# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
14901 |
CVE-2009-0766 |
22 |
|
Dir. Trav. |
2009-03-06 |
2009-03-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
14902 |
CVE-2009-0765 |
22 |
|
Dir. Trav. |
2009-03-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter. |
14903 |
CVE-2009-0758 |
399 |
|
DoS |
2009-03-03 |
2010-08-12 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm. |
14904 |
CVE-2009-0757 |
119 |
|
DoS Overflow |
2009-03-03 |
2009-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions. |
14905 |
CVE-2009-0750 |
89 |
|
Exec Code Sql |
2009-03-02 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in login.php in the smNews example script for txtSQL 2.2 Final allows remote attackers to execute arbitrary SQL commands via the username parameter. |
14906 |
CVE-2009-0742 |
310 |
|
+Info |
2009-02-26 |
2009-02-27 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information. |
14907 |
CVE-2009-0741 |
89 |
|
Exec Code Sql |
2009-02-25 |
2018-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in Login.asp in Craft Silicon [email protected] 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter. |
14908 |
CVE-2009-0740 |
89 |
|
Exec Code Sql |
2009-02-25 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. |
14909 |
CVE-2009-0739 |
89 |
|
Exec Code Sql |
2009-02-25 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. |
14910 |
CVE-2009-0738 |
89 |
|
Exec Code Sql |
2009-02-25 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. |
14911 |
CVE-2009-0728 |
89 |
|
Exec Code Sql |
2009-02-24 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php. |
14912 |
CVE-2009-0727 |
89 |
|
Exec Code Sql |
2009-02-24 |
2018-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter. |
14913 |
CVE-2009-0726 |
89 |
|
Exec Code Sql |
2009-02-24 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. |
14914 |
CVE-2009-0722 |
22 |
|
Dir. Trav. |
2009-02-24 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter. |
14915 |
CVE-2009-0716 |
|
|
DoS |
2009-04-21 |
2009-04-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors. |
14916 |
CVE-2009-0714 |
|
|
DoS |
2009-05-14 |
2019-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets. |
14917 |
CVE-2009-0712 |
|
|
+Priv |
2009-03-11 |
2009-03-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors. |
14918 |
CVE-2009-0709 |
89 |
|
Exec Code Sql |
2009-02-23 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
14919 |
CVE-2009-0707 |
89 |
|
Exec Code Sql |
2009-02-23 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information. |
14920 |
CVE-2009-0706 |
89 |
1
|
Exec Code Sql |
2009-02-23 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. |
14921 |
CVE-2009-0704 |
89 |
|
Exec Code Sql |
2009-02-23 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action. |
14922 |
CVE-2009-0703 |
89 |
|
Exec Code Sql |
2009-02-23 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
14923 |
CVE-2009-0702 |
89 |
|
Exec Code Sql |
2009-02-23 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php. |
14924 |
CVE-2009-0698 |
189 |
|
DoS Exec Code Overflow |
2009-02-23 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. |
14925 |
CVE-2009-0695 |
287 |
1
|
|
2012-06-19 |
2012-06-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action. |
14926 |
CVE-2009-0693 |
119 |
|
Exec Code Overflow |
2012-06-19 |
2012-06-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe. |
14927 |
CVE-2009-0688 |
119 |
|
DoS Exec Code Overflow |
2009-05-15 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. |
14928 |
CVE-2009-0687 |
399 |
|
DoS |
2009-08-11 |
2017-09-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload. |
14929 |
CVE-2009-0686 |
399 |
|
+Priv |
2009-04-01 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory. |
14930 |
CVE-2009-0681 |
20 |
|
DoS Exec Code |
2009-04-15 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys. |
14931 |
CVE-2009-0680 |
22 |
|
DoS Dir. Trav. |
2009-02-22 |
2017-09-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. |
14932 |
CVE-2009-0669 |
287 |
|
Bypass |
2009-08-07 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. |
14933 |
CVE-2009-0667 |
|
|
+Priv |
2009-07-09 |
2009-07-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory. |
14934 |
CVE-2009-0663 |
119 |
|
Exec Code Overflow |
2009-04-30 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. |
14935 |
CVE-2009-0653 |
287 |
|
|
2009-02-20 |
2009-06-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. |
14936 |
CVE-2009-0649 |
|
|
DoS |
2009-02-20 |
2018-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method. |
14937 |
CVE-2009-0646 |
89 |
|
Exec Code Sql |
2009-02-18 |
2018-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml. |
14938 |
CVE-2009-0639 |
94 |
|
Exec Code File Inclusion |
2009-02-18 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter. |
14939 |
CVE-2009-0638 |
|
|
DoS |
2009-08-21 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP messages. |
14940 |
CVE-2009-0637 |
264 |
|
|
2009-03-27 |
2017-08-29 |
7.1 |
None |
Remote |
High |
Single system |
Complete |
Complete |
Complete |
The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command. |
14941 |
CVE-2009-0636 |
|
|
DoS |
2009-03-27 |
2017-08-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message. |
14942 |
CVE-2009-0635 |
399 |
|
DoS |
2009-03-27 |
2017-08-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets. |
14943 |
CVE-2009-0634 |
|
|
DoS |
2009-03-27 |
2017-09-28 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337. |
14944 |
CVE-2009-0633 |
|
|
DoS |
2009-03-27 |
2017-09-28 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220. |
14945 |
CVE-2009-0631 |
|
|
DoS |
2009-03-27 |
2017-09-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet. |
14946 |
CVE-2009-0630 |
|
|
DoS Bypass |
2009-03-27 |
2017-08-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets. |
14947 |
CVE-2009-0627 |
|
|
DoS |
2009-09-08 |
2009-09-09 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609. |
14948 |
CVE-2009-0626 |
399 |
|
DoS |
2009-03-27 |
2017-09-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet. |
14949 |
CVE-2009-0625 |
94 |
|
DoS |
2009-02-26 |
2009-03-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet. |
14950 |
CVE-2009-0623 |
|
|
DoS |
2009-02-26 |
2009-06-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet. |