Total
5449 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2493 | 1 Microsoft | 7 Visual C\+\+, Visual Studio, Windows 2000 and 4 more | 2024-11-21 | N/A |
| The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." | ||||
| CVE-2009-2482 | 1 Netbsd | 1 Netbsd | 2024-11-21 | N/A |
| The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. | ||||
| CVE-2009-2476 | 2 Redhat, Sun | 4 Enterprise Linux, Rhel Extras, Java Se and 1 more | 2024-11-21 | N/A |
| The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. | ||||
| CVE-2009-2461 | 1 Forkosh | 1 Mathtex | 2024-11-21 | N/A |
| mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors. | ||||
| CVE-2009-2453 | 1 Citrix | 2 Presentation Server, Xenapp | 2024-11-21 | N/A |
| Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | ||||
| CVE-2009-2443 | 1 Siteframe | 1 Siteframe Cms | 2024-11-21 | N/A |
| Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2009-2432 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2024-11-21 | N/A |
| WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message. | ||||
| CVE-2009-2393 | 1 Virtuenetz | 1 Virtue Online Test Generator | 2024-11-21 | N/A |
| admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privileges, which allows remote authenticated users to have an unknown impact via unspecified vectors. | ||||
| CVE-2009-2371 | 2 Drupal, Michelle Cox | 2 Drupal, Advanced Forum | 2024-11-21 | N/A |
| Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. | ||||
| CVE-2009-2344 | 1 Sourcefire | 2 3d Sensor, Defense Center | 2024-11-21 | N/A |
| The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components. | ||||
| CVE-2009-2306 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2024-11-21 | N/A |
| The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini. | ||||
| CVE-2009-2293 | 1 Tutorial-share | 1 Tutorial Share | 2024-11-21 | N/A |
| Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter. | ||||
| CVE-2009-2291 | 2 Chad Phillips, Drupal | 2 Logintoboggan, Drupal | 2024-11-21 | N/A |
| Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2009-2208 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. | ||||
| CVE-2009-2207 | 1 Apple | 1 Iphone Os | 2024-11-21 | N/A |
| The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. | ||||
| CVE-2009-2198 | 1 Apple | 1 Garageband | 2024-11-21 | N/A |
| Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. | ||||
| CVE-2009-2171 | 1 Mahara | 1 Mahara | 2024-11-21 | N/A |
| Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. | ||||
| CVE-2009-2160 | 1 Torrenttrader | 1 Torrenttrader Classic | 2024-11-21 | N/A |
| TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php. | ||||
| CVE-2009-2125 | 1 Elvinbts | 1 Elvinbts | 2024-11-21 | N/A |
| delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs. | ||||
| CVE-2009-2091 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||