Total
3455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2009-12-09 | 5.0 MEDIUM | N/A |
| The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3862 | 1 Novell | 1 Edirectory | 2009-11-05 | 5.0 MEDIUM | N/A |
| The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. | |||||
| CVE-2009-3481 | 2 Isygen, Joomla | 2 Com Icrmbasic, Joomla | 2009-10-01 | 7.5 HIGH | N/A |
| A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3261 | 1 Livestreet | 1 Livestreet | 2009-09-22 | 7.5 HIGH | N/A |
| update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors. | |||||
| CVE-2009-1878 | 1 Adobe | 1 Coldfusion | 2009-08-26 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2008-7046 | 1 Ajsquare | 1 Free Polling Script | 2009-08-24 | 6.4 MEDIUM | N/A |
| AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2009-07-23 | 5.0 MEDIUM | N/A |
| The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | |||||
| CVE-2009-0653 | 1 Openssl | 1 Openssl | 2009-06-25 | 7.5 HIGH | N/A |
| OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. | |||||
| CVE-2009-2072 | 1 Apple | 1 Safari | 2009-06-23 | 5.4 MEDIUM | N/A |
| Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server. | |||||
| CVE-2009-2071 | 1 Google | 1 Chrome | 2009-06-23 | 6.8 MEDIUM | N/A |
| Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
| CVE-2009-1155 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-28 | 7.8 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors. | |||||
| CVE-2008-6440 | 2 Cerberus, Webgroupmedia | 2 Cerberus Helpdesk, Cerberus Helpdesk | 2009-03-10 | 5.0 MEDIUM | N/A |
| Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. | |||||
| CVE-2009-0126 | 1 Berkeley | 1 Boinc Client | 2009-03-06 | 5.0 MEDIUM | N/A |
| The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2008-5809 | 1 Futomi | 1 Access Analyzer Cgi | 2009-02-26 | 5.8 MEDIUM | N/A |
| futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id. | |||||
| CVE-2008-5721 | 1 Sapporoworks | 1 Blackjumbodog | 2009-02-26 | 5.0 MEDIUM | N/A |
| SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-0362 | 1 Fail2ban | 1 Fail2ban | 2009-02-13 | 4.0 MEDIUM | N/A |
| filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321. | |||||
| CVE-2007-1228 | 2 Ibm, Unix | 2 Db2, Unix | 2009-02-11 | 4.4 MEDIUM | N/A |
| IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | |||||
| CVE-2009-0124 | 1 Arrl | 1 Tqsllib | 2009-02-06 | 5.0 MEDIUM | N/A |
| The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0128 | 1 Llnl | 1 Slurm | 2009-01-16 | 5.0 MEDIUM | N/A |
| plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0129 | 1 Perl-openssl | 1 Libcrypt-openssl-dsa-perl | 2009-01-16 | 5.0 MEDIUM | N/A |
| libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||