# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
77201 |
CVE-2009-1875 |
79 |
|
XSS |
2009-08-18 |
2009-08-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877. |
77202 |
CVE-2009-1874 |
79 |
|
XSS |
2009-08-18 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
77203 |
CVE-2009-1873 |
22 |
|
Dir. Trav. |
2009-08-18 |
2018-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter. |
77204 |
CVE-2009-1872 |
79 |
|
XSS |
2009-08-18 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. |
77205 |
CVE-2009-1870 |
200 |
|
+Info |
2009-07-31 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." |
77206 |
CVE-2009-1869 |
189 |
|
DoS Exec Code Overflow |
2009-07-31 |
2018-10-10 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer. |
77207 |
CVE-2009-1868 |
119 |
|
DoS Exec Code Overflow |
2009-07-31 |
2017-09-28 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing. |
77208 |
CVE-2009-1867 |
59 |
|
|
2009-07-31 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." |
77209 |
CVE-2009-1866 |
119 |
|
DoS Exec Code Overflow |
2009-07-31 |
2017-09-28 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. |
77210 |
CVE-2009-1865 |
|
|
DoS Exec Code |
2009-07-31 |
2017-09-28 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability." |
77211 |
CVE-2009-1864 |
119 |
|
DoS Exec Code Overflow |
2009-07-31 |
2017-09-28 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. |
77212 |
CVE-2009-1863 |
264 |
|
DoS Exec Code |
2009-07-31 |
2017-09-28 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." |
77213 |
CVE-2009-1862 |
94 |
|
DoS Exec Code Mem. Corr. |
2009-07-23 |
2009-09-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009. |
77214 |
CVE-2009-1861 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2009-06-11 |
2010-05-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption. |
77215 |
CVE-2009-1860 |
|
|
Exec Code |
2009-06-24 |
2009-07-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content. |
77216 |
CVE-2009-1859 |
399 |
|
Exec Code Mem. Corr. |
2009-06-11 |
2010-05-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. |
77217 |
CVE-2009-1858 |
399 |
|
Exec Code Mem. Corr. |
2009-06-11 |
2017-08-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. |
77218 |
CVE-2009-1857 |
399 |
|
DoS Exec Code Mem. Corr. |
2009-06-11 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font. |
77219 |
CVE-2009-1856 |
189 |
|
DoS Exec Code Overflow |
2009-06-11 |
2017-08-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file containing unspecified parameters to the FlateDecode filter, which triggers a heap-based buffer overflow. |
77220 |
CVE-2009-1855 |
119 |
|
Exec Code Overflow |
2009-06-11 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block. |
77221 |
CVE-2009-1854 |
287 |
|
Bypass |
2009-06-01 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1. |
77222 |
CVE-2009-1853 |
89 |
|
Exec Code Sql |
2009-06-01 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in index.php in Kensei Board 2.0 BETA (aka 2.0.0b) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) f and (2) t parameters in a showforum action. |
77223 |
CVE-2009-1852 |
89 |
|
Exec Code Sql |
2009-06-01 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. |
77224 |
CVE-2009-1851 |
89 |
|
Exec Code Sql |
2009-06-01 |
2009-06-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
77225 |
CVE-2009-1850 |
89 |
|
Exec Code Sql |
2009-06-01 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter. |
77226 |
CVE-2009-1849 |
79 |
|
XSS |
2009-06-01 |
2009-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
77227 |
CVE-2009-1848 |
89 |
|
Exec Code Sql |
2009-06-01 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php. |
77228 |
CVE-2009-1847 |
22 |
|
Dir. Trav. |
2009-06-01 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fiche parameter. |
77229 |
CVE-2009-1846 |
22 |
|
Dir. Trav. |
2009-06-01 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter to (1) Corporate/homepage.php, (2) Fusion/homepage.php, (3) Joombo/homepage.php, (4) Streamline/homepage.php, and (5) Structure/homepage.php in themes/. |
77230 |
CVE-2009-1845 |
79 |
|
XSS |
2009-06-01 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter. |
77231 |
CVE-2009-1843 |
89 |
|
Exec Code Sql |
2009-06-01 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php. |
77232 |
CVE-2009-1842 |
89 |
|
Exec Code Sql |
2009-06-01 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. |
77233 |
CVE-2009-1841 |
94 |
|
|
2009-06-12 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. |
77234 |
CVE-2009-1840 |
264 |
|
Bypass |
2009-06-12 |
2017-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page. |
77235 |
CVE-2009-1839 |
264 |
|
Bypass |
2009-06-12 |
2017-09-28 |
5.4 |
None |
Remote |
High |
Not required |
Complete |
None |
None |
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack. |
77236 |
CVE-2009-1838 |
94 |
|
|
2009-06-12 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. |
77237 |
CVE-2009-1837 |
362 |
|
Exec Code |
2009-06-12 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. |
77238 |
CVE-2009-1836 |
287 |
|
|
2009-06-12 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. |
77239 |
CVE-2009-1835 |
200 |
|
+Info |
2009-06-12 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. |
77240 |
CVE-2009-1834 |
20 |
|
|
2009-06-12 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters. |
77241 |
CVE-2009-1833 |
94 |
|
DoS Exec Code Mem. Corr. |
2009-06-12 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. |
77242 |
CVE-2009-1832 |
94 |
|
DoS Exec Code Mem. Corr. |
2009-06-12 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." |
77243 |
CVE-2009-1831 |
189 |
|
Exec Code Overflow |
2009-05-29 |
2017-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow. |
77244 |
CVE-2009-1830 |
119 |
|
Exec Code Overflow |
2009-05-29 |
2017-09-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query. |
77245 |
CVE-2009-1829 |
|
|
DoS |
2009-05-29 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. |
77246 |
CVE-2009-1828 |
399 |
|
DoS |
2009-05-29 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected. |
77247 |
CVE-2009-1827 |
399 |
|
DoS |
2009-05-29 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop." |
77248 |
CVE-2009-1826 |
287 |
|
|
2009-05-29 |
2017-09-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. |
77249 |
CVE-2009-1825 |
287 |
|
|
2009-05-29 |
2017-09-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. |
77250 |
CVE-2009-1824 |
20 |
|
+Priv |
2009-05-29 |
2017-09-28 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs. |