CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12351 CVE-2009-2854 264 2009-08-18 2017-11-22
6.4
None Remote Low Not required Partial Partial None
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/.
12352 CVE-2009-2852 20 1 Exec Code 2009-08-18 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.
12353 CVE-2009-2839 399 DoS Exec Code Mem. Corr. 2009-11-10 2009-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
12354 CVE-2009-2838 189 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
12355 CVE-2009-2837 119 DoS Exec Code Overflow 2009-11-10 2017-09-18
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
12356 CVE-2009-2836 362 Bypass 2009-11-10 2009-11-17
6.2
Admin Local High Not required Complete Complete Complete
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.
12357 CVE-2009-2830 119 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.
12358 CVE-2009-2827 119 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.
12359 CVE-2009-2826 189 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
12360 CVE-2009-2824 119 Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
12361 CVE-2009-2822 264 Bypass 2010-04-05 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.
12362 CVE-2009-2816 352 CSRF 2009-11-13 2017-09-18
6.8
User Remote Medium Not required Partial Partial Partial
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
12363 CVE-2009-2813 264 Bypass 2009-09-14 2018-10-10
6.0
None Remote Medium Single system Partial Partial Partial
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
12364 CVE-2009-2812 Exec Code 2009-09-14 2012-10-22
6.8
None Remote Medium Not required Partial Partial Partial
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.
12365 CVE-2009-2811 94 Exec Code 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.
12366 CVE-2009-2810 Exec Code 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe" warning message.
12367 CVE-2009-2809 94 DoS Exec Code Mem. Corr. 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
12368 CVE-2009-2805 189 DoS Exec Code Overflow 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.
12369 CVE-2009-2804 189 DoS Exec Code Overflow 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
12370 CVE-2009-2803 399 DoS Exec Code Mem. Corr. 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
12371 CVE-2009-2801 264 Bypass 2010-03-30 2010-03-31
6.4
None Remote Low Not required None Partial Partial
The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."
12372 CVE-2009-2800 119 DoS Exec Code Overflow 2009-09-11 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
12373 CVE-2009-2787 22 2 Dir. Trav. 2009-08-17 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
12374 CVE-2009-2781 89 1 Exec Code Sql 2009-08-17 2017-09-18
6.0
User Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.
12375 CVE-2009-2769 94 1 Exec Code File Inclusion 2009-08-14 2017-09-18
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter.
12376 CVE-2009-2749 310 2009-12-08 2017-08-16
6.4
None Remote Low Not required None Partial Partial
Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value.
12377 CVE-2009-2746 352 CSRF 2009-11-16 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
12378 CVE-2009-2736 94 1 2009-08-11 2017-09-18
6.5
None Remote Low Single system Partial Partial Partial
Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action.
12379 CVE-2009-2735 89 1 Exec Code Sql 2009-08-11 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
12380 CVE-2009-2718 264 2009-08-10 2018-10-10
6.8
User Remote Medium Not required Partial Partial Partial
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.
12381 CVE-2009-2717 264 2009-08-10 2019-04-30
6.8
User Remote Medium Not required Partial Partial Partial
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.
12382 CVE-2009-2701 2009-09-08 2009-09-09
6.0
None Remote Medium Single system Partial Partial Partial
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
12383 CVE-2009-2697 287 Bypass 2009-09-04 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
12384 CVE-2009-2681 +Priv 2009-09-29 2009-09-30
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors.
12385 CVE-2009-2677 352 CSRF 2009-08-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
12386 CVE-2009-2676 2009-08-05 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.
12387 CVE-2009-2666 310 2009-08-07 2018-10-10
6.4
None Remote Low Not required Partial Partial None
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
12388 CVE-2009-2660 189 Exec Code Overflow 2009-08-04 2017-08-16
6.8
User Remote Medium Not required Partial Partial Partial
Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295.
12389 CVE-2009-2652 DoS 2009-08-03 2017-08-16
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets.
12390 CVE-2009-2641 94 1 Exec Code File Inclusion 2009-07-28 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
12391 CVE-2009-2631 264 XSS 2009-12-04 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design.
12392 CVE-2009-2626 +Info 2009-12-01 2018-10-30
6.4
None Remote Low Not required Partial None Partial
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
12393 CVE-2009-2624 20 DoS Exec Code 2010-01-29 2010-11-18
6.8
None Remote Medium Not required Partial Partial Partial
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.
12394 CVE-2009-2611 22 1 Dir. Trav. 2009-07-27 2017-09-18
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter.
12395 CVE-2009-2608 89 1 Exec Code Sql 2009-07-27 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
12396 CVE-2009-2605 89 1 Exec Code Sql 2009-07-27 2017-09-18
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
12397 CVE-2009-2598 89 1 Exec Code Sql 2009-07-27 2018-10-10
6.5
User Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
12398 CVE-2009-2583 20 2009-07-23 2009-08-04
6.8
User Remote Medium Not required Partial Partial Partial
Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.
12399 CVE-2009-2579 89 Exec Code Sql 2009-08-05 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
12400 CVE-2009-2574 264 1 2009-07-22 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.