The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2009-4942 | Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items. | Medium | Jul 22, 2010 |
| CVE-2009-4941 | Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. | Medium | Jul 22, 2010 |
| CVE-2009-4940 | SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | High | Jul 22, 2010 |
| CVE-2009-4939 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action. | Medium | Jul 23, 2010 |
| CVE-2009-4938 | SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. | High | Jul 23, 2010 |
| CVE-2009-4937 | Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag. | Medium | Jul 22, 2010 |
| CVE-2009-4936 | Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. | High | Jul 29, 2010 |
| CVE-2009-4935 | SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter. | High | Jul 15, 2010 |
| CVE-2009-4934 | Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | Medium | Jul 12, 2010 |
| CVE-2009-4933 | Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information. | High | Jul 15, 2010 |
| CVE-2009-4932 | Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. | Medium | Jul 12, 2010 |
| CVE-2009-4931 | Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. | Medium | Jul 12, 2010 |
| CVE-2009-4930 | Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web script or HTML via the New Question field. | Medium | Jul 12, 2010 |
| CVE-2009-4929 | admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. | High | Jul 16, 2010 |
| CVE-2009-4928 | PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055. | High | Jul 12, 2010 |
| CVE-2009-4927 | WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. | High | Jul 16, 2010 |
| CVE-2009-4926 | Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php. | Medium | Jul 12, 2010 |
| CVE-2009-4925 | Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php. | Medium | Jul 16, 2010 |
| CVE-2009-4924 | Dan Pascu python-cjson 1.0.5 does not properly handle a [\'/\'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. | Medium | Jul 6, 2010 |
| CVE-2009-4923 | Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162. | High | Jun 30, 2010 |
| CVE-2009-4922 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583. | Medium | Jun 30, 2010 |
| CVE-2009-4921 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110. | High | Jun 30, 2010 |
| CVE-2009-4920 | Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412. | High | Jun 30, 2010 |
| CVE-2009-4919 | Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. | High | Jun 30, 2010 |
| CVE-2009-4918 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439. | High | Jun 30, 2010 |
| CVE-2009-4917 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901. | High | Jun 30, 2010 |
| CVE-2009-4916 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka Bug ID CSCsq80095. | Medium | Jun 30, 2010 |
| CVE-2009-4915 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a connection stress test, aka Bug ID CSCsq68451. | High | Jun 30, 2010 |
| CVE-2009-4914 | Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879. | High | Jun 30, 2010 |
| CVE-2009-4913 | The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the far side of the box, which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622. | Medium | Jun 30, 2010 |
| CVE-2009-4912 | Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. | High | Jun 30, 2010 |
| CVE-2009-4911 | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958. | High | Jun 30, 2010 |
| CVE-2009-4910 | Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418. | Medium | Jun 30, 2010 |
| CVE-2009-4909 | admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests. | Medium | Jun 28, 2010 |
| CVE-2009-4908 | Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php. | Medium | Jun 28, 2010 |
| CVE-2009-4907 | Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog. | Medium | Jun 28, 2010 |
| CVE-2009-4906 | Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords. | Medium | Jun 28, 2010 |
| CVE-2009-4905 | Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses. | Medium | Jun 28, 2010 |
| CVE-2009-4904 | article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action. | Medium | Jun 28, 2010 |
| CVE-2009-4903 | Cross-site scripting (XSS) vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Jun 28, 2010 |
| CVE-2009-4902 | Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407. | Medium | Jun 21, 2010 |
| CVE-2009-4901 | The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407. | Low | Jun 24, 2010 |
| CVE-2009-4900 | pixelpost 1.7.1 has XSS | MEDIUM | Oct 29, 2019 |
| CVE-2009-4899 | pixelpost 1.7.1 has SQL injection | HIGH | Oct 29, 2019 |
| CVE-2009-4898 | Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339. | Medium | Sep 8, 2010 |
| CVE-2009-4897 | Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. | High | Aug 3, 2010 |
| CVE-2009-4896 | Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action. | Medium | Aug 3, 2010 |
| CVE-2009-4895 | Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9. | Medium | Sep 17, 2010 |
| CVE-2009-4894 | Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail. | Medium | Jun 15, 2010 |
| CVE-2009-4893 | Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | Medium | Jun 15, 2010 |
