Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.
Max CVSS
5.0
EPSS Score
2.10%
Published
2009-12-31
Updated
2010-01-04
Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.12%
Published
2009-12-31
Updated
2010-01-04
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.54%
Published
2009-12-31
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.
Max CVSS
3.5
EPSS Score
0.11%
Published
2009-12-31
Updated
2017-08-17
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
Max CVSS
5.0
EPSS Score
4.01%
Published
2009-12-31
Updated
2017-08-17
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI.
Max CVSS
5.0
EPSS Score
0.17%
Published
2009-12-31
Updated
2010-01-04
InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs.
Max CVSS
5.0
EPSS Score
11.46%
Published
2009-12-31
Updated
2017-08-17
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.36%
Published
2009-12-31
Updated
2017-08-17
The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser.
Max CVSS
4.6
EPSS Score
0.06%
Published
2009-12-31
Updated
2017-08-17
The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form.
Max CVSS
5.0
EPSS Score
0.35%
Published
2009-12-31
Updated
2010-01-04
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links.
Max CVSS
4.3
EPSS Score
0.29%
Published
2009-12-31
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
Max CVSS
4.3
EPSS Score
0.37%
Published
2009-12-31
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action.
Max CVSS
4.3
EPSS Score
0.20%
Published
2009-12-31
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.48%
Published
2009-12-31
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Max CVSS
4.3
EPSS Score
6.46%
Published
2009-12-31
Updated
2018-10-10
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
Max CVSS
5.0
EPSS Score
0.15%
Published
2009-12-31
Updated
2010-01-06
Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.33%
Published
2009-12-31
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node.
Max CVSS
4.3
EPSS Score
0.17%
Published
2009-12-31
Updated
2010-01-07
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content.
Max CVSS
6.8
EPSS Score
0.11%
Published
2009-12-31
Updated
2010-01-08
Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.20%
Published
2009-12-31
Updated
2010-01-08
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.26%
Published
2009-12-31
Updated
2010-01-08
Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.09%
Published
2009-12-31
Updated
2010-01-11
Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state.
Max CVSS
3.5
EPSS Score
0.12%
Published
2009-12-31
Updated
2017-08-17
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_id parameter.
Max CVSS
5.1
EPSS Score
2.20%
Published
2009-12-31
Updated
2017-08-17

CVE-2009-4502

Public exploit
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
Max CVSS
9.3
EPSS Score
91.33%
Published
2009-12-31
Updated
2010-01-01
440 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!