| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
18451 |
CVE-2009-0322 |
189 |
|
DoS |
2009-01-28 |
2018-11-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. |
|
18452 |
CVE-2009-0321 |
59 |
|
DoS |
2009-01-28 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. |
|
18453 |
CVE-2009-0320 |
362 |
|
+Info |
2009-01-28 |
2018-10-11 |
4.0 |
None |
Local |
High |
Not required |
Complete |
None |
None |
|
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." |
|
18454 |
CVE-2009-0312 |
79 |
|
XSS |
2009-01-27 |
2018-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content. |
|
18455 |
CVE-2009-0307 |
79 |
|
XSS |
2009-04-22 |
2009-04-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters. |
|
18456 |
CVE-2009-0303 |
79 |
|
XSS |
2009-01-27 |
2009-01-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa. |
|
18457 |
CVE-2009-0302 |
89 |
1
|
Exec Code Sql |
2009-01-27 |
2018-10-11 |
4.6 |
User |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php. |
|
18458 |
CVE-2009-0285 |
79 |
|
XSS |
2009-01-27 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
|
18459 |
CVE-2009-0283 |
79 |
|
XSS |
2009-01-27 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
|
18460 |
CVE-2009-0273 |
79 |
|
XSS |
2009-02-02 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments. |
|
18461 |
CVE-2009-0269 |
399 |
|
DoS Mem. Corr. |
2009-01-26 |
2018-10-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. |
|
18462 |
CVE-2009-0268 |
362 |
|
DoS |
2009-01-26 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl. |
|
18463 |
CVE-2009-0260 |
79 |
|
XSS |
2009-01-23 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable). |
|
18464 |
CVE-2009-0257 |
79 |
|
XSS |
2009-01-22 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. |
|
18465 |
CVE-2009-0248 |
79 |
|
XSS |
2009-01-22 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter. |
|
18466 |
CVE-2009-0247 |
79 |
|
XSS |
2009-01-22 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable. |
|
18467 |
CVE-2009-0245 |
79 |
|
XSS |
2009-01-21 |
2009-01-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629. |
|
18468 |
CVE-2009-0239 |
79 |
|
XSS |
2009-06-10 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." |
|
18469 |
CVE-2009-0237 |
79 |
|
XSS |
2009-04-15 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability." |
|
18470 |
CVE-2009-0229 |
200 |
|
+Info |
2009-06-10 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." |
|
18471 |
CVE-2009-0206 |
|
|
DoS |
2009-02-08 |
2017-08-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. |
|
18472 |
CVE-2009-0204 |
79 |
|
XSS |
2009-01-30 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
18473 |
CVE-2009-0179 |
|
|
DoS |
2009-01-20 |
2009-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. |
|
18474 |
CVE-2009-0168 |
|
|
DoS |
2009-01-16 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporary files. |
|
18475 |
CVE-2009-0167 |
|
|
DoS |
2009-01-16 |
2017-09-28 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability." |
|
18476 |
CVE-2009-0166 |
399 |
|
DoS |
2009-04-23 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. |
|
18477 |
CVE-2009-0162 |
79 |
|
XSS |
2009-05-13 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. |
|
18478 |
CVE-2009-0156 |
20 |
|
DoS |
2009-05-13 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. |
|
18479 |
CVE-2009-0153 |
79 |
|
XSS |
2009-05-13 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. |
|
18480 |
CVE-2009-0150 |
119 |
|
DoS Overflow +Priv |
2009-05-13 |
2017-08-07 |
4.4 |
User |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image. |
|
18481 |
CVE-2009-0149 |
94 |
|
DoS +Priv Mem. Corr. |
2009-05-13 |
2017-08-07 |
4.4 |
User |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. |
|
18482 |
CVE-2009-0147 |
189 |
|
DoS Overflow |
2009-04-23 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. |
|
18483 |
CVE-2009-0146 |
119 |
|
DoS Overflow |
2009-04-23 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. |
|
18484 |
CVE-2009-0144 |
16 |
|
+Info |
2009-05-13 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections. |
|
18485 |
CVE-2009-0143 |
200 |
|
+Info |
2009-03-14 |
2018-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast. |
|
18486 |
CVE-2009-0132 |
189 |
|
DoS Overflow |
2009-01-15 |
2009-01-31 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument). |
|
18487 |
CVE-2009-0131 |
|
|
DoS |
2009-01-15 |
2009-02-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The UFS implementation in the kernel in Sun OpenSolaris snv_29 through snv_90 allows local users to cause a denial of service (panic) via the single posix_fallocate test in the SUSv3 POSIX test suite, related to an F_ALLOCSP fcntl call. |
|
18488 |
CVE-2009-0107 |
79 |
|
XSS |
2009-01-09 |
2017-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. |
|
18489 |
CVE-2009-0105 |
79 |
|
XSS |
2009-01-09 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action. |
|
18490 |
CVE-2009-0072 |
|
|
DoS |
2009-01-08 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. |
|
18491 |
CVE-2009-0069 |
399 |
|
DoS |
2009-01-07 |
2017-08-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client in the kernel in Sun Solaris 10 and OpenSolaris before snv_102 allows local users to cause a denial of service (recursive mutex_enter and panic) via unspecified vectors. |
|
18492 |
CVE-2009-0063 |
79 |
|
XSS |
2009-04-24 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
18493 |
CVE-2009-0057 |
20 |
|
DoS |
2009-01-22 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely." |
|
18494 |
CVE-2009-0054 |
255 |
|
|
2009-01-16 |
2009-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message. |
|
18495 |
CVE-2009-0053 |
310 |
|
|
2009-01-16 |
2009-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error." |
|
18496 |
CVE-2009-0050 |
20 |
|
Bypass |
2009-01-07 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. |
|
18497 |
CVE-2009-0038 |
79 |
|
XSS |
2009-04-17 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/. |
|
18498 |
CVE-2009-0036 |
119 |
|
Overflow +Priv |
2009-02-11 |
2017-09-28 |
4.4 |
User |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check. |
|
18499 |
CVE-2009-0031 |
399 |
|
DoS |
2009-01-20 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree." |
|
18500 |
CVE-2009-0026 |
79 |
|
XSS |
2009-01-21 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp. |
