Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Thu, 26 Nov 09
redmine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4079
Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
Thu, 26 Nov 09
redmine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4078
Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Thu, 26 Nov 09
roundcube_webmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4077
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.
Thu, 26 Nov 09
roundcube_webmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4076
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.
Thu, 26 Nov 09
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4075
Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a "dangling sshd authentication thread."
Thu, 26 Nov 09
ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4074
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding.
Thu, 26 Nov 09
bind
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4022
Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)."
Thu, 26 Nov 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4021
The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack.
Thu, 26 Nov 09
CVE-2009-3033 (altiris_deployment_solution, altiris_management_platform, altiris_notification_se...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3033
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
Wed, 25 Nov 09
ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4073
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
Wed, 25 Nov 09
gforge
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4070
SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Wed, 25 Nov 09
gforge
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4069
Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 25 Nov 09
alias_wavefront_maya, autodesk_maya
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3578
Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."
Wed, 25 Nov 09
3ds_max
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3577
Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."
Wed, 25 Nov 09
autodesk_softimage, autodesk_softimage_xsi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3576
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.
Wed, 25 Nov 09
gforge
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3303
Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter.
Tue, 24 Nov 09
ie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4054
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element. NOTE: some of these details are obtained from third party information.
Tue, 24 Nov 09
home_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4053
Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 24 Nov 09
rational_application_developer_for_websphere, rational_software_architect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4052
Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet.
Tue, 24 Nov 09
home_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4051
Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via multiple invalid SITE INDEX commands.
Tue, 24 Nov 09
phpmybackuppro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4050
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 24 Nov 09
avast_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4049
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.
Tue, 24 Nov 09
xm_easy_personal_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4048
Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket.
Tue, 24 Nov 09
phd_help_desk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4047
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atribut...
Tue, 24 Nov 09
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3559
** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability.
Tue, 24 Nov 09
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3558
The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
Tue, 24 Nov 09
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3557
The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.
Sat, 21 Nov 09
bugzilla
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3386
Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug.
Sat, 21 Nov 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3080
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
Sat, 21 Nov 09
serv-u
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4006
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexidecimal string.
Sat, 14 Nov 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2841
WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality.
Sat, 14 Nov 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2816
WebKit in Apple Safari before 4.0.4 includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
Sat, 14 Nov 09
nonstop_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2678
Unspecified vulnerability in Open System Services (OSS) Name Server on HP NonStop G06.27, G06.28, G06.29, G06.30, H06.06, H06.07, H06.08, and J06.03 allows remote attackers to obtain sensitive information via unknown vectors.
Sat, 14 Nov 09
gimp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1570
Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.
Fri, 13 Nov 09
advanced_management_module_firmware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3935
Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.
Tue, 10 Nov 09
fiery_webtools
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3913
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.
Tue, 10 Nov 09
tftgallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3912
Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter.
Tue, 10 Nov 09
tftgallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3911
Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter.
Sat, 7 Nov 09
e-courirer_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3905
Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 7 Nov 09
e-courirer_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3901
Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
Sat, 7 Nov 09
blender
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3850
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
Fri, 6 Nov 09
java_system_web_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3878
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Fri, 6 Nov 09
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Fri, 6 Nov 09
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3876
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Fri, 6 Nov 09
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3875
The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Fri, 6 Nov 09
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3874
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
Fri, 6 Nov 09
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3873
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.
Fri, 6 Nov 09
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3872
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.
Fri, 6 Nov 09
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3871
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
Fri, 6 Nov 09
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3869
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
Fri, 6 Nov 09
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3868
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.
Fri, 6 Nov 09
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3867
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
Fri, 6 Nov 09
jdk, jre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3866
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.
Fri, 6 Nov 09
jdk, jre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3865
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
Fri, 6 Nov 09
jdk, jre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3864
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
Thu, 5 Nov 09
gejosoft
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3858
Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags.
Thu, 5 Nov 09
scite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3857
Buffer overflow in Softonic International SciTE 1.72 allows user-assisted remote attackers to cause a denial of service (application crash) via a Ruby (.rb) file containing a long string, which triggers the crash when a scroll bar is used.
Thu, 5 Nov 09
twilight_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3856
Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information.
Thu, 5 Nov 09
tivoli_storage_manager_client
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3855
Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors.
Thu, 5 Nov 09
tivoli_storage_manager_client
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3854
Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.
Thu, 5 Nov 09
tivoli_storage_manager_client
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3853
Buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via unspecified vectors.
Thu, 5 Nov 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3547
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Thu, 5 Nov 09
shockwave_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3466
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.
Thu, 5 Nov 09
shockwave_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3465
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information.
Thu, 5 Nov 09
shockwave_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3464
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.
Thu, 5 Nov 09
shockwave_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3463
Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.
Thu, 5 Nov 09
lotus_notes_intellisync
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0306
Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information.
Tue, 3 Nov 09
pegasus_mail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3838
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.
Tue, 3 Nov 09
eureka_email
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3837
Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.
Tue, 3 Nov 09
jshop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3835
SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php.
Tue, 3 Nov 09
com_photoblog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3834
SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.
Tue, 3 Nov 09
tftgallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3833
Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
Tue, 3 Nov 09
typo, typo3
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3634
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.