The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2009-5042 | python-docutils allows insecure usage of temporary files | MEDIUM | Oct 31, 2019 |
| CVE-2009-5041 | overkill has buffer overflow via long player names that can corrupt data on the server machine | HIGH | Oct 31, 2019 |
| CVE-2009-5040 | CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. | Medium | Jan 22, 2011 |
| CVE-2009-5039 | Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535. | High | Jan 22, 2011 |
| CVE-2009-5038 | Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a corrupted magic value, aka Bug ID CSCso05336. | High | Jan 22, 2011 |
| CVE-2009-5037 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911. | Medium | Jan 7, 2011 |
| CVE-2009-5036 | traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. | Medium | Dec 17, 2010 |
| CVE-2009-5035 | The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages. | Medium | Dec 17, 2010 |
| CVE-2009-5034 | IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch of a new process to handle the data while the previous process is still operating on the data. | Medium | Dec 17, 2010 |
| CVE-2009-5033 | IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a * * argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users\' data via a sync operation, related to storage of the data of multiple users within the same thread. | Medium | Dec 17, 2010 |
| CVE-2009-5032 | The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | Medium | Dec 17, 2010 |
| CVE-2009-5031 | ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. | Medium | Jul 27, 2012 |
| CVE-2009-5030 | The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an invalid free. | Medium | Jul 21, 2012 |
| CVE-2009-5029 | Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. | Medium | May 3, 2013 |
| CVE-2009-5028 | Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field. | High | Nov 30, 2011 |
| CVE-2009-5027 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2062. Reason: This candidate is a reservation duplicate of CVE-2010-2062. Notes: All CVE users should reference CVE-2010-2062 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2009-5026 | The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments. | Medium | Aug 17, 2012 |
| CVE-2009-5025 | A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user. | MEDIUM | Jan 15, 2020 |
| CVE-2009-5024 | ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a query revision history request. | Medium | May 25, 2011 |
| CVE-2009-5023 | The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt. | Medium | Jun 11, 2014 |
| CVE-2009-5022 | Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. | Medium | May 4, 2011 |
| CVE-2009-5021 | Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password. | High | Dec 10, 2010 |
| CVE-2009-5020 | Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | Medium | Dec 2, 2010 |
| CVE-2009-5019 | Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb. | Medium | Dec 2, 2010 |
| CVE-2009-5018 | Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png. | Medium | Jan 20, 2011 |
| CVE-2009-5017 | Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. | Medium | Nov 15, 2010 |
| CVE-2009-5016 | Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. | Medium | Nov 15, 2010 |
| CVE-2009-5015 | The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors. | High | Nov 9, 2010 |
| CVE-2009-5014 | The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852. | High | Nov 9, 2010 |
| CVE-2009-5013 | Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer. | Medium | Oct 20, 2010 |
| CVE-2009-5012 | ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. | Medium | Oct 20, 2010 |
| CVE-2009-5011 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494. | Medium | Oct 20, 2010 |
| CVE-2009-5010 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494. | Medium | Oct 20, 2010 |
| CVE-2009-5009 | Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation. | Medium | Oct 14, 2010 |
| CVE-2009-5008 | Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. | Low | Oct 14, 2010 |
| CVE-2009-5007 | The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. | Low | Oct 14, 2010 |
| CVE-2009-5006 | The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.Per: http://cwe.mitre.org/data/definitions/476.html \'CWE-476: NULL Pointer Dereference\' | Medium | Oct 19, 2010 |
| CVE-2009-5005 | The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. | Medium | Oct 18, 2010 |
| CVE-2009-5004 | qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | MEDIUM | Nov 12, 2019 |
| CVE-2009-5003 | SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. | High | Sep 23, 2010 |
| CVE-2009-5002 | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. | Medium | Sep 21, 2010 |
| CVE-2009-5001 | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document\'s Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | Medium | Sep 21, 2010 |
| CVE-2009-5000 | Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. | Medium | Sep 21, 2010 |
| CVE-2009-4999 | Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. | Medium | Sep 21, 2010 |
| CVE-2009-4998 | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | Low | Sep 21, 2010 |
| CVE-2009-4997 | gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier. | High | Sep 8, 2010 |
| CVE-2009-4996 | ** DISPUTED ** Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments. | High | Sep 8, 2010 |
| CVE-2009-4995 | Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Aug 26, 2010 |
| CVE-2009-4994 | Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | Medium | Aug 26, 2010 |
| CVE-2009-4993 | PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.Note: http://inj3ct0r.com/exploits/5624 | High | Aug 25, 2010 |
