The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2009-2827 | Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image. | Medium | Nov 17, 2009 |
CVE-2009-2826 | Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. | Medium | Nov 17, 2009 |
CVE-2009-2825 | Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a \'\\0\' character in a domain name in the subject\'s Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | Medium | Nov 17, 2009 |
CVE-2009-2824 | Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. | Medium | Nov 17, 2009 |
CVE-2009-2823 | The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. | Medium | Nov 17, 2009 |
CVE-2009-2822 | AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. | Medium | Apr 6, 2010 |
CVE-2009-2820 | CUPS in Apple Mac OS X before 10.6.2 does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product\'s web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. | Medium | Nov 17, 2009 |
CVE-2009-2819 | AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. | High | Nov 17, 2009 |
CVE-2009-2818 | Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). | Medium | Nov 17, 2009 |
CVE-2009-2817 | Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file. | High | Sep 25, 2009 |
CVE-2009-2816 | WebKit in Apple Safari before 4.0.4 includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | Medium | Nov 13, 2009 |
CVE-2009-2815 | The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. | High | Sep 11, 2009 |
CVE-2009-2814 | Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. | Medium | Sep 16, 2009 |
CVE-2009-2813 | The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows File Sharing is enabled, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. | Medium | Sep 15, 2009 |
CVE-2009-2812 | Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. | Medium | Sep 15, 2009 |
CVE-2009-2811 | Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a potentially unsafe warning message in the Quarantine feature. | Medium | Sep 15, 2009 |
CVE-2009-2810 | Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a potentially unsafe warning message. | Medium | Nov 17, 2009 |
CVE-2009-2809 | ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to multiple memory corruption issues. | Medium | Sep 15, 2009 |
CVE-2009-2808 | Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response. | Medium | Nov 17, 2009 |
CVE-2009-2807 | Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. | High | Sep 15, 2009 |
CVE-2009-2805 | Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow. | Medium | Sep 15, 2009 |
CVE-2009-2804 | Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. | Medium | Sep 15, 2009 |
CVE-2009-2803 | CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. | Medium | Sep 15, 2009 |
CVE-2009-2802 | MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. | MEDIUM | Nov 12, 2019 |
CVE-2009-2801 | The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a timing issue. | Medium | Mar 31, 2010 |
CVE-2009-2800 | Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. | Medium | Sep 16, 2009 |
CVE-2009-2799 | Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. | High | Sep 11, 2009 |
CVE-2009-2798 | Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | High | Sep 11, 2009 |
CVE-2009-2797 | The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. | Medium | Sep 11, 2009 |
CVE-2009-2796 | The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. | Low | Sep 11, 2009 |
CVE-2009-2795 | Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to command parsing. | High | Sep 16, 2009 |
CVE-2009-2794 | The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the Maximum inactivity time lock functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. | Medium | Sep 16, 2009 |
CVE-2009-2793 | The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. | Medium | Sep 22, 2009 |
CVE-2009-2792 | Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter. | High | Aug 18, 2009 |
CVE-2009-2791 | PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter. | High | Aug 18, 2009 |
CVE-2009-2790 | SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4. | High | Aug 18, 2009 |
CVE-2009-2789 | SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Aug 20, 2009 |
CVE-2009-2788 | Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php. | High | Aug 18, 2009 |
CVE-2009-2787 | Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | Medium | Aug 18, 2009 |
CVE-2009-2786 | SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter. | High | Aug 18, 2009 |
CVE-2009-2785 | Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php. | Medium | Aug 17, 2009 |
CVE-2009-2784 | Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors. | High | Aug 17, 2009 |
CVE-2009-2783 | Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. | Medium | Aug 17, 2009 |
CVE-2009-2782 | SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | High | Aug 17, 2009 |
CVE-2009-2781 | SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666. | Medium | Aug 17, 2009 |
CVE-2009-2780 | Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php. | Medium | Aug 17, 2009 |
CVE-2009-2779 | SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action. | High | Aug 17, 2009 |
CVE-2009-2778 | Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information. | Medium | Aug 18, 2009 |
CVE-2009-2777 | SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter. | High | Aug 14, 2009 |
CVE-2009-2776 | SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter. | High | Aug 17, 2009 |