE-2009-2601 |
89 |
1
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php. |
|
41 |
CVE-2009-2600 |
22 |
1
|
Dir. Trav. |
2009-07-27 |
2009-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. |
|
42 |
CVE-2009-2599 |
89 |
1
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action. |
|
43 |
CVE-2009-2598 |
89 |
1
|
Exec Code Sql |
2009-07-27 |
2009-07-27 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php. |
|
44 |
CVE-2009-2597 |
|
|
DoS |
2009-07-27 |
2009-07-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request. |
|
45 |
CVE-2009-2596 |
|
|
DoS |
2009-07-27 |
2009-07-27 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members. |
|
46 |
CVE-2009-2595 |
79 |
|
XSS |
2009-07-24 |
2009-08-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action. |
|
47 |
CVE-2009-2594 |
79 |
1
|
XSS |
2009-07-24 |
2009-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action. |
|
48 |
CVE-2009-2593 |
89 |
1
|
Exec Code Sql |
2009-07-24 |
2009-07-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action. |
|
49 |
CVE-2009-2592 |
89 |
1
|
Exec Code Sql |
2009-07-24 |
2009-07-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter. |
|
50 |
CVE-2009-2591 |
89 |
1
|
Exec Code Sql |
2009-07-24 |
2009-07-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php. |
