cpe:/a:apple:quicktime:- cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:7.5.5 CVE-2009-0001 2009-01-21T15:30:00.250-05:00 2018-10-30T12:25:17.590-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-01-21 CONFIRM http://support.apple.com/kb/HT3403 BID 33385 CERT TA09-022A VUPEN ADV-2009-0212 XF quicktime-rtspurl-bo(48154) Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL. cpe:/a:apple:quicktime:- cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:7.5.5 CVE-2009-0002 2009-01-21T15:30:00.267-05:00 2018-10-30T12:25:17.590-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BUGTRAQ 20090121 ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability APPLE APPLE-SA-2009-01-21 CONFIRM http://support.apple.com/kb/HT3403 BID 33384 CERT TA09-022A VUPEN ADV-2009-0212 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-005/ Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms. cpe:/a:apple:quicktime:- cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:7.5.5 CVE-2009-0003 2009-01-21T15:30:00.280-05:00 2018-10-30T12:25:17.590-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-01-21 CONFIRM http://support.apple.com/kb/HT3403 BID 33387 CERT TA09-022A VUPEN ADV-2009-0212 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-006/ Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure. cpe:/a:apple:quicktime:- cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:7.5.5 CVE-2009-0004 2009-01-21T15:30:00.297-05:00 2018-10-30T12:25:17.590-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov APPLE APPLE-SA-2009-01-21 CONFIRM http://support.apple.com/kb/HT3403 CERT TA09-022A VUPEN ADV-2009-0212 XF quicktime-mpeg2-bo(48157) Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file. cpe:/a:apple:quicktime:- cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:7.5.5 CVE-2009-0005 2009-01-21T15:30:00.327-05:00 2018-10-30T12:25:17.590-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-01-21 CONFIRM http://support.apple.com/kb/HT3403 BID 33386 CERT TA09-022A VUPEN ADV-2009-0212 XF quicktime-h263-movie-code-execution(48158) Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption. cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:6.0.0 cpe:/a:apple:quicktime:6.0.1 cpe:/a:apple:quicktime:6.0.2 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:6.1.0 cpe:/a:apple:quicktime:6.1.1 cpe:/a:apple:quicktime:6.2.0 cpe:/a:apple:quicktime:6.3.0 cpe:/a:apple:quicktime:6.4.0 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:6.5.0 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0.0 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.0 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.2.1 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.3.0 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.4.0 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.5.0 cpe:/a:apple:quicktime:7.5.5 CVE-2009-0006 2009-01-21T15:30:00.343-05:00 2018-10-11T16:58:39.193-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BUGTRAQ 20090121 ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability APPLE APPLE-SA-2009-01-21 CONFIRM http://support.apple.com/kb/HT3403 BUGTRAQ 20090124 Re: ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability BID 33388 CERT TA09-022A VUPEN ADV-2009-0212 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-007/ Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow. cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:6.0.0 cpe:/a:apple:quicktime:6.0.1 cpe:/a:apple:quicktime:6.0.2 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:6.1.0 cpe:/a:apple:quicktime:6.1.1 cpe:/a:apple:quicktime:6.2.0 cpe:/a:apple:quicktime:6.3.0 cpe:/a:apple:quicktime:6.4.0 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:6.5.0 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0.0 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.0 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.2.1 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.3.0 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.4.0 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.5.0 cpe:/a:apple:quicktime:7.5.5 CVE-2009-0007 2009-01-21T15:30:00.377-05:00 2017-09-28T21:33:34.607-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov APPLE APPLE-SA-2009-01-21 CONFIRM http://support.apple.com/kb/HT3403 BID 33390 CERT TA09-022A VUPEN ADV-2009-0212 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-008/ Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms. cpe:/a:apple:quicktime_mpeg-2_playback_component CVE-2009-0008 2009-01-22T13:30:03.797-05:00 2017-09-28T21:33:34.667-04:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-01-21 CONFIRM http://support.apple.com/kb/HT3404 BID 33393 SECTRACK 1021621 VUPEN ADV-2009-0211 XF quicktime-mpeg2playback-code-execution(48162) Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0009 2009-02-12T19:30:00.187-05:00 2017-08-07T21:33:45.737-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS APPLE APPLE-SA-2009-02-12 SECTRACK 1021718 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 VUPEN ADV-2009-0422 XF macosx-pixlet-codec-code-execution(48713) Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 CVE-2009-0010 2009-05-13T11:30:00.233-04:00 2018-10-11T16:58:40.320-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov APPLE APPLE-SA-2009-06-01-1 APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3591 BUGTRAQ 20090527 ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability BID 34926 BID 34938 SECTRACK 1022209 CERT TA09-133A VUPEN ADV-2009-1297 VUPEN ADV-2009-1407 MISC http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php MISC http://www.zerodayinitiative.com/advisories/ZDI-09-021 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-021/ Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0011 2009-02-12T19:30:04.827-05:00 2017-08-07T21:33:45.797-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-02-12 SECTRACK 1021720 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 VUPEN ADV-2009-0422 XF macosx-certificate-asst-file-overwrite(48715) Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0012 2009-02-12T19:30:04.843-05:00 2011-03-07T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-13T10:10:00.000-05:00 APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 BID 33809 VUPEN ADV-2009-0422 Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0013 2009-02-12T19:30:04.860-05:00 2017-08-07T21:33:45.843-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov APPLE APPLE-SA-2009-02-12 SECTRACK 1021722 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 BID 33815 VUPEN ADV-2009-0422 XF macosx-dstools-information-disclosure(48717) dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0014 2009-02-12T19:30:04.877-05:00 2011-03-07T22:17:45.610-05:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 BID 33820 VUPEN ADV-2009-0422 Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0015 2009-02-12T19:30:04.907-05:00 2011-03-07T22:17:45.720-05:00 4.9 LOCAL LOW NONE COMPLETE NONE NONE http://nvd.nist.gov APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 BID 33821 VUPEN ADV-2009-0422 Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." cpe:/a:apple:itunes:1.0::windows cpe:/a:apple:itunes:1.1.1::windows cpe:/a:apple:itunes:1.1.2::windows cpe:/a:apple:itunes:2.0::windows cpe:/a:apple:itunes:2.0.1::windows cpe:/a:apple:itunes:2.0.2::windows cpe:/a:apple:itunes:2.0.3::windows cpe:/a:apple:itunes:2.0.4::windows cpe:/a:apple:itunes:3.0::windows cpe:/a:apple:itunes:3.0.1::windows cpe:/a:apple:itunes:4.0::windows cpe:/a:apple:itunes:4.0.0:-:windows cpe:/a:apple:itunes:4.0.1::windows cpe:/a:apple:itunes:4.0.1:-:windows cpe:/a:apple:itunes:4.1::windows cpe:/a:apple:itunes:4.1.0:-:windows cpe:/a:apple:itunes:4.2::windows cpe:/a:apple:itunes:4.2.0:-:windows cpe:/a:apple:itunes:4.2.72::windows cpe:/a:apple:itunes:4.5::windows cpe:/a:apple:itunes:4.5.0:-:windows cpe:/a:apple:itunes:4.6::windows cpe:/a:apple:itunes:4.6.0:-:windows cpe:/a:apple:itunes:4.7::windows cpe:/a:apple:itunes:4.7.0:-:windows cpe:/a:apple:itunes:4.7.1::windows cpe:/a:apple:itunes:4.7.1:-:windows cpe:/a:apple:itunes:4.7.1.30::windows cpe:/a:apple:itunes:4.8::windows cpe:/a:apple:itunes:4.8.0:-:windows cpe:/a:apple:itunes:4.9::windows cpe:/a:apple:itunes:4.9.0:-:windows cpe:/a:apple:itunes:5.0::windows cpe:/a:apple:itunes:5.0.0:-:windows cpe:/a:apple:itunes:5.0.1::windows cpe:/a:apple:itunes:5.0.1:-:windows cpe:/a:apple:itunes:6.0::windows cpe:/a:apple:itunes:6.0.0:-:windows cpe:/a:apple:itunes:6.0.1::windows cpe:/a:apple:itunes:6.0.1:-:windows cpe:/a:apple:itunes:6.0.2::windows cpe:/a:apple:itunes:6.0.2:-:windows cpe:/a:apple:itunes:6.0.3::windows cpe:/a:apple:itunes:6.0.3:-:windows cpe:/a:apple:itunes:6.0.4::windows cpe:/a:apple:itunes:6.0.4:-:windows cpe:/a:apple:itunes:6.0.4.2::windows cpe:/a:apple:itunes:6.0.5::windows cpe:/a:apple:itunes:6.0.5:-:windows cpe:/a:apple:itunes:7.0.0:-:windows cpe:/a:apple:itunes:7.0.1:-:windows cpe:/a:apple:itunes:7.0.2::windows cpe:/a:apple:itunes:7.0.2:-:windows cpe:/a:apple:itunes:7.1.0:-:windows cpe:/a:apple:itunes:7.1.1:-:windows cpe:/a:apple:itunes:7.2.0:-:windows cpe:/a:apple:itunes:7.3.0:-:windows cpe:/a:apple:itunes:7.3.1:-:windows cpe:/a:apple:itunes:7.3.2::windows cpe:/a:apple:itunes:7.3.2:-:windows cpe:/a:apple:itunes:7.4::windows cpe:/a:apple:itunes:7.4.0:-:windows cpe:/a:apple:itunes:7.4.1::windows cpe:/a:apple:itunes:7.4.1:-:windows cpe:/a:apple:itunes:7.4.2::windows cpe:/a:apple:itunes:7.4.2:-:windows cpe:/a:apple:itunes:7.4.3::windows cpe:/a:apple:itunes:7.5::windows cpe:/a:apple:itunes:7.5.0:-:windows cpe:/a:apple:itunes:7.6::windows cpe:/a:apple:itunes:7.6.0:-:windows cpe:/a:apple:itunes:7.6.1::windows cpe:/a:apple:itunes:7.6.1:-:windows cpe:/a:apple:itunes:7.6.2:-:windows cpe:/a:apple:itunes:7.7::windows cpe:/a:apple:itunes:7.7.0:-:windows cpe:/a:apple:itunes:7.7.1::windows cpe:/a:apple:itunes:7.7.1:-:windows cpe:/a:apple:itunes:8.0::windows CVE-2009-0016 2009-03-14T14:30:00.420-04:00 2018-10-11T16:58:41.803-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov FULLDISC 20090312 Apple iTunes DAAP Messages Handling Denial of Service Vulnerability APPLE APPLE-SA-2009-03-11 SECTRACK 1021842 CONFIRM http://support.apple.com/kb/HT3487 MISC http://www.fortiguardcenter.com/advisory/FGA-2009-11.html BUGTRAQ 20090313 Apple iTunes DAAP Messages Handling Denial of Service Vulnerability BID 34094 VUPEN ADV-2009-0702 XF itunes-daap-dos(49200) Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0017 2009-02-12T19:30:04.920-05:00 2011-03-07T22:17:45.923-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 BID 33811 VUPEN ADV-2009-0422 csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0018 2009-02-12T19:30:04.937-05:00 2011-03-07T22:17:46.017-05:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 BID 33816 VUPEN ADV-2009-0422 The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0019 2009-02-12T19:30:04.953-05:00 2011-03-07T22:17:46.127-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 BID 33814 VUPEN ADV-2009-0422 Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0020 2009-02-12T19:30:04.967-05:00 2011-03-07T22:17:46.203-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 VUPEN ADV-2009-0422 Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption. cpe:/a:ntp:ntp:4.2.0 cpe:/a:ntp:ntp:4.2.2 cpe:/a:ntp:ntp:4.2.4p1 cpe:/a:ntp:ntp:4.2.4p2 cpe:/a:ntp:ntp:4.2.4p3 cpe:/a:ntp:ntp:4.2.4p4 CVE-2009-0021 2009-01-07T12:30:00.360-05:00 2018-10-11T16:58:43.337-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 SUSE SUSE-SR:2009:005 SUSE SUSE-SR:2009:008 SLACKWARE SSA:2009-014-03 CONFIRM http://support.apple.com/kb/HT3549 MISC http://www.ocert.org/advisories/ocert-2008-016.html REDHAT RHSA-2009:0046 BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses SECTRACK 1021533 CERT TA09-133A VUPEN ADV-2009-0042 VUPEN ADV-2009-1297 MLIST [announce] 20090108 NTP 4.2.4p6 Released NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. cpe:/a:samba:samba:3.2.0 cpe:/a:samba:samba:3.2.1 cpe:/a:samba:samba:3.2.2 cpe:/a:samba:samba:3.2.3 cpe:/a:samba:samba:3.2.4 cpe:/a:samba:samba:3.2.5 cpe:/a:samba:samba:3.2.6 CVE-2009-0022 2009-01-05T15:30:02.390-05:00 2018-10-03T17:57:40.737-04:00 6.3 NETWORK MEDIUM SINGLE_INSTANCE COMPLETE NONE NONE http://nvd.nist.gov MISC http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch MANDRIVA MDVSA-2009:042 CONFIRM http://www.samba.org/samba/security/CVE-2009-0022.html BID 33118 SECTRACK 1021513 VUPEN ADV-2009-0017 XF samba-file-system-security-bypass(47733) UBUNTU USN-702-1 FEDORA FEDORA-2009-0268 Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. cpe:/a:apache:apr-util:0.9.1 cpe:/a:apache:apr-util:0.9.2 cpe:/a:apache:apr-util:0.9.3 cpe:/a:apache:apr-util:0.9.4 cpe:/a:apache:apr-util:0.9.5 cpe:/a:apache:apr-util:1.0 cpe:/a:apache:apr-util:1.0.1 cpe:/a:apache:apr-util:1.0.2 cpe:/a:apache:apr-util:1.1.0 cpe:/a:apache:apr-util:1.1.1 cpe:/a:apache:apr-util:1.1.2 cpe:/a:apache:apr-util:1.2.1 cpe:/a:apache:apr-util:1.2.2 cpe:/a:apache:apr-util:1.2.6 cpe:/a:apache:apr-util:1.2.7 cpe:/a:apache:apr-util:1.2.8 cpe:/a:apache:apr-util:1.3.0 cpe:/a:apache:apr-util:1.3.1 cpe:/a:apache:apr-util:1.3.2 cpe:/a:apache:apr-util:1.3.3 cpe:/a:apache:apr-util:1.3.4 CVE-2009-0023 2009-06-07T21:00:00.530-04:00 2018-10-11T16:58:45.287-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-11-09-1 HP HPSBUX02612 GENTOO GLSA-200907-03 SLACKWARE SSA:2009-167-02 CONFIRM http://support.apple.com/kb/HT3937 CONFIRM http://svn.apache.org/viewvc?view=rev&revision=779880 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0144 CONFIRM http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 DEBIAN DSA-1812 MANDRIVA MDVSA-2009:131 MANDRIVA MDVSA-2013:150 CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html REDHAT RHSA-2009:1107 REDHAT RHSA-2009:1108 BUGTRAQ 20091112 rPSA-2009-0144-1 apr-util BID 35221 UBUNTU USN-786-1 UBUNTU USN-787-1 VUPEN ADV-2009-1907 VUPEN ADV-2009-3184 AIXAPAR PK88341 AIXAPAR PK91241 AIXAPAR PK99478 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27014463 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=503928 XF apache-aprstrmatchprecompile-dos(50964) MLIST [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html MLIST [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html FEDORA FEDORA-2009-6014 FEDORA FEDORA-2009-6261 FEDORA FEDORA-2009-5969 The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow. cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.12 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.24 CVE-2009-0024 2009-01-13T12:00:01.170-05:00 2012-03-19T00:00:00.000-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-13T14:16:00.000-05:00 ALLOWS_ADMIN_ACCESS CONFIRM http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.24.y.git;a=commit;h=8a459e44ad837018ea5c34a9efe8eb4ad27ded26 MLIST [oss-security] 20090112 CVE-2009-0024 kernel: local privilege escalation in sys_remap_file_pages CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 BID 33211 The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions. cpe:/a:isc:bind:9.0 cpe:/a:isc:bind:9.0.0:rc1 cpe:/a:isc:bind:9.0.0:rc2 cpe:/a:isc:bind:9.0.0:rc3 cpe:/a:isc:bind:9.0.0:rc4 cpe:/a:isc:bind:9.0.0:rc5 cpe:/a:isc:bind:9.0.0:rc6 cpe:/a:isc:bind:9.0.1 cpe:/a:isc:bind:9.0.1:rc1 cpe:/a:isc:bind:9.0.1:rc2 cpe:/a:isc:bind:9.1 cpe:/a:isc:bind:9.1.0:rc1 cpe:/a:isc:bind:9.1.1 cpe:/a:isc:bind:9.1.1:rc1 cpe:/a:isc:bind:9.1.1:rc2 cpe:/a:isc:bind:9.1.1:rc3 cpe:/a:isc:bind:9.1.1:rc4 cpe:/a:isc:bind:9.1.1:rc5 cpe:/a:isc:bind:9.1.1:rc6 cpe:/a:isc:bind:9.1.1:rc7 cpe:/a:isc:bind:9.1.2 cpe:/a:isc:bind:9.1.2:rc1 cpe:/a:isc:bind:9.1.3 cpe:/a:isc:bind:9.1.3:rc1 cpe:/a:isc:bind:9.1.3:rc2 cpe:/a:isc:bind:9.1.3:rc3 cpe:/a:isc:bind:9.2.0 cpe:/a:isc:bind:9.2.0:a1 cpe:/a:isc:bind:9.2.0:a2 cpe:/a:isc:bind:9.2.0:a3 cpe:/a:isc:bind:9.2.0:b1 cpe:/a:isc:bind:9.2.0:b2 cpe:/a:isc:bind:9.2.0:rc1 cpe:/a:isc:bind:9.2.0:rc10 cpe:/a:isc:bind:9.2.0:rc2 cpe:/a:isc:bind:9.2.0:rc3 cpe:/a:isc:bind:9.2.0:rc4 cpe:/a:isc:bind:9.2.0:rc5 cpe:/a:isc:bind:9.2.0:rc6 cpe:/a:isc:bind:9.2.0:rc7 cpe:/a:isc:bind:9.2.0:rc8 cpe:/a:isc:bind:9.2.0:rc9 cpe:/a:isc:bind:9.2.1 cpe:/a:isc:bind:9.2.1:rc1 cpe:/a:isc:bind:9.2.1:rc2 cpe:/a:isc:bind:9.2.2 cpe:/a:isc:bind:9.2.2:p2 cpe:/a:isc:bind:9.2.2:p3 cpe:/a:isc:bind:9.2.2:rc1 cpe:/a:isc:bind:9.2.3 cpe:/a:isc:bind:9.2.3:rc1 cpe:/a:isc:bind:9.2.3:rc2 cpe:/a:isc:bind:9.2.3:rc3 cpe:/a:isc:bind:9.2.3:rc4 cpe:/a:isc:bind:9.2.4 cpe:/a:isc:bind:9.2.4:rc2 cpe:/a:isc:bind:9.2.4:rc3 cpe:/a:isc:bind:9.2.4:rc4 cpe:/a:isc:bind:9.2.4:rc5 cpe:/a:isc:bind:9.2.4:rc6 cpe:/a:isc:bind:9.2.4:rc7 cpe:/a:isc:bind:9.2.4:rc8 cpe:/a:isc:bind:9.2.5 cpe:/a:isc:bind:9.2.5:b2 cpe:/a:isc:bind:9.2.5:rc1 cpe:/a:isc:bind:9.2.6 cpe:/a:isc:bind:9.2.6:rc1 cpe:/a:isc:bind:9.2.7 cpe:/a:isc:bind:9.2.7:rc1 cpe:/a:isc:bind:9.2.7:rc2 cpe:/a:isc:bind:9.2.7:rc3 cpe:/a:isc:bind:9.4 cpe:/a:isc:bind:9.4.0 cpe:/a:isc:bind:9.4.0:a1 cpe:/a:isc:bind:9.4.0:a2 cpe:/a:isc:bind:9.4.0:a3 cpe:/a:isc:bind:9.4.0:a4 cpe:/a:isc:bind:9.4.0:a5 cpe:/a:isc:bind:9.4.0:a6 cpe:/a:isc:bind:9.4.0:b1 cpe:/a:isc:bind:9.4.0:b2 cpe:/a:isc:bind:9.4.0:b3 cpe:/a:isc:bind:9.4.0:b4 cpe:/a:isc:bind:9.4.0:rc1 cpe:/a:isc:bind:9.4.0:rc2 cpe:/a:isc:bind:9.4.1 cpe:/a:isc:bind:9.4.2 cpe:/a:isc:bind:9.4.2:rc1 cpe:/a:isc:bind:9.4.2:rc2 cpe:/a:isc:bind:9.4.3 cpe:/a:isc:bind:9.4.3:b1 cpe:/a:isc:bind:9.4.3:b2 cpe:/a:isc:bind:9.4.3:b3 cpe:/a:isc:bind:9.4.3:rc1 cpe:/a:isc:bind:9.5.0 cpe:/a:isc:bind:9.5.1 cpe:/a:isc:bind:9.6.0 CVE-2009-0025 2009-01-07T12:30:00.390-05:00 2018-10-11T16:58:51.383-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov MISC http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 APPLE APPLE-SA-2009-05-12 HP HPSBOV03226 FREEBSD FreeBSD-SA-09:04 SLACKWARE SSA:2009-014-02 SUNALERT 250846 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0009 MISC http://www.ocert.org/advisories/ocert-2008-016.html CONFIRM http://www.openbsd.org/errata44.html#008_bind BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses BUGTRAQ 20090120 rPSA-2009-0009-1 bind bind-utils BUGTRAQ 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim BID 33151 CERT TA09-133A CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0004.html VUPEN ADV-2009-0043 VUPEN ADV-2009-0366 VUPEN ADV-2009-0904 VUPEN ADV-2009-1297 CONFIRM https://issues.rpath.com/browse/RPL-2938 CONFIRM https://www.isc.org/software/bind/advisories/cve-2009-0025 FEDORA FEDORA-2009-0350 BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:apache:jackrabbit:1.4 cpe:/a:apache:jackrabbit:1.5.0 CVE-2009-0026 2009-01-21T15:30:00.390-05:00 2018-10-11T16:58:56.557-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SREASON 4942 CONFIRM http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt BUGTRAQ 20090120 [ANNOUNCE] Apache Jackrabbit 1.5.2 released BID 33360 VUPEN ADV-2009-0177 XF jackrabbit-search-swr-xss(48110) CONFIRM https://issues.apache.org/jira/browse/JCR-1925 Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp. cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp01 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp02 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp03 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp04 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp05 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp06 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp01 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp02 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp03 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp04 CVE-2009-0027 2009-03-09T17:30:00.170-04:00 2009-03-21T01:53:33.483-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov REDHAT RHSA-2009:0346 REDHAT RHSA-2009:0347 REDHAT RHSA-2009:0348 REDHAT RHSA-2009:0349 BID 34023 SECTRACK 1021817 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479668 CONFIRM https://jira.jboss.org/jira/browse/JBPAPP-1548 The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.12 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24:rc1 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.24:rc4 cpe:/o:linux:linux_kernel:2.6.24:rc5 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.25.18 cpe:/o:linux:linux_kernel:2.6.25.19 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.26:rc4 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.26.6 cpe:/o:linux:linux_kernel:2.6.26.7 cpe:/o:linux:linux_kernel:2.6.26.8 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27:rc1 cpe:/o:linux:linux_kernel:2.6.27:rc2 cpe:/o:linux:linux_kernel:2.6.27:rc3 cpe:/o:linux:linux_kernel:2.6.27:rc4 cpe:/o:linux:linux_kernel:2.6.27:rc5 cpe:/o:linux:linux_kernel:2.6.27:rc6 cpe:/o:linux:linux_kernel:2.6.27:rc7 cpe:/o:linux:linux_kernel:2.6.27:rc8 cpe:/o:linux:linux_kernel:2.6.27:rc9 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.28 CVE-2009-0028 2009-02-27T12:30:09.860-05:00 2018-10-11T16:58:57.353-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov SUSE SUSE-SA:2009:010 SUSE SUSE-SA:2009:030 SUSE SUSE-SA:2009:031 REDHAT RHSA-2009:0459 MISC http://scary.beasts.org/security/CESA-2009-002.html MISC http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-signal-vulnerability.html CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0084 DEBIAN DSA-1787 DEBIAN DSA-1794 DEBIAN DSA-1800 MANDRIVA MDVSA-2009:118 REDHAT RHSA-2009:0326 REDHAT RHSA-2009:0451 BUGTRAQ 20090516 rPSA-2009-0084-1 kernel BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 33906 UBUNTU USN-751-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-3316 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479932 The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. cpe:/o:debian:debian_linux:4.0 cpe:/o:debian:debian_linux:5.0 cpe:/o:linux:linux_kernel:2.6.28 CVE-2009-0029 2009-01-15T12:30:00.467-05:00 2018-11-08T15:19:43.207-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2018-11-07T09:33:16.970-05:00 SUSE SUSE-SA:2009:010 MLIST [linux-kernel] 20090110 Re: [PATCH -v7][RFC]: mutex: implement adaptive spinning DEBIAN DSA-1749 DEBIAN DSA-1787 DEBIAN DSA-1794 MANDRIVA MDVSA-2009:135 BID 33275 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479969 FEDORA FEDORA-2009-0816 The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call. cpe:/a:squirrelmail:squirrelmail:1.4.8 CVE-2009-0030 2009-01-21T15:30:00.407-05:00 2017-09-28T21:33:35.247-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SUSE SUSE-SR:2009:004 SECTRACK 1021611 BID 33354 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=480224 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=480488 XF squirrelmail-sessionid-session-hijacking(48115) REDHAT RHSA-2009:0057 A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663. cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28.1 CVE-2009-0031 2009-01-20T21:30:00.313-05:00 2017-09-28T21:33:35.357-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://git2.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d54ee1c7850a954026deec4cd4885f331da35cc SUSE SUSE-SA:2009:010 REDHAT RHSA-2009:0264 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm DEBIAN DSA-1749 DEBIAN DSA-1787 DEBIAN DSA-1794 MLIST [oss-security] 20090119 CVE-2009-0031 kernel: local denial of service in keyctl_join_session_keyring REDHAT RHSA-2009:0331 REDHAT RHSA-2009:0360 UBUNTU USN-751-1 Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree." cpe:/a:apple:cups CVE-2009-0032 2009-01-27T15:30:00.377-05:00 2017-08-07T21:33:46.250-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SECTRACK 1021637 MANDRIVA MDVSA-2009:027 MANDRIVA MDVSA-2009:028 MANDRIVA MDVSA-2009:029 BID 33418 XF cups-pdflog-symlink(48210) CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. cpe:/a:apache:tomcat:4.1.0 cpe:/a:apache:tomcat:4.1.1 cpe:/a:apache:tomcat:4.1.2 cpe:/a:apache:tomcat:4.1.3 cpe:/a:apache:tomcat:4.1.3:beta cpe:/a:apache:tomcat:4.1.4 cpe:/a:apache:tomcat:4.1.5 cpe:/a:apache:tomcat:4.1.6 cpe:/a:apache:tomcat:4.1.7 cpe:/a:apache:tomcat:4.1.8 cpe:/a:apache:tomcat:4.1.9 cpe:/a:apache:tomcat:4.1.9:beta cpe:/a:apache:tomcat:4.1.10 cpe:/a:apache:tomcat:4.1.11 cpe:/a:apache:tomcat:4.1.12 cpe:/a:apache:tomcat:4.1.13 cpe:/a:apache:tomcat:4.1.14 cpe:/a:apache:tomcat:4.1.15 cpe:/a:apache:tomcat:4.1.16 cpe:/a:apache:tomcat:4.1.17 cpe:/a:apache:tomcat:4.1.18 cpe:/a:apache:tomcat:4.1.19 cpe:/a:apache:tomcat:4.1.20 cpe:/a:apache:tomcat:4.1.21 cpe:/a:apache:tomcat:4.1.22 cpe:/a:apache:tomcat:4.1.23 cpe:/a:apache:tomcat:4.1.24 cpe:/a:apache:tomcat:4.1.25 cpe:/a:apache:tomcat:4.1.26 cpe:/a:apache:tomcat:4.1.27 cpe:/a:apache:tomcat:4.1.28 cpe:/a:apache:tomcat:4.1.29 cpe:/a:apache:tomcat:4.1.30 cpe:/a:apache:tomcat:4.1.31 cpe:/a:apache:tomcat:4.1.32 cpe:/a:apache:tomcat:4.1.33 cpe:/a:apache:tomcat:4.1.34 cpe:/a:apache:tomcat:4.1.35 cpe:/a:apache:tomcat:4.1.36 cpe:/a:apache:tomcat:4.1.37 cpe:/a:apache:tomcat:4.1.38 cpe:/a:apache:tomcat:4.1.39 cpe:/a:apache:tomcat:5.5.0 cpe:/a:apache:tomcat:5.5.1 cpe:/a:apache:tomcat:5.5.2 cpe:/a:apache:tomcat:5.5.3 cpe:/a:apache:tomcat:5.5.4 cpe:/a:apache:tomcat:5.5.5 cpe:/a:apache:tomcat:5.5.6 cpe:/a:apache:tomcat:5.5.7 cpe:/a:apache:tomcat:5.5.8 cpe:/a:apache:tomcat:5.5.9 cpe:/a:apache:tomcat:5.5.10 cpe:/a:apache:tomcat:5.5.11 cpe:/a:apache:tomcat:5.5.12 cpe:/a:apache:tomcat:5.5.13 cpe:/a:apache:tomcat:5.5.14 cpe:/a:apache:tomcat:5.5.15 cpe:/a:apache:tomcat:5.5.16 cpe:/a:apache:tomcat:5.5.17 cpe:/a:apache:tomcat:5.5.18 cpe:/a:apache:tomcat:5.5.19 cpe:/a:apache:tomcat:5.5.20 cpe:/a:apache:tomcat:5.5.21 cpe:/a:apache:tomcat:5.5.22 cpe:/a:apache:tomcat:5.5.23 cpe:/a:apache:tomcat:5.5.24 cpe:/a:apache:tomcat:5.5.25 cpe:/a:apache:tomcat:5.5.26 cpe:/a:apache:tomcat:5.5.27 cpe:/a:apache:tomcat:6.0.0 cpe:/a:apache:tomcat:6.0.1 cpe:/a:apache:tomcat:6.0.2 cpe:/a:apache:tomcat:6.0.3 cpe:/a:apache:tomcat:6.0.4 cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:6.0.10 cpe:/a:apache:tomcat:6.0.11 cpe:/a:apache:tomcat:6.0.12 cpe:/a:apache:tomcat:6.0.13 cpe:/a:apache:tomcat:6.0.14 cpe:/a:apache:tomcat:6.0.15 cpe:/a:apache:tomcat:6.0.16 CVE-2009-0033 2009-06-05T12:00:00.187-04:00 2019-03-25T07:30:34.427-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov JVN JVN#87272440 APPLE APPLE-SA-2010-03-29-1 SUSE SUSE-SR:2009:012 HP HPSBMA02535 HP HPSBUX02579 HP HPSBOV02762 HP HPSBUX02860 SECTRACK 1022331 SUNALERT 263529 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://svn.apache.org/viewvc?rev=742915&view=rev CONFIRM http://svn.apache.org/viewvc?rev=781362&view=rev CONFIRM http://tomcat.apache.org/security-4.html CONFIRM http://tomcat.apache.org/security-5.html CONFIRM http://tomcat.apache.org/security-6.html DEBIAN DSA-2207 MANDRIVA MDVSA-2009:136 MANDRIVA MDVSA-2009:138 MANDRIVA MDVSA-2010:176 BUGTRAQ 20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 35193 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-1496 VUPEN ADV-2009-1856 VUPEN ADV-2009-3316 VUPEN ADV-2010-3056 XF tomcat-ajp-dos(50928) MLIST [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ FEDORA FEDORA-2009-11374 FEDORA FEDORA-2009-11352 FEDORA FEDORA-2009-11356 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. cpe:/a:todd_miller:sudo:1.6.9_p17 cpe:/a:todd_miller:sudo:1.6.9_p18 cpe:/a:todd_miller:sudo:1.6.9_p19 CVE-2009-0034 2009-01-30T14:30:00.280-05:00 2018-10-11T16:59:11.963-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MLIST [Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0021 CONFIRM http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327 MANDRIVA MDVSA-2009:033 REDHAT RHSA-2009:0267 BUGTRAQ 20090129 rPSA-2009-0021-1 sudo BUGTRAQ 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl BID 33517 SECTRACK 1021688 CONFIRM http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0009.html VUPEN ADV-2009-1865 CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=468923 CONFIRM https://issues.rpath.com/browse/RPL-2954 parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. cpe:/a:libvirt:libvirt:0.5.1 CVE-2009-0036 2009-02-11T15:30:00.360-05:00 2017-09-28T21:33:35.637-04:00 4.4 LOCAL MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28 MLIST [oss-security] 20090210 libvirt_proxy heads up REDHAT RHSA-2009:0382 BID 33724 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=484947 MLIST [libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory MLIST [libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory MLIST [libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check. cpe:/a:curl:curl:5.11 cpe:/a:curl:curl:6.0 cpe:/a:curl:curl:6.1beta cpe:/a:curl:curl:6.2 cpe:/a:curl:curl:6.3 cpe:/a:curl:curl:6.3.1 cpe:/a:curl:curl:6.4 cpe:/a:curl:curl:6.5 cpe:/a:curl:curl:6.5.1 cpe:/a:curl:curl:6.5.2 cpe:/a:curl:curl:7.1 cpe:/a:curl:curl:7.1.1 cpe:/a:curl:curl:7.2 cpe:/a:curl:curl:7.2.1 cpe:/a:curl:curl:7.3 cpe:/a:curl:curl:7.4 cpe:/a:curl:curl:7.4.1 cpe:/a:curl:curl:7.4.2 cpe:/a:curl:curl:7.5 cpe:/a:curl:curl:7.5.1 cpe:/a:curl:curl:7.5.2 cpe:/a:curl:curl:7.6 cpe:/a:curl:curl:7.6.1 cpe:/a:curl:curl:7.7 cpe:/a:curl:curl:7.7.1 cpe:/a:curl:curl:7.7.2 cpe:/a:curl:curl:7.7.3 cpe:/a:curl:curl:7.8 cpe:/a:curl:curl:7.8.1 cpe:/a:curl:curl:7.8.2 cpe:/a:curl:curl:7.9 cpe:/a:curl:curl:7.9.1 cpe:/a:curl:curl:7.9.2 cpe:/a:curl:curl:7.9.3 cpe:/a:curl:curl:7.9.4 cpe:/a:curl:curl:7.9.5 cpe:/a:curl:curl:7.9.6 cpe:/a:curl:curl:7.9.7 cpe:/a:curl:curl:7.9.8 cpe:/a:curl:curl:7.10 cpe:/a:curl:curl:7.10.1 cpe:/a:curl:curl:7.10.2 cpe:/a:curl:curl:7.10.3 cpe:/a:curl:curl:7.10.4 cpe:/a:curl:curl:7.10.5 cpe:/a:curl:curl:7.10.6 cpe:/a:curl:curl:7.10.7 cpe:/a:curl:curl:7.10.8 cpe:/a:curl:curl:7.11.1 cpe:/a:curl:curl:7.12 cpe:/a:curl:curl:7.12.1 cpe:/a:curl:curl:7.12.2 cpe:/a:curl:curl:7.13 cpe:/a:curl:curl:7.13.2 cpe:/a:curl:curl:7.14 cpe:/a:curl:curl:7.14.1 cpe:/a:curl:curl:7.15 cpe:/a:curl:curl:7.15.1 cpe:/a:curl:curl:7.15.3 cpe:/a:curl:curl:7.16.3 cpe:/a:curl:curl:7.16.4 cpe:/a:curl:curl:7.17 cpe:/a:curl:curl:7.18 cpe:/a:curl:curl:7.19.3 cpe:/a:curl:libcurl:5.11 cpe:/a:curl:libcurl:7.12 cpe:/a:curl:libcurl:7.12.1 cpe:/a:curl:libcurl:7.12.2 cpe:/a:curl:libcurl:7.12.3 cpe:/a:curl:libcurl:7.13 cpe:/a:curl:libcurl:7.13.1 cpe:/a:curl:libcurl:7.13.2 cpe:/a:curl:libcurl:7.14 cpe:/a:curl:libcurl:7.14.1 cpe:/a:curl:libcurl:7.15 cpe:/a:curl:libcurl:7.15.1 cpe:/a:curl:libcurl:7.15.2 cpe:/a:curl:libcurl:7.15.3 cpe:/a:curl:libcurl:7.16.3 cpe:/a:curl:libcurl:7.19.3 CVE-2009-0037 2009-03-04T21:30:00.250-05:00 2018-10-11T16:59:14.307-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://curl.haxx.se/docs/adv_20090303.html CONFIRM http://curl.haxx.se/lxr/source/CHANGES APPLE APPLE-SA-2010-03-29-1 SUSE SUSE-SR:2009:006 MLIST [Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl GENTOO GLSA-200903-21 SLACKWARE SSA:2009-069-01 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042 DEBIAN DSA-1738 REDHAT RHSA-2009:0341 BUGTRAQ 20090312 rPSA-2009-0042-1 curl BUGTRAQ 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl BID 33962 SECTRACK 1021783 UBUNTU USN-726-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0009.html VUPEN ADV-2009-0581 VUPEN ADV-2009-1865 MISC http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/ MISC http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf XF curl-location-security-bypass(49030) The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. cpe:/a:apache:geronimo:2.1 cpe:/a:apache:geronimo:2.1.1 cpe:/a:apache:geronimo:2.1.2 cpe:/a:apache:geronimo:2.1.3 CVE-2009-0038 2009-04-17T10:30:00.530-04:00 2018-10-11T16:59:19.073-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov MISC http://dsecrg.com/pages/vul/show.php?id=119 CONFIRM http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214 CONFIRM http://issues.apache.org/jira/browse/GERONIMO-4597 BUGTRAQ 20090416 [DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt BID 34562 VUPEN ADV-2009-1089 Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/. cpe:/a:apache:geronimo:2.1 cpe:/a:apache:geronimo:2.1.1 cpe:/a:apache:geronimo:2.1.2 cpe:/a:apache:geronimo:2.1.3 CVE-2009-0039 2009-04-17T10:30:00.547-04:00 2018-10-11T16:59:19.620-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov MISC http://dsecrg.com/pages/vul/show.php?id=120 CONFIRM http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214 CONFIRM http://issues.apache.org/jira/browse/GERONIMO-4597 BUGTRAQ 20090416 [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities BID 34562 VUPEN ADV-2009-1089 Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown. cpe:/a:libpng:libpng:0.89c cpe:/a:libpng:libpng:0.95 cpe:/a:libpng:libpng:1.0.0 cpe:/a:libpng:libpng:1.0.1 cpe:/a:libpng:libpng:1.0.2 cpe:/a:libpng:libpng:1.0.3 cpe:/a:libpng:libpng:1.0.5 cpe:/a:libpng:libpng:1.0.6 cpe:/a:libpng:libpng:1.0.6:a cpe:/a:libpng:libpng:1.0.6:d cpe:/a:libpng:libpng:1.0.6:e cpe:/a:libpng:libpng:1.0.6:f cpe:/a:libpng:libpng:1.0.6:g cpe:/a:libpng:libpng:1.0.6:h cpe:/a:libpng:libpng:1.0.6:i cpe:/a:libpng:libpng:1.0.6:j cpe:/a:libpng:libpng:1.0.7 cpe:/a:libpng:libpng:1.0.7:beta11 cpe:/a:libpng:libpng:1.0.7:beta12 cpe:/a:libpng:libpng:1.0.7:beta13 cpe:/a:libpng:libpng:1.0.7:beta14 cpe:/a:libpng:libpng:1.0.7:beta15 cpe:/a:libpng:libpng:1.0.7:beta16 cpe:/a:libpng:libpng:1.0.7:beta17 cpe:/a:libpng:libpng:1.0.7:beta18 cpe:/a:libpng:libpng:1.0.7:rc1 cpe:/a:libpng:libpng:1.0.7:rc2 cpe:/a:libpng:libpng:1.0.8 cpe:/a:libpng:libpng:1.0.8:beta1 cpe:/a:libpng:libpng:1.0.8:beta2 cpe:/a:libpng:libpng:1.0.8:beta3 cpe:/a:libpng:libpng:1.0.8:beta4 cpe:/a:libpng:libpng:1.0.8:rc1 cpe:/a:libpng:libpng:1.0.9 cpe:/a:libpng:libpng:1.0.9:beta1 cpe:/a:libpng:libpng:1.0.9:beta10 cpe:/a:libpng:libpng:1.0.9:beta2 cpe:/a:libpng:libpng:1.0.9:beta3 cpe:/a:libpng:libpng:1.0.9:beta4 cpe:/a:libpng:libpng:1.0.9:beta5 cpe:/a:libpng:libpng:1.0.9:beta6 cpe:/a:libpng:libpng:1.0.9:beta7 cpe:/a:libpng:libpng:1.0.9:beta8 cpe:/a:libpng:libpng:1.0.9:beta9 cpe:/a:libpng:libpng:1.0.9:rc1 cpe:/a:libpng:libpng:1.0.9:rc2 cpe:/a:libpng:libpng:1.0.10 cpe:/a:libpng:libpng:1.0.10:beta1 cpe:/a:libpng:libpng:1.0.10:rc1 cpe:/a:libpng:libpng:1.0.11 cpe:/a:libpng:libpng:1.0.11:beta1 cpe:/a:libpng:libpng:1.0.11:beta2 cpe:/a:libpng:libpng:1.0.11:beta3 cpe:/a:libpng:libpng:1.0.11:rc1 cpe:/a:libpng:libpng:1.0.12 cpe:/a:libpng:libpng:1.0.12:beta1 cpe:/a:libpng:libpng:1.0.12:rc1 cpe:/a:libpng:libpng:1.0.13 cpe:/a:libpng:libpng:1.0.14 cpe:/a:libpng:libpng:1.0.15 cpe:/a:libpng:libpng:1.0.15:rc1 cpe:/a:libpng:libpng:1.0.15:rc2 cpe:/a:libpng:libpng:1.0.15:rc3 cpe:/a:libpng:libpng:1.0.16 cpe:/a:libpng:libpng:1.0.17 cpe:/a:libpng:libpng:1.0.17:rc1 cpe:/a:libpng:libpng:1.0.18 cpe:/a:libpng:libpng:1.0.19 cpe:/a:libpng:libpng:1.0.19:rc1 cpe:/a:libpng:libpng:1.0.19:rc2 cpe:/a:libpng:libpng:1.0.19:rc3 cpe:/a:libpng:libpng:1.0.19:rc5 cpe:/a:libpng:libpng:1.0.20 cpe:/a:libpng:libpng:1.0.21 cpe:/a:libpng:libpng:1.0.21:rc1 cpe:/a:libpng:libpng:1.0.21:rc2 cpe:/a:libpng:libpng:1.0.22 cpe:/a:libpng:libpng:1.0.22:rc1 cpe:/a:libpng:libpng:1.0.23 cpe:/a:libpng:libpng:1.0.23:rc1 cpe:/a:libpng:libpng:1.0.23:rc2 cpe:/a:libpng:libpng:1.0.23:rc3 cpe:/a:libpng:libpng:1.0.23:rc4 cpe:/a:libpng:libpng:1.0.23:rc5 cpe:/a:libpng:libpng:1.0.24 cpe:/a:libpng:libpng:1.0.24:rc1 cpe:/a:libpng:libpng:1.0.25 cpe:/a:libpng:libpng:1.0.25:rc1 cpe:/a:libpng:libpng:1.0.25:rc2 cpe:/a:libpng:libpng:1.0.26 cpe:/a:libpng:libpng:1.0.27 cpe:/a:libpng:libpng:1.0.27:rc1 cpe:/a:libpng:libpng:1.0.27:rc2 cpe:/a:libpng:libpng:1.0.27:rc3 cpe:/a:libpng:libpng:1.0.27:rc4 cpe:/a:libpng:libpng:1.0.27:rc5 cpe:/a:libpng:libpng:1.0.27:rc6 cpe:/a:libpng:libpng:1.0.28 cpe:/a:libpng:libpng:1.0.28:rc2 cpe:/a:libpng:libpng:1.0.28:rc3 cpe:/a:libpng:libpng:1.0.28:rc4 cpe:/a:libpng:libpng:1.0.28:rc5 cpe:/a:libpng:libpng:1.0.28:rc6 cpe:/a:libpng:libpng:1.0.29 cpe:/a:libpng:libpng:1.0.29:beta1 cpe:/a:libpng:libpng:1.0.29:rc1 cpe:/a:libpng:libpng:1.0.29:rc2 cpe:/a:libpng:libpng:1.0.29:rc3 cpe:/a:libpng:libpng:1.0.30 cpe:/a:libpng:libpng:1.0.31 cpe:/a:libpng:libpng:1.0.32 cpe:/a:libpng:libpng:1.0.33 cpe:/a:libpng:libpng:1.0.34 cpe:/a:libpng:libpng:1.0.35 cpe:/a:libpng:libpng:1.0.37 cpe:/a:libpng:libpng:1.0.38 cpe:/a:libpng:libpng:1.0.39 cpe:/a:libpng:libpng:1.0.40 cpe:/a:libpng:libpng:1.0.41 cpe:/a:libpng:libpng:1.0.42 cpe:/a:libpng:libpng:1.2.0 cpe:/a:libpng:libpng:1.2.0:beta1 cpe:/a:libpng:libpng:1.2.0:beta2 cpe:/a:libpng:libpng:1.2.0:beta3 cpe:/a:libpng:libpng:1.2.0:beta4 cpe:/a:libpng:libpng:1.2.0:beta5 cpe:/a:libpng:libpng:1.2.0:rc1 cpe:/a:libpng:libpng:1.2.1 cpe:/a:libpng:libpng:1.2.1:beta1 cpe:/a:libpng:libpng:1.2.1:beta2 cpe:/a:libpng:libpng:1.2.1:beta3 cpe:/a:libpng:libpng:1.2.1:beta4 cpe:/a:libpng:libpng:1.2.1:rc1 cpe:/a:libpng:libpng:1.2.1:rc2 cpe:/a:libpng:libpng:1.2.2 cpe:/a:libpng:libpng:1.2.2:beta1 cpe:/a:libpng:libpng:1.2.2:beta2 cpe:/a:libpng:libpng:1.2.2:beta3 cpe:/a:libpng:libpng:1.2.2:beta4 cpe:/a:libpng:libpng:1.2.2:beta5 cpe:/a:libpng:libpng:1.2.2:beta6 cpe:/a:libpng:libpng:1.2.2:rc1 cpe:/a:libpng:libpng:1.2.3 cpe:/a:libpng:libpng:1.2.3:rc1 cpe:/a:libpng:libpng:1.2.3:rc2 cpe:/a:libpng:libpng:1.2.3:rc3 cpe:/a:libpng:libpng:1.2.3:rc4 cpe:/a:libpng:libpng:1.2.3:rc5 cpe:/a:libpng:libpng:1.2.3:rc6 cpe:/a:libpng:libpng:1.2.4 cpe:/a:libpng:libpng:1.2.4:beta1 cpe:/a:libpng:libpng:1.2.4:beta2 cpe:/a:libpng:libpng:1.2.4:beta3 cpe:/a:libpng:libpng:1.2.4:rc1 cpe:/a:libpng:libpng:1.2.5 cpe:/a:libpng:libpng:1.2.5:beta1 cpe:/a:libpng:libpng:1.2.5:beta2 cpe:/a:libpng:libpng:1.2.5:beta3 cpe:/a:libpng:libpng:1.2.5:rc1 cpe:/a:libpng:libpng:1.2.5:rc2 cpe:/a:libpng:libpng:1.2.5:rc3 cpe:/a:libpng:libpng:1.2.6 cpe:/a:libpng:libpng:1.2.6:beta1 cpe:/a:libpng:libpng:1.2.6:beta2 cpe:/a:libpng:libpng:1.2.6:beta3 cpe:/a:libpng:libpng:1.2.6:beta4 cpe:/a:libpng:libpng:1.2.6:rc1 cpe:/a:libpng:libpng:1.2.6:rc2 cpe:/a:libpng:libpng:1.2.6:rc3 cpe:/a:libpng:libpng:1.2.6:rc4 cpe:/a:libpng:libpng:1.2.6:rc5 cpe:/a:libpng:libpng:1.2.7 cpe:/a:libpng:libpng:1.2.7:beta1 cpe:/a:libpng:libpng:1.2.7:beta2 cpe:/a:libpng:libpng:1.2.8 cpe:/a:libpng:libpng:1.2.8:beta1 cpe:/a:libpng:libpng:1.2.8:beta2 cpe:/a:libpng:libpng:1.2.8:beta3 cpe:/a:libpng:libpng:1.2.8:beta4 cpe:/a:libpng:libpng:1.2.8:beta5 cpe:/a:libpng:libpng:1.2.8:rc1 cpe:/a:libpng:libpng:1.2.8:rc2 cpe:/a:libpng:libpng:1.2.8:rc3 cpe:/a:libpng:libpng:1.2.8:rc4 cpe:/a:libpng:libpng:1.2.8:rc5 cpe:/a:libpng:libpng:1.2.9 cpe:/a:libpng:libpng:1.2.9:beta1 cpe:/a:libpng:libpng:1.2.9:beta10 cpe:/a:libpng:libpng:1.2.9:beta2 cpe:/a:libpng:libpng:1.2.9:beta3 cpe:/a:libpng:libpng:1.2.9:beta4 cpe:/a:libpng:libpng:1.2.9:beta5 cpe:/a:libpng:libpng:1.2.9:beta6 cpe:/a:libpng:libpng:1.2.9:beta7 cpe:/a:libpng:libpng:1.2.9:beta8 cpe:/a:libpng:libpng:1.2.9:beta9 cpe:/a:libpng:libpng:1.2.9:rc1 cpe:/a:libpng:libpng:1.2.10 cpe:/a:libpng:libpng:1.2.10:beta1 cpe:/a:libpng:libpng:1.2.10:beta2 cpe:/a:libpng:libpng:1.2.10:beta3 cpe:/a:libpng:libpng:1.2.10:beta4 cpe:/a:libpng:libpng:1.2.10:beta5 cpe:/a:libpng:libpng:1.2.10:beta6 cpe:/a:libpng:libpng:1.2.10:beta7 cpe:/a:libpng:libpng:1.2.10:rc1 cpe:/a:libpng:libpng:1.2.10:rc2 cpe:/a:libpng:libpng:1.2.10:rc3 cpe:/a:libpng:libpng:1.2.11 cpe:/a:libpng:libpng:1.2.11:beta1 cpe:/a:libpng:libpng:1.2.11:beta2 cpe:/a:libpng:libpng:1.2.11:beta3 cpe:/a:libpng:libpng:1.2.11:beta4 cpe:/a:libpng:libpng:1.2.11:rc1 cpe:/a:libpng:libpng:1.2.11:rc2 cpe:/a:libpng:libpng:1.2.11:rc3 cpe:/a:libpng:libpng:1.2.11:rc5 cpe:/a:libpng:libpng:1.2.13 cpe:/a:libpng:libpng:1.2.13:beta1 cpe:/a:libpng:libpng:1.2.13:rc1 cpe:/a:libpng:libpng:1.2.13:rc2 cpe:/a:libpng:libpng:1.2.14 cpe:/a:libpng:libpng:1.2.14:beta1 cpe:/a:libpng:libpng:1.2.14:beta2 cpe:/a:libpng:libpng:1.2.14:rc1 cpe:/a:libpng:libpng:1.2.15 cpe:/a:libpng:libpng:1.2.15:beta1 cpe:/a:libpng:libpng:1.2.15:beta2 cpe:/a:libpng:libpng:1.2.15:beta3 cpe:/a:libpng:libpng:1.2.15:beta4 cpe:/a:libpng:libpng:1.2.15:beta5 cpe:/a:libpng:libpng:1.2.15:beta6 cpe:/a:libpng:libpng:1.2.15:rc1 cpe:/a:libpng:libpng:1.2.15:rc2 cpe:/a:libpng:libpng:1.2.15:rc3 cpe:/a:libpng:libpng:1.2.15:rc4 cpe:/a:libpng:libpng:1.2.15:rc5 cpe:/a:libpng:libpng:1.2.16 cpe:/a:libpng:libpng:1.2.16:beta1 cpe:/a:libpng:libpng:1.2.16:beta2 cpe:/a:libpng:libpng:1.2.16:rc1 cpe:/a:libpng:libpng:1.2.17 cpe:/a:libpng:libpng:1.2.17:beta1 cpe:/a:libpng:libpng:1.2.17:beta2 cpe:/a:libpng:libpng:1.2.17:rc1 cpe:/a:libpng:libpng:1.2.17:rc2 cpe:/a:libpng:libpng:1.2.17:rc3 cpe:/a:libpng:libpng:1.2.17:rc4 cpe:/a:libpng:libpng:1.2.18 cpe:/a:libpng:libpng:1.2.19 cpe:/a:libpng:libpng:1.2.19:beta1 cpe:/a:libpng:libpng:1.2.19:beta10 cpe:/a:libpng:libpng:1.2.19:beta11 cpe:/a:libpng:libpng:1.2.19:beta12 cpe:/a:libpng:libpng:1.2.19:beta13 cpe:/a:libpng:libpng:1.2.19:beta14 cpe:/a:libpng:libpng:1.2.19:beta15 cpe:/a:libpng:libpng:1.2.19:beta16 cpe:/a:libpng:libpng:1.2.19:beta17 cpe:/a:libpng:libpng:1.2.19:beta18 cpe:/a:libpng:libpng:1.2.19:beta19 cpe:/a:libpng:libpng:1.2.19:beta2 cpe:/a:libpng:libpng:1.2.19:beta20 cpe:/a:libpng:libpng:1.2.19:beta21 cpe:/a:libpng:libpng:1.2.19:beta22 cpe:/a:libpng:libpng:1.2.19:beta23 cpe:/a:libpng:libpng:1.2.19:beta24 cpe:/a:libpng:libpng:1.2.19:beta25 cpe:/a:libpng:libpng:1.2.19:beta26 cpe:/a:libpng:libpng:1.2.19:beta27 cpe:/a:libpng:libpng:1.2.19:beta28 cpe:/a:libpng:libpng:1.2.19:beta29 cpe:/a:libpng:libpng:1.2.19:beta3 cpe:/a:libpng:libpng:1.2.19:beta30 cpe:/a:libpng:libpng:1.2.19:beta31 cpe:/a:libpng:libpng:1.2.19:beta32 cpe:/a:libpng:libpng:1.2.19:beta33 cpe:/a:libpng:libpng:1.2.19:beta4 cpe:/a:libpng:libpng:1.2.19:beta5 cpe:/a:libpng:libpng:1.2.19:beta6 cpe:/a:libpng:libpng:1.2.19:beta7 cpe:/a:libpng:libpng:1.2.19:beta8 cpe:/a:libpng:libpng:1.2.19:beta9 cpe:/a:libpng:libpng:1.2.19:rc1 cpe:/a:libpng:libpng:1.2.19:rc2 cpe:/a:libpng:libpng:1.2.19:rc3 cpe:/a:libpng:libpng:1.2.19:rc4 cpe:/a:libpng:libpng:1.2.19:rc5 cpe:/a:libpng:libpng:1.2.19:rc6 cpe:/a:libpng:libpng:1.2.20 cpe:/a:libpng:libpng:1.2.20:rc1 cpe:/a:libpng:libpng:1.2.20:rc2 cpe:/a:libpng:libpng:1.2.20:rc3 cpe:/a:libpng:libpng:1.2.20:rc4 cpe:/a:libpng:libpng:1.2.20:rc5 cpe:/a:libpng:libpng:1.2.20:rc6 cpe:/a:libpng:libpng:1.2.21 cpe:/a:libpng:libpng:1.2.21:beta1 cpe:/a:libpng:libpng:1.2.21:beta2 cpe:/a:libpng:libpng:1.2.21:rc1 cpe:/a:libpng:libpng:1.2.21:rc2 cpe:/a:libpng:libpng:1.2.21:rc3 cpe:/a:libpng:libpng:1.2.22 cpe:/a:libpng:libpng:1.2.22:beta1 cpe:/a:libpng:libpng:1.2.22:beta2 cpe:/a:libpng:libpng:1.2.22:beta3 cpe:/a:libpng:libpng:1.2.22:beta4 cpe:/a:libpng:libpng:1.2.22:rc1 cpe:/a:libpng:libpng:1.2.23 cpe:/a:libpng:libpng:1.2.24 cpe:/a:libpng:libpng:1.2.25 cpe:/a:libpng:libpng:1.2.25:beta03 cpe:/a:libpng:libpng:1.2.25:beta04 cpe:/a:libpng:libpng:1.2.25:beta05 cpe:/a:libpng:libpng:1.2.25:beta06 cpe:/a:libpng:libpng:1.2.25:rc01 cpe:/a:libpng:libpng:1.2.25:rc02 cpe:/a:libpng:libpng:1.2.26 cpe:/a:libpng:libpng:1.2.26:beta01 cpe:/a:libpng:libpng:1.2.26:beta02 cpe:/a:libpng:libpng:1.2.26:beta03 cpe:/a:libpng:libpng:1.2.26:beta04 cpe:/a:libpng:libpng:1.2.26:beta05 cpe:/a:libpng:libpng:1.2.26:beta06 cpe:/a:libpng:libpng:1.2.26:rc01 cpe:/a:libpng:libpng:1.2.27 cpe:/a:libpng:libpng:1.2.28 cpe:/a:libpng:libpng:1.2.29 cpe:/a:libpng:libpng:1.2.30 cpe:/a:libpng:libpng:1.2.31 cpe:/a:libpng:libpng:1.2.32 cpe:/a:libpng:libpng:1.2.33 cpe:/a:libpng:libpng:1.2.34 CVE-2009-0040 2009-02-22T17:30:00.203-05:00 2018-10-11T16:59:20.370-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt CONFIRM http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt APPLE APPLE-SA-2009-08-05-1 APPLE APPLE-SA-2009-06-08-1 APPLE APPLE-SA-2009-06-17-1 APPLE APPLE-SA-2009-05-12 SUSE SUSE-SR:2009:005 SUSE SUSE-SA:2009:012 SUSE SUSE-SA:2009:023 MLIST [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server GENTOO GLSA-200903-28 GENTOO GLSA-201209-25 SLACKWARE SSA:2009-083-02 SLACKWARE SSA:2009-083-03 MLIST [png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability CONFIRM http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441 SUNALERT 259989 SUNALERT 1020521 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3613 CONFIRM http://support.apple.com/kb/HT3639 CONFIRM http://support.apple.com/kb/HT3757 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm CONFIRM http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0046 DEBIAN DSA-1750 DEBIAN DSA-1830 CERT-VN VU#649212 MANDRIVA MDVSA-2009:051 MANDRIVA MDVSA-2009:075 MANDRIVA MDVSA-2009:083 REDHAT RHSA-2009:0315 REDHAT RHSA-2009:0325 REDHAT RHSA-2009:0333 REDHAT RHSA-2009:0340 BUGTRAQ 20090312 rPSA-2009-0046-1 libpng BUGTRAQ 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues BUGTRAQ 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server BID 33827 BID 33990 CERT TA09-133A CERT TA09-218A CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0007.html VUPEN ADV-2009-0469 VUPEN ADV-2009-0473 VUPEN ADV-2009-0632 VUPEN ADV-2009-1297 VUPEN ADV-2009-1451 VUPEN ADV-2009-1462 VUPEN ADV-2009-1522 VUPEN ADV-2009-1560 VUPEN ADV-2009-1621 VUPEN ADV-2009-2172 XF libpng-pointer-arrays-code-execution(48819) FEDORA FEDORA-2009-2045 FEDORA FEDORA-2009-1976 FEDORA FEDORA-2009-2882 FEDORA FEDORA-2009-2884 The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. cpe:/a:asterisk:asterisk_business_edition:a cpe:/a:asterisk:asterisk_business_edition:b.1.3.2 cpe:/a:asterisk:asterisk_business_edition:b.1.3.3 cpe:/a:asterisk:asterisk_business_edition:b.2.2.0 cpe:/a:asterisk:asterisk_business_edition:b.2.2.1 cpe:/a:asterisk:asterisk_business_edition:b.2.3.1 cpe:/a:asterisk:asterisk_business_edition:b.2.3.2 cpe:/a:asterisk:asterisk_business_edition:b.2.3.3 cpe:/a:asterisk:asterisk_business_edition:b.2.3.4 cpe:/a:asterisk:asterisk_business_edition:b.2.3.5 cpe:/a:asterisk:asterisk_business_edition:b.2.3.6 cpe:/a:asterisk:asterisk_business_edition:b.2.5.0 cpe:/a:asterisk:asterisk_business_edition:b.2.5.1 cpe:/a:asterisk:asterisk_business_edition:b.2.5.2 cpe:/a:asterisk:asterisk_business_edition:b.2.5.3 cpe:/a:asterisk:asterisk_business_edition:c.1.0:beta7 cpe:/a:asterisk:asterisk_business_edition:c.1.0:beta8 cpe:/a:asterisk:open_source:1.2.0 cpe:/a:asterisk:open_source:1.2.0:beta1 cpe:/a:asterisk:open_source:1.2.0:beta2 cpe:/a:asterisk:open_source:1.2.0:rc1 cpe:/a:asterisk:open_source:1.2.0:rc2 cpe:/a:asterisk:open_source:1.2.0beta1 cpe:/a:asterisk:open_source:1.2.0beta2 cpe:/a:asterisk:open_source:1.2.1 cpe:/a:asterisk:open_source:1.2.2 cpe:/a:asterisk:open_source:1.2.2:netsec cpe:/a:asterisk:open_source:1.2.3 cpe:/a:asterisk:open_source:1.2.3:netsec cpe:/a:asterisk:open_source:1.2.10 cpe:/a:asterisk:open_source:1.2.10:netsec cpe:/a:asterisk:open_source:1.2.11 cpe:/a:asterisk:open_source:1.2.11:netsec cpe:/a:asterisk:open_source:1.2.12 cpe:/a:asterisk:open_source:1.2.12:netsec cpe:/a:asterisk:open_source:1.2.12.1 cpe:/a:asterisk:open_source:1.2.12.1:netsec cpe:/a:asterisk:open_source:1.2.13 cpe:/a:asterisk:open_source:1.2.13:netsec cpe:/a:asterisk:open_source:1.2.14 cpe:/a:asterisk:open_source:1.2.14:netsec cpe:/a:asterisk:open_source:1.2.15 cpe:/a:asterisk:open_source:1.2.15:netsec cpe:/a:asterisk:open_source:1.2.16 cpe:/a:asterisk:open_source:1.2.16:netsec cpe:/a:asterisk:open_source:1.2.17 cpe:/a:asterisk:open_source:1.2.17:netsec cpe:/a:asterisk:open_source:1.2.18 cpe:/a:asterisk:open_source:1.2.18:netsec cpe:/a:asterisk:open_source:1.2.19 cpe:/a:asterisk:open_source:1.2.19:netsec cpe:/a:asterisk:open_source:1.2.20 cpe:/a:asterisk:open_source:1.2.20:netsec cpe:/a:asterisk:open_source:1.2.21 cpe:/a:asterisk:open_source:1.2.21:netsec cpe:/a:asterisk:open_source:1.2.21.1 cpe:/a:asterisk:open_source:1.2.21.1:netsec cpe:/a:asterisk:open_source:1.2.22 cpe:/a:asterisk:open_source:1.2.22:netsec cpe:/a:asterisk:open_source:1.2.23 cpe:/a:asterisk:open_source:1.2.23:netsec cpe:/a:asterisk:open_source:1.2.24 cpe:/a:asterisk:open_source:1.2.24:netsec cpe:/a:asterisk:open_source:1.2.25 cpe:/a:asterisk:open_source:1.2.25:netsec cpe:/a:asterisk:open_source:1.2.26 cpe:/a:asterisk:open_source:1.2.26:netsec cpe:/a:asterisk:open_source:1.2.26.1 cpe:/a:asterisk:open_source:1.2.26.1:netsec cpe:/a:asterisk:open_source:1.2.26.2 cpe:/a:asterisk:open_source:1.2.26.2:netsec cpe:/a:asterisk:open_source:1.2.27 cpe:/a:asterisk:open_source:1.2.28 cpe:/a:asterisk:open_source:1.2.29 cpe:/a:asterisk:open_source:1.2.30 cpe:/a:asterisk:open_source:1.2.30.2 cpe:/a:asterisk:open_source:1.2.30.3 cpe:/a:asterisk:open_source:1.2.30.4 cpe:/a:asterisk:open_source:1.4.0 cpe:/a:asterisk:open_source:1.4.0:beta2 cpe:/a:asterisk:open_source:1.4.0:beta3 cpe:/a:asterisk:open_source:1.4.0:beta4 cpe:/a:asterisk:open_source:1.4.1 cpe:/a:asterisk:open_source:1.4.2 cpe:/a:asterisk:open_source:1.4.3 cpe:/a:asterisk:open_source:1.4.4 cpe:/a:asterisk:open_source:1.4.5 cpe:/a:asterisk:open_source:1.4.6 cpe:/a:asterisk:open_source:1.4.7 cpe:/a:asterisk:open_source:1.4.7.1 cpe:/a:asterisk:open_source:1.4.8 cpe:/a:asterisk:open_source:1.4.9 cpe:/a:asterisk:open_source:1.4.10 cpe:/a:asterisk:open_source:1.4.10.1 cpe:/a:asterisk:open_source:1.4.11 cpe:/a:asterisk:open_source:1.4.12 cpe:/a:asterisk:open_source:1.4.12.1 cpe:/a:asterisk:open_source:1.4.13 cpe:/a:asterisk:open_source:1.4.14 cpe:/a:asterisk:open_source:1.4.15 cpe:/a:asterisk:open_source:1.4.16 cpe:/a:asterisk:open_source:1.4.16.1 cpe:/a:asterisk:open_source:1.4.16.2 cpe:/a:asterisk:open_source:1.4.17 cpe:/a:asterisk:open_source:1.4.18 cpe:/a:asterisk:open_source:1.4.18.1 cpe:/a:asterisk:open_source:1.4.19 cpe:/a:asterisk:open_source:1.4.19:rc1 cpe:/a:asterisk:open_source:1.4.19:rc2 cpe:/a:asterisk:open_source:1.4.19:rc3 cpe:/a:asterisk:open_source:1.4.19:rc4 cpe:/a:asterisk:open_source:1.4.19.1 cpe:/a:asterisk:open_source:1.4.19.2 cpe:/a:asterisk:open_source:1.4.20 cpe:/a:asterisk:open_source:1.4.20:rc1 cpe:/a:asterisk:open_source:1.4.20:rc2 cpe:/a:asterisk:open_source:1.4.20:rc3 cpe:/a:asterisk:open_source:1.4.21 cpe:/a:asterisk:open_source:1.4.21:rc1 cpe:/a:asterisk:open_source:1.4.21:rc2 cpe:/a:asterisk:open_source:1.4.21.1 cpe:/a:asterisk:open_source:1.4.21.2 cpe:/a:asterisk:open_source:1.4.22 cpe:/a:asterisk:open_source:1.4.22:rc3 cpe:/a:asterisk:open_source:1.4.22:rc4 cpe:/a:asterisk:open_source:1.4.22.1 cpe:/a:asterisk:open_source:1.4.22.2 cpe:/a:asterisk:open_source:1.4.23 cpe:/a:asterisk:open_source:1.4.23:rc1 cpe:/a:asterisk:open_source:1.4.23:rc2 cpe:/a:asterisk:open_source:1.4.23:rc3 cpe:/a:asterisk:open_source:1.4_revision_95946 cpe:/a:asterisk:open_source:1.4beta cpe:/a:asterisk:open_source:1.6.0:beta1 cpe:/a:asterisk:open_source:1.6.0:beta2 cpe:/a:asterisk:open_source:1.6.0:beta3 cpe:/a:asterisk:open_source:1.6.0:beta4 cpe:/a:asterisk:open_source:1.6.0:beta5 cpe:/a:asterisk:open_source:1.6.0:beta7 cpe:/a:asterisk:open_source:1.6.0:beta7.1 cpe:/a:asterisk:open_source:1.6.0:beta8 cpe:/a:asterisk:open_source:1.6.0:beta9 cpe:/a:asterisk:open_source:1.6.0:rc4 cpe:/a:asterisk:open_source:1.6.0:rc5 cpe:/a:asterisk:open_source:1.6.0:rc6 cpe:/a:asterisk:open_source:1.6.0.1 cpe:/a:asterisk:open_source:1.6.0.2 cpe:/a:asterisk:open_source:1.6.0.3 cpe:/a:asterisk:open_source:1.6.0.3:rc1 cpe:/h:asterisk:s800i_appliance:1.2 CVE-2009-0041 2009-01-14T18:30:00.187-05:00 2018-10-11T16:59:44.903-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://downloads.digium.com/pub/security/AST-2009-001.html GENTOO GLSA-200905-01 SREASON 4910 DEBIAN DSA-1952 BUGTRAQ 20090108 AST-2009-001: Information leak in IAX2 authentication BID 33174 SECTRACK 1021549 VUPEN ADV-2009-0063 IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. cpe:/a:ca:anti-spyware:2007 cpe:/a:ca:anti-spyware:2008 cpe:/a:ca:anti-spyware_for_the_enterprise:8.1 cpe:/a:ca:anti-spyware_for_the_enterprise:r8 cpe:/a:ca:anti-virus:2007:8 cpe:/a:ca:anti-virus:2008 cpe:/a:ca:anti-virus_for_the_enterprise:7.1 cpe:/a:ca:anti-virus_for_the_enterprise:8.1 cpe:/a:ca:anti-virus_for_the_enterprise:r8 cpe:/a:ca:anti-virus_sdk cpe:/a:ca:antivirus_gateway:7.1 cpe:/a:ca:arcserve_backup:r11.1:_nil_:linux cpe:/a:ca:arcserve_backup:r11.1:_nil_:windows cpe:/a:ca:arcserve_backup:r11.5_nil_:linux cpe:/a:ca:arcserve_backup:r11.5_nil_:windows cpe:/a:ca:arcserve_backup:r12.0_nil_:windows cpe:/a:ca:arcserve_client_agent:-::windows cpe:/a:ca:common_services:11 cpe:/a:ca:common_services:11.1 cpe:/a:ca:etrust_ez_antivirus:r6.1 cpe:/a:ca:etrust_ez_antivirus:r7 cpe:/a:ca:etrust_intrusion_detection:2.0:sp1 cpe:/a:ca:etrust_intrusion_detection:3.0 cpe:/a:ca:etrust_intrusion_detection:3.0:sp1 cpe:/a:ca:etrust_intrusion_detection:4.0 cpe:/a:ca:internet_security_suite_2007:3 cpe:/a:ca:internet_security_suite_2008 cpe:/a:ca:internet_security_suite_plus_2008 cpe:/a:ca:network_and_systems_management:r3.0 cpe:/a:ca:network_and_systems_management:r3.1 cpe:/a:ca:network_and_systems_management:r11 cpe:/a:ca:network_and_systems_management:r11.1 cpe:/a:ca:protection_suites:r2 cpe:/a:ca:protection_suites:r3 cpe:/a:ca:protection_suites:r3.1 cpe:/a:ca:secure_content_manager:8.0 cpe:/a:ca:secure_content_manager:8.1 cpe:/a:ca:threat_manager_for_the_enterprise:8.1 cpe:/a:ca:threat_manager_for_the_enterprise:r8 CVE-2009-0042 2009-01-27T20:30:00.453-05:00 2018-10-30T12:25:42.373-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx CONFIRM http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601 BUGTRAQ 20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities BID 33464 SECTRACK 1021639 VUPEN ADV-2009-0270 XF ca-antivirus-engine-security-bypass(48261) Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. cpe:/a:ca:service_level_management:3.5 cpe:/a:ca:service_metric_analysis:r11.0 cpe:/a:ca:service_metric_analysis:r11.1 cpe:/a:ca:service_metric_analysis:r11.1:sp1 CVE-2009-0043 2009-01-08T14:30:11.250-05:00 2018-10-11T16:59:46.967-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/07.aspx SREASON 4887 BUGTRAQ 20090107 CA20090107-01: CA Service Metric Analysis and CA Service Level Management smmsnmpd Arbitrary Command Execution Vulnerability BID 33161 VUPEN ADV-2009-0053 CONFIRM https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148 The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. cpe:/a:sun:grid_engine:5.3 cpe:/a:sun:grid_engine:5.3:beta1 cpe:/a:sun:grid_engine:5.3:beta2 CVE-2009-0046 2009-01-07T13:30:01.453-05:00 2018-10-11T16:59:47.437-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://www.ocert.org/advisories/ocert-2008-016.html BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses VUPEN ADV-2009-0045 Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. cpe:/a:gale:gale:0.15 cpe:/a:gale:gale:0.15b cpe:/a:gale:gale:0.15c cpe:/a:gale:gale:0.16 cpe:/a:gale:gale:0.16a cpe:/a:gale:gale:0.17 cpe:/a:gale:gale:0.17a cpe:/a:gale:gale:0.18 cpe:/a:gale:gale:0.18b cpe:/a:gale:gale:0.18c cpe:/a:gale:gale:0.19 cpe:/a:gale:gale:0.19a cpe:/a:gale:gale:0.19b cpe:/a:gale:gale:0.20a cpe:/a:gale:gale:0.21 cpe:/a:gale:gale:0.90a cpe:/a:gale:gale:0.90b cpe:/a:gale:gale:0.90c cpe:/a:gale:gale:0.91 cpe:/a:gale:gale:0.91a cpe:/a:gale:gale:0.91b cpe:/a:gale:gale:0.99 CVE-2009-0047 2009-01-07T13:30:13.280-05:00 2018-10-11T16:59:47.700-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://www.ocert.org/advisories/ocert-2008-016.html BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses VUPEN ADV-2009-0046 Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. cpe:/a:openevidence:openevidence:1.0.5 cpe:/a:openevidence:openevidence:1.0.6 CVE-2009-0048 2009-01-07T13:30:15.827-05:00 2018-10-11T16:59:47.983-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://www.ocert.org/advisories/ocert-2008-016.html BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses VUPEN ADV-2009-0047 OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. cpe:/a:eid:eidlib:2.6.0 CVE-2009-0049 2009-01-07T13:30:15.843-05:00 2018-10-11T16:59:48.310-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov SUSE SUSE-SR:2009:005 MISC http://www.ocert.org/advisories/ocert-2008-016.html BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. cpe:/a:entrouvert:lasso:1.9.9.0 cpe:/a:entrouvert:lasso:2.0.0-1 cpe:/a:entrouvert:lasso:2.2.1-0 CVE-2009-0050 2009-01-07T13:30:15.860-05:00 2018-10-11T16:59:48.640-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov MISC http://www.ocert.org/advisories/ocert-2008-016.html BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses XF openssl-dsa-verify-security-bypass(47837) Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:zxid:zxid:0.1 cpe:/a:zxid:zxid:0.2 cpe:/a:zxid:zxid:0.3 cpe:/a:zxid:zxid:0.4 cpe:/a:zxid:zxid:0.5 cpe:/a:zxid:zxid:0.6 cpe:/a:zxid:zxid:0.7 cpe:/a:zxid:zxid:0.8 cpe:/a:zxid:zxid:0.9 cpe:/a:zxid:zxid:0.10 cpe:/a:zxid:zxid:0.11 cpe:/a:zxid:zxid:0.12 cpe:/a:zxid:zxid:0.13 cpe:/a:zxid:zxid:0.14 cpe:/a:zxid:zxid:0.15 cpe:/a:zxid:zxid:0.16 cpe:/a:zxid:zxid:0.17 cpe:/a:zxid:zxid:0.18 cpe:/a:zxid:zxid:0.19 cpe:/a:zxid:zxid:0.20 cpe:/a:zxid:zxid:0.21 cpe:/a:zxid:zxid:0.22 cpe:/a:zxid:zxid:0.25 cpe:/a:zxid:zxid:0.26 cpe:/a:zxid:zxid:0.27 cpe:/a:zxid:zxid:0.28 cpe:/a:zxid:zxid:0.29 CVE-2009-0051 2009-01-07T13:30:15.890-05:00 2018-10-11T16:59:48.983-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://www.ocert.org/advisories/ocert-2008-016.html BUGTRAQ 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses XF openssl-dsa-verify-security-bypass(47837) ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:netgear:wndap330_firmware:2.1.11 cpe:/h:atheros:ar9160-bc1a_chipset CVE-2009-0052 2009-11-12T18:30:00.577-05:00 2018-10-11T16:59:49.343-04:00 5.5 ADJACENT_NETWORK LOW SINGLE_INSTANCE NONE NONE COMPLETE http://nvd.nist.gov BUGTRAQ 20091110 Atheros Driver Reserved Frame Vulnerability BID 36991 VUPEN ADV-2009-3212 XF netgear-wndap330-frame-dos(54216) The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame. cpe:/h:cisco:ironport_encryption_appliance:6.2.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.4.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.6 cpe:/h:cisco:ironport_encryption_appliance:6.2.7 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.2 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.6 cpe:/h:cisco:ironport_encryption_appliance:6.3 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.2 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.3 cpe:/h:cisco:ironport_encryption_appliance:6.5 cpe:/h:cisco:ironport_encryption_appliance:6.5.0.1 cpe:/h:cisco:ironport_postx:6.2.1 cpe:/h:cisco:ironport_postx:6.2.2 cpe:/h:cisco:ironport_postx:6.2.2.1 cpe:/h:cisco:ironport_postx:6.2.2.2 CVE-2009-0053 2009-01-16T16:30:03.407-05:00 2011-03-07T22:17:49.813-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov SECTRACK 1021593 CISCO 20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities BID 33268 VUPEN ADV-2009-0140 PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error." cpe:/h:cisco:ironport_encryption_appliance:6.2.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.4.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.6 cpe:/h:cisco:ironport_encryption_appliance:6.2.7 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.2 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.6 cpe:/h:cisco:ironport_encryption_appliance:6.3 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.2 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.3 cpe:/h:cisco:ironport_encryption_appliance:6.5 cpe:/h:cisco:ironport_encryption_appliance:6.5.0.1 cpe:/h:cisco:ironport_postx:6.2.1 cpe:/h:cisco:ironport_postx:6.2.2 cpe:/h:cisco:ironport_postx:6.2.2.1 cpe:/h:cisco:ironport_postx:6.2.2.2 CVE-2009-0054 2009-01-16T16:30:03.437-05:00 2011-03-07T22:17:49.923-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov SECTRACK 1021593 CISCO 20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities BID 33268 VUPEN ADV-2009-0140 PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message. cpe:/h:cisco:ironport_encryption_appliance:6.2.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.4.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.6 cpe:/h:cisco:ironport_encryption_appliance:6.2.7 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.2 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.6 cpe:/h:cisco:ironport_encryption_appliance:6.3 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.2 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.3 cpe:/h:cisco:ironport_encryption_appliance:6.5 cpe:/h:cisco:ironport_encryption_appliance:6.5.0.1 cpe:/h:cisco:ironport_postx:6.2.1 cpe:/h:cisco:ironport_postx:6.2.2 cpe:/h:cisco:ironport_postx:6.2.2.1 cpe:/h:cisco:ironport_postx:6.2.2.2 CVE-2009-0055 2009-01-16T16:30:03.453-05:00 2011-03-07T22:17:50.017-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SECTRACK 1021594 CISCO 20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities BID 33268 VUPEN ADV-2009-0140 Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors. cpe:/h:cisco:ironport_encryption_appliance:6.2.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.4.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.6 cpe:/h:cisco:ironport_encryption_appliance:6.2.7 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.1 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.2 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.3 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.4 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.5 cpe:/h:cisco:ironport_encryption_appliance:6.2.7.6 cpe:/h:cisco:ironport_encryption_appliance:6.3 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.1 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.2 cpe:/h:cisco:ironport_encryption_appliance:6.3.0.3 cpe:/h:cisco:ironport_encryption_appliance:6.5 cpe:/h:cisco:ironport_encryption_appliance:6.5.0.1 cpe:/h:cisco:ironport_postx:6.2.1 cpe:/h:cisco:ironport_postx:6.2.2 cpe:/h:cisco:ironport_postx:6.2.2.1 cpe:/h:cisco:ironport_postx:6.2.2.2 CVE-2009-0056 2009-01-16T16:30:03.467-05:00 2011-03-07T22:17:50.127-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SECTRACK 1021594 CISCO 20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities BID 33268 VUPEN ADV-2009-0140 Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action. cpe:/a:cisco:unified_communications_manager:5.0 cpe:/a:cisco:unified_communications_manager:5.0_1 cpe:/a:cisco:unified_communications_manager:5.0_2 cpe:/a:cisco:unified_communications_manager:5.0_3 cpe:/a:cisco:unified_communications_manager:5.0_3a cpe:/a:cisco:unified_communications_manager:5.0_4 cpe:/a:cisco:unified_communications_manager:5.0_4a cpe:/a:cisco:unified_communications_manager:5.0_4a_su1 cpe:/a:cisco:unified_communications_manager:5.1 cpe:/a:cisco:unified_communications_manager:5.1:%281%29 cpe:/a:cisco:unified_communications_manager:5.1:%282%29 cpe:/a:cisco:unified_communications_manager:5.1:%282a%29 cpe:/a:cisco:unified_communications_manager:5.1:%282b%29 cpe:/a:cisco:unified_communications_manager:5.1:%283a%29 cpe:/a:cisco:unified_communications_manager:5.1:5.1%281%29 cpe:/a:cisco:unified_communications_manager:5.1:5.1_%282a%29 cpe:/a:cisco:unified_communications_manager:5.1%281%29 cpe:/a:cisco:unified_communications_manager:5.1%282%29 cpe:/a:cisco:unified_communications_manager:5.1%283c%29 cpe:/a:cisco:unified_communications_manager:5.1.2 cpe:/a:cisco:unified_communications_manager:5.1_%282a%29 cpe:/a:cisco:unified_communications_manager:5.1_1 cpe:/a:cisco:unified_communications_manager:5.1_2 cpe:/a:cisco:unified_communications_manager:5.1_2a cpe:/a:cisco:unified_communications_manager:5.1_2b cpe:/a:cisco:unified_communications_manager:5.1_3a cpe:/a:cisco:unified_communications_manager:6.0 cpe:/a:cisco:unified_communications_manager:6.0:%281%29 cpe:/a:cisco:unified_communications_manager:6.0:%281a%29 cpe:/a:cisco:unified_communications_manager:6.0_1 cpe:/a:cisco:unified_communications_manager:6.0_1a cpe:/a:cisco:unified_communications_manager:6.1 cpe:/a:cisco:unified_communications_manager:6.1:%281a%29 cpe:/a:cisco:unified_communications_manager:6.1%282%29 cpe:/a:cisco:unified_communications_manager:6.1.0 cpe:/a:cisco:unified_communications_manager:6.1_1a CVE-2009-0057 2009-01-22T13:30:03.813-05:00 2017-08-07T21:33:47.063-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov CISCO 20090121 Cisco Unified Communications Manager CAPF Denial of Service Vulnerability BID 33379 SECTRACK 1021620 VUPEN ADV-2009-0213 XF cucm-capf-dos-var1(48139) The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely." cpe:/h:cisco:4400_wireless_lan_controller:4.1 cpe:/h:cisco:4400_wireless_lan_controller:4.2 cpe:/h:cisco:4400_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:5.2 cpe:/o:cisco:wireless_lan_controller_software:4.1 cpe:/o:cisco:wireless_lan_controller_software:4.2 cpe:/o:cisco:wireless_lan_controller_software:5.2 CVE-2009-0058 2009-02-04T19:30:00.267-05:00 2018-10-30T12:25:50.030-04:00 6.1 ADJACENT_NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CISCO 20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers BID 33608 SECTRACK 1021679 The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner. cpe:/h:cisco:4400_wireless_lan_controller:4.1 cpe:/h:cisco:4400_wireless_lan_controller:4.2 cpe:/h:cisco:4400_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:5.2 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:5.2 cpe:/o:cisco:wireless_lan_controller_software:4.1 cpe:/o:cisco:wireless_lan_controller_software:4.2 cpe:/o:cisco:wireless_lan_controller_software:5.2 CVE-2009-0059 2009-02-04T19:30:00.280-05:00 2018-10-30T12:25:50.030-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CISCO 20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers BID 33608 SECTRACK 1021679 The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html. cpe:/h:cisco:4400_wireless_lan_controller:4.1 cpe:/h:cisco:4400_wireless_lan_controller:4.2 cpe:/h:cisco:4400_wireless_lan_controller:5.0 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:5.0 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:5.0 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.1 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_7600_series_wireless_lan_controller:5.0 cpe:/o:cisco:wireless_lan_controller_software:4.1 cpe:/o:cisco:wireless_lan_controller_software:4.2 cpe:/o:cisco:wireless_lan_controller_software:5.0 CVE-2009-0061 2009-02-04T19:30:00.297-05:00 2018-10-30T12:25:58.780-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CISCO 20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers BID 33608 SECTRACK 1021679 Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets. cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2 cpe:/h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2.173.0 cpe:/h:cisco:catalyst_6500_wireless_services_modules:4.2 cpe:/h:cisco:catalyst_6500_wireless_services_modules:4.2.173.0 cpe:/o:cisco:wireless_lan_controller_software:4.2 cpe:/o:cisco:wireless_lan_controller_software:4.2.173.0 CVE-2009-0062 2009-02-04T19:30:00.327-05:00 2018-10-30T12:25:59.187-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CISCO 20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers BID 33608 SECTRACK 1021678 Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels. cpe:/h:symantec:brightmail_gateway_appliance:7.5 cpe:/h:symantec:brightmail_gateway_appliance:7.6 cpe:/h:symantec:brightmail_gateway_appliance:7.7 cpe:/h:symantec:brightmail_gateway_appliance:8.0 CVE-2009-0063 2009-04-24T11:30:00.187-04:00 2017-08-07T21:33:47.140-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SECTRACK 1022116 BID 34641 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01 VUPEN ADV-2009-1155 XF brightmail-controlcenter-xss(50074) Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. cpe:/h:symantec:brightmail_gateway_appliance:7.5 cpe:/h:symantec:brightmail_gateway_appliance:7.6 cpe:/h:symantec:brightmail_gateway_appliance:7.7 cpe:/h:symantec:brightmail_gateway_appliance:8.0 CVE-2009-0064 2009-04-24T11:30:00.203-04:00 2017-08-07T21:33:47.187-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SECTRACK 1022117 BID 34639 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01 VUPEN ADV-2009-1155 XF brightmail-consolescripts-priv-escalation(50075) Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions. cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.27 CVE-2009-0065 2009-01-07T14:30:00.280-05:00 2017-09-28T21:33:36.043-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95 HP HPSBNS02449 SUSE SUSE-SA:2009:010 SUSE SUSE-SA:2009:030 SUSE SUSE-SA:2009:031 CONFIRM http://patchwork.ozlabs.org/patch/15024/ REDHAT RHSA-2009:0264 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm DEBIAN DSA-1749 DEBIAN DSA-1787 DEBIAN DSA-1794 MLIST [oss-security] 20090105 CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID REDHAT RHSA-2009:0053 REDHAT RHSA-2009:0331 REDHAT RHSA-2009:1055 BID 33113 SECTRACK 1022698 UBUNTU USN-751-1 VUPEN ADV-2009-0029 VUPEN ADV-2009-2193 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=478800 FEDORA FEDORA-2009-0816 Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. cpe:/a:intel:trusted_execution_technology:_nil_ CVE-2009-0066 2009-01-07T14:30:00.297-05:00 2009-01-08T00:00:00.000-05:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-08T08:52:00.000-05:00 ALLOWS_ADMIN_ACCESS MISC http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Wojtczuk MISC http://invisiblethingslab.com/press/itl-press-2009-01.pdf MISC http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution.html BID 33119 Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. cpe:/a:freedesktop:xdg-utils:1.0 CVE-2009-0068 2009-01-07T14:30:00.313-05:00 2009-02-10T01:59:42.920-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MLIST [oss-security] 20090106 Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) BID 33137 MISC https://bugs.freedesktop.org/show_bug.cgi?id=19377 Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file. cpe:/o:sun:opensolaris:snv_01::sparc cpe:/o:sun:opensolaris:snv_01::x86 cpe:/o:sun:opensolaris:snv_02::sparc cpe:/o:sun:opensolaris:snv_02::x86 cpe:/o:sun:opensolaris:snv_03::sparc cpe:/o:sun:opensolaris:snv_03::x86 cpe:/o:sun:opensolaris:snv_04::sparc cpe:/o:sun:opensolaris:snv_04::x86 cpe:/o:sun:opensolaris:snv_05::sparc cpe:/o:sun:opensolaris:snv_05::x86 cpe:/o:sun:opensolaris:snv_06::sparc cpe:/o:sun:opensolaris:snv_06::x86 cpe:/o:sun:opensolaris:snv_07::sparc cpe:/o:sun:opensolaris:snv_07::x86 cpe:/o:sun:opensolaris:snv_08::sparc cpe:/o:sun:opensolaris:snv_08::x86 cpe:/o:sun:opensolaris:snv_09::sparc cpe:/o:sun:opensolaris:snv_09::x86 cpe:/o:sun:opensolaris:snv_10::sparc cpe:/o:sun:opensolaris:snv_10::x86 cpe:/o:sun:opensolaris:snv_11::sparc cpe:/o:sun:opensolaris:snv_11::x86 cpe:/o:sun:opensolaris:snv_12::sparc cpe:/o:sun:opensolaris:snv_12::x86 cpe:/o:sun:opensolaris:snv_13::sparc cpe:/o:sun:opensolaris:snv_13::x86 cpe:/o:sun:opensolaris:snv_14::sparc cpe:/o:sun:opensolaris:snv_14::x86 cpe:/o:sun:opensolaris:snv_15::sparc cpe:/o:sun:opensolaris:snv_15::x86 cpe:/o:sun:opensolaris:snv_16::sparc cpe:/o:sun:opensolaris:snv_16::x86 cpe:/o:sun:opensolaris:snv_17::sparc cpe:/o:sun:opensolaris:snv_17::x86 cpe:/o:sun:opensolaris:snv_18::sparc cpe:/o:sun:opensolaris:snv_18::x86 cpe:/o:sun:opensolaris:snv_19::sparc cpe:/o:sun:opensolaris:snv_19::x86 cpe:/o:sun:opensolaris:snv_20::sparc cpe:/o:sun:opensolaris:snv_20::x86 cpe:/o:sun:opensolaris:snv_21::sparc cpe:/o:sun:opensolaris:snv_21::x86 cpe:/o:sun:opensolaris:snv_22::sparc cpe:/o:sun:opensolaris:snv_22::x86 cpe:/o:sun:opensolaris:snv_23::sparc cpe:/o:sun:opensolaris:snv_23::x86 cpe:/o:sun:opensolaris:snv_24::sparc cpe:/o:sun:opensolaris:snv_24::x86 cpe:/o:sun:opensolaris:snv_25::sparc cpe:/o:sun:opensolaris:snv_25::x86 cpe:/o:sun:opensolaris:snv_26::sparc cpe:/o:sun:opensolaris:snv_26::x86 cpe:/o:sun:opensolaris:snv_27::sparc cpe:/o:sun:opensolaris:snv_27::x86 cpe:/o:sun:opensolaris:snv_28::sparc cpe:/o:sun:opensolaris:snv_28::x86 cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_104::sparc cpe:/o:sun:solaris:10::sparc cpe:/o:sun:solaris:10::x86 CVE-2009-0069 2009-01-07T15:30:00.467-05:00 2017-08-07T21:33:47.267-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov MLIST [onnv-notify] 20081021 6300710 recursive mutex_enter in nfs4rename_persistent_fh() CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-139466-02-1 SUNALERT 248566 BID 33128 SECTRACK 1021519 VUPEN ADV-2009-0030 XF solaris-nfs4client-dos(47750) Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client in the kernel in Sun Solaris 10 and OpenSolaris before snv_102 allows local users to cause a denial of service (recursive mutex_enter and panic) via unspecified vectors. cpe:/a:apple:safari CVE-2009-0070 2009-01-08T14:30:11.280-05:00 2017-09-28T21:33:36.120-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS XF safari-array-memory-disclosure(48214) EXPLOIT-DB 7673 Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307. cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 CVE-2009-0071 2009-01-08T14:30:11.297-05:00 2017-09-28T21:33:36.183-04:00 2.6 NETWORK HIGH NONE NONE NONE PARTIAL http://nvd.nist.gov FULLDISC 20090107 Firefox 3.0.5 remote vulnerability via queryCommandState FULLDISC 20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState FULLDISC 20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState BID 33154 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=448329 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=456727 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=472507 EXPLOIT-DB 8091 EXPLOIT-DB 8219 Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected. cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:internet_explorer:6:sp1 cpe:/a:microsoft:internet_explorer:6:sp2 cpe:/a:microsoft:internet_explorer:7 cpe:/a:microsoft:internet_explorer:8:beta1 cpe:/a:microsoft:internet_explorer:8:beta2 CVE-2009-0072 2009-01-08T14:30:11.313-05:00 2017-08-07T21:33:47.390-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov MISC http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details/ BID 33149 XF ie-javascript-screen-dos(47788) Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. CVE-2009-0073 2017-05-11T10:29:09.027-04:00 2017-05-11T10:29:09.027-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none. CVE-2009-0074 2017-05-11T10:29:09.043-04:00 2017-05-11T10:29:09.043-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none. cpe:/a:microsoft:internet_explorer:7 CVE-2009-0075 2009-02-10T17:30:00.250-05:00 2019-02-27T09:07:54.350-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2019-02-26T14:44:29.160-05:00 BID 33627 CERT TA09-041A VUPEN ADV-2009-0389 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-011/ MS MS09-002 EXPLOIT-DB 8077 EXPLOIT-DB 8079 EXPLOIT-DB 8080 EXPLOIT-DB 8082 Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." cpe:/a:microsoft:internet_explorer:7 CVE-2009-0076 2009-02-10T17:30:00.267-05:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CERT TA09-041A VUPEN ADV-2009-0389 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-012/ MS MS09-002 Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." cpe:/a:microsoft:forefront_threat_management_gateway:-:-:medium_business cpe:/a:microsoft:internet_security_and_acceleration_server:2004:sp3:enterprise cpe:/a:microsoft:internet_security_and_acceleration_server:2004:sp3:standard cpe:/a:microsoft:internet_security_and_acceleration_server:2006:sp1 cpe:/a:microsoft:internet_security_and_acceleration_server:2006:supportability CVE-2009-0077 2009-04-15T04:00:00.267-04:00 2018-10-12T17:49:23.657-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov SECTRACK 1022045 CERT TA09-104A VUPEN ADV-2009-1030 MS MS09-016 The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability." cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::32_bit cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_xp:::pro_x64 cpe:/o:microsoft:windows_xp::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:pro_x64 CVE-2009-0078 2009-04-15T04:00:00.327-04:00 2019-02-26T09:04:00.993-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SECTRACK 1022044 CERT TA09-104A VUPEN ADV-2009-1026 MS MS09-012 The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp:::pro_x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0079 2009-04-15T04:00:00.377-04:00 2019-02-26T09:04:00.993-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SECTRACK 1022044 CERT TA09-104A VUPEN ADV-2009-1026 MS MS09-012 The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." cpe:/o:microsoft:windows_server:2008:-:itanium cpe:/o:microsoft:windows_server:2008:-:x32 cpe:/o:microsoft:windows_server:2008:-:x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 CVE-2009-0080 2009-04-15T04:00:00.407-04:00 2018-10-12T17:49:25.987-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SECTRACK 1022044 CERT TA09-104A VUPEN ADV-2009-1026 MS MS09-012 The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0081 2009-03-10T16:30:00.343-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid= BID 34012 SECTRACK 1021826 CERT TA09-069A VUPEN ADV-2009-0659 MS MS09-006 The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0082 2009-03-10T16:30:01.483-04:00 2019-02-26T09:04:00.993-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid= BID 34027 SECTRACK 1021827 CERT TA09-069A VUPEN ADV-2009-0659 MS MS09-006 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0083 2009-03-10T16:30:06.500-04:00 2019-02-26T09:04:00.993-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid= BID 34025 SECTRACK 1021827 CERT TA09-069A VUPEN ADV-2009-0659 MS MS09-006 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." cpe:/a:microsoft:directx:8.1 cpe:/a:microsoft:directx:9.0 cpe:/a:microsoft:directx:9.0a cpe:/a:microsoft:directx:9.0b cpe:/a:microsoft:directx:9.0c CVE-2009-0084 2009-04-15T04:00:00.420-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm MISC http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt BID 34460 SECTRACK 1022040 CERT TA09-104A VUPEN ADV-2009-1025 MS MS09-011 Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0085 2009-03-10T16:30:06.530-04:00 2019-02-26T09:04:00.993-05:00 7.1 NETWORK MEDIUM NONE NONE COMPLETE NONE http://nvd.nist.gov SECTRACK 1021828 CERT TA09-069A VUPEN ADV-2009-0660 MS MS09-007 The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::32_bit cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0086 2009-04-15T04:00:00.453-04:00 2019-02-26T09:04:00.993-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 34435 SECTRACK 1022041 CERT TA09-104A VUPEN ADV-2009-1027 MS MS09-013 Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." cpe:/a:microsoft:office_word:2000:sp3 cpe:/a:microsoft:office_word:2002:sp3 cpe:/o:microsoft:windows_2000:-:sp4 cpe:/o:microsoft:windows_2003_server:::~~~~x64~ cpe:/o:microsoft:windows_2003_server::sp1 cpe:/o:microsoft:windows_2003_server::sp1:~~~~itanium~ cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:~~~~itanium~ cpe:/o:microsoft:windows_2003_server::sp2:~~~~x64~ cpe:/o:microsoft:windows_xp:::~~~~x64~ cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:~~~~x64~ cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0087 2009-04-15T04:00:00.467-04:00 2018-10-30T12:25:57.450-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SECTRACK 1022043 CERT TA09-104A VUPEN ADV-2009-1024 MS MS09-010 Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability." cpe:/a:microsoft:office_converter_pack:2003 cpe:/a:microsoft:office_word:2000:sp3 cpe:/a:microsoft:office_word:2002:sp3 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp:::pro_x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0088 2009-04-15T04:00:00.483-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS IDEFENSE 20090414 Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability SECTRACK 1022043 CERT TA09-104A VUPEN ADV-2009-1024 MS MS09-010 The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::gold cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_xp:::pro_x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0089 2009-04-15T04:00:00.517-04:00 2019-02-26T09:04:00.993-05:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov BID 34437 SECTRACK 1022041 CERT TA09-104A VUPEN ADV-2009-1027 MS MS09-013 Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." cpe:/a:microsoft:.net_framework:1.0:sp3 cpe:/a:microsoft:.net_framework:1.1:sp1 cpe:/a:microsoft:.net_framework:2.0 cpe:/a:microsoft:.net_framework:2.0:sp1 cpe:/a:microsoft:.net_framework:2.0:sp2 cpe:/a:microsoft:.net_framework:3.5 cpe:/a:microsoft:.net_framework:3.5:sp1 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:itanium cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:-:sp2:x86 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64 CVE-2009-0090 2009-10-14T06:30:00.420-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CERT TA09-286A MS MS09-061 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." cpe:/a:microsoft:.net_framework:1.0:sp3 cpe:/a:microsoft:.net_framework:1.1:sp1 cpe:/a:microsoft:.net_framework:2.0 cpe:/a:microsoft:.net_framework:2.0:sp1 cpe:/a:microsoft:.net_framework:2.0:sp2 cpe:/a:microsoft:.net_framework:3.5 cpe:/a:microsoft:.net_framework:3.5:sp1 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:itanium cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:-:sp2:x86 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64 CVE-2009-0091 2009-10-14T06:30:00.483-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CERT TA09-286A MS MS09-061 Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." CVE-2009-0092 2017-05-11T10:29:09.073-04:00 2017-05-11T10:29:09.073-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none. cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::x64 CVE-2009-0093 2009-03-11T10:19:15.233-04:00 2019-02-26T09:04:00.993-05:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov MISC http://blog.ncircle.com/blogs/vert/archives/2009/03/successful_exploit_renders_mic.html CONFIRM http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm BID 33989 SECTRACK 1021830 CERT TA09-069A VUPEN ADV-2009-0661 MS MS09-008 Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::x64 CVE-2009-0094 2009-03-11T10:19:15.250-04:00 2019-02-26T09:04:00.993-05:00 5.5 NETWORK LOW SINGLE_INSTANCE NONE PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm BID 34013 SECTRACK 1021829 CERT TA09-069A VUPEN ADV-2009-0661 MS MS09-008 The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. cpe:/a:microsoft:visio:2002:sp2 cpe:/a:microsoft:visio:2003:sp3 cpe:/a:microsoft:visio:2007:sp1 CVE-2009-0095 2009-02-10T17:30:00.280-05:00 2018-10-12T17:49:39.817-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CERT TA09-041A VUPEN ADV-2009-0391 MS MS09-005 Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." cpe:/a:microsoft:visio:2002:sp2 cpe:/a:microsoft:visio:2003:sp3 cpe:/a:microsoft:visio:2007:sp1 CVE-2009-0096 2009-02-10T17:30:00.313-05:00 2018-10-12T17:49:40.330-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CERT TA09-041A VUPEN ADV-2009-0391 MS MS09-005 Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." cpe:/a:microsoft:visio:2002:sp2 cpe:/a:microsoft:visio:2003:sp3 cpe:/a:microsoft:visio:2007:sp1 CVE-2009-0097 2009-02-10T17:30:00.327-05:00 2018-10-12T17:49:40.923-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CERT TA09-041A VUPEN ADV-2009-0391 MS MS09-005 Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/a:microsoft:exchange_server:2007:sp1 CVE-2009-0098 2009-02-10T17:30:00.343-05:00 2018-10-12T17:49:41.410-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CERT TA09-041A MS MS09-003 Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/a:microsoft:exchange_server:2007:sp1 CVE-2009-0099 2009-02-10T17:30:00.377-05:00 2018-10-12T17:49:42.017-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CERT TA09-041A MS MS09-003 The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1 cpe:/a:microsoft:office_excel:2000:sp3 cpe:/a:microsoft:office_excel:2002:sp3 cpe:/a:microsoft:office_excel:2003:sp3 cpe:/a:microsoft:office_excel:2007:sp1 cpe:/a:microsoft:office_excel_viewer cpe:/a:microsoft:office_excel_viewer:2003:sp3 CVE-2009-0100 2009-04-15T04:00:00.530-04:00 2018-10-12T17:49:42.533-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://www.fortiguardcenter.com/advisory/FGA-2009-16.html BUGTRAQ 20090415 Microsoft Office Excel Remote Memory Corruption Vulnerability SECTRACK 1022039 CERT TA09-104A VUPEN ADV-2009-1023 MS MS09-009 Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability." CVE-2009-0101 2017-05-11T10:29:09.090-04:00 2017-05-11T10:29:09.090-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none. cpe:/a:microsoft:office_project:2007:sp1 cpe:/a:microsoft:office_project:2007:sp2 cpe:/a:microsoft:project_portfolio_server:2007:sp1 cpe:/a:microsoft:project_portfolio_server:2007:sp2 cpe:/a:microsoft:project_server:2003:sp3 cpe:/a:microsoft:project_server:2007:sp1 cpe:/a:microsoft:project_server:2007:sp2 CVE-2009-0102 2009-12-09T13:30:00.203-05:00 2018-10-12T17:49:43.643-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CERT TA09-342A MS MS09-074 Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." cpe:/a:playsms:playsms:0.9.3 CVE-2009-0103 2009-01-09T13:30:03.047-05:00 2017-09-28T21:33:38.060-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SREASON 4888 BID 33138 EXPLOIT-DB 7687 Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php. cpe:/a:se-ed:ezpack:4.2:beta2 CVE-2009-0104 2009-01-09T13:30:03.063-05:00 2017-09-28T21:33:38.120-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SREASON 4890 BID 33131 EXPLOIT-DB 7680 SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action. cpe:/a:se-ed:ezpack:4.2:beta2 CVE-2009-0105 2009-01-09T13:30:03.077-05:00 2017-09-28T21:33:38.217-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SREASON 4890 BID 33131 EXPLOIT-DB 7680 Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action. cpe:/a:phpauctions:phpauctions:_nil_ CVE-2009-0106 2009-01-09T13:30:03.093-05:00 2017-10-18T21:30:16.863-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33115 XF phpauctions-profile-sql-injection(43264) EXPLOIT-DB 7672 SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter. cpe:/a:phpauctions:phpauctions:_nil_ CVE-2009-0107 2009-01-09T13:30:03.127-05:00 2017-10-18T21:30:16.927-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33115 EXPLOIT-DB 7672 Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. cpe:/a:phpauctions:phpauctions:_nil_ CVE-2009-0108 2009-01-09T13:30:03.140-05:00 2017-09-28T21:33:38.277-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SREASON 4891 BID 33120 EXPLOIT-DB 7674 PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. cpe:/a:riotpix:riotpix:.05 cpe:/a:riotpix:riotpix:0.5 cpe:/a:riotpix:riotpix:0.51:beta cpe:/a:riotpix:riotpix:0.52 cpe:/a:riotpix:riotpix:0.60 cpe:/a:riotpix:riotpix:0.61 CVE-2009-0109 2009-01-09T13:30:03.157-05:00 2017-09-28T21:33:38.323-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SREASON 4892 BID 33132 EXPLOIT-DB 7682 SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. cpe:/a:riotpix:riotpix:.05 cpe:/a:riotpix:riotpix:0.5 cpe:/a:riotpix:riotpix:0.51:beta cpe:/a:riotpix:riotpix:0.52 cpe:/a:riotpix:riotpix:0.60 cpe:/a:riotpix:riotpix:0.61 CVE-2009-0110 2009-01-09T13:30:03.170-05:00 2017-09-28T21:33:38.370-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SREASON 4893 BID 33129 EXPLOIT-DB 7679 SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. cpe:/a:goople_cms:goople_cms:1.8.2 CVE-2009-0111 2009-01-09T13:30:03.203-05:00 2017-09-28T21:33:38.433-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SREASON 4894 BID 33135 EXPLOIT-DB 7683 SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. cpe:/a:expinion:poll_pro:3.0 CVE-2009-0112 2009-01-09T13:30:03.217-05:00 2017-08-07T21:33:47.500-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BUGTRAQ 20090103 PollPro 3.0 XSRF VuLn SREASON 4895 XF pollpro-unspecified-csrf(47754) Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. cpe:/a:joomla:xstandard CVE-2009-0113 2009-01-09T13:30:03.233-05:00 2017-09-28T21:33:38.497-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov SREASON 4896 BID 33143 EXPLOIT-DB 7691 Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. cpe:/a:adobe:air:1.5 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:7.0.63::linux cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8.0::basic cpe:/a:adobe:flash_player:8.0::pro cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:cs3::pro cpe:/a:adobe:flash_player:cs4::pro cpe:/a:adobe:flash_player_for_linux:10.0.15.3 cpe:/a:adobe:flex:3.0 CVE-2009-0114 2009-02-26T11:17:19.797-05:00 2017-09-28T21:33:38.573-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov MISC http://isc.sans.org/diary.html?storyid=5929 APPLE APPLE-SA-2009-05-12 GENTOO GLSA-200903-23 SECTRACK 1021751 SUNALERT 254909 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-01.html CERT TA09-133A VUPEN ADV-2009-0513 VUPEN ADV-2009-0743 VUPEN ADV-2009-1297 XF flash-settings-manager-click-hijacking(48902) Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." cpe:/a:christophe.varoqui:multipath-tools:0.4.8 CVE-2009-0115 2009-03-30T12:30:00.343-04:00 2017-09-28T21:33:38.637-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 MISC http://launchpad.net/bugs/cve/2009-0115 SUSE SUSE-SR:2009:007 SUSE SUSE-SR:2009:008 MLIST [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm DEBIAN DSA-1767 VUPEN ADV-2010-0528 FEDORA FEDORA-2009-3449 FEDORA FEDORA-2009-3453 The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0119 2009-01-14T18:30:04.377-05:00 2017-09-28T21:33:38.700-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SREASON 4912 BID 33204 EXPLOIT-DB 7720 Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. cpe:/h:ibm:websphere_datapower_xml_security_gateway_xs40:3.6.1.5 CVE-2009-0120 2009-01-14T19:30:00.280-05:00 2018-10-11T16:59:50.640-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov SREASON 4911 BUGTRAQ 20090108 [IBM Datapower XS40] Denial of Service BID 33169 SECTRACK 1021547 VUPEN ADV-2009-0111 The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. cpe:/a:goople_cms:goople_cms:1.8.2 CVE-2009-0121 2009-01-14T19:30:00.327-05:00 2009-01-15T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-15T11:05:00.000-05:00 ALLOWS_OTHER_ACCESS SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:hp:hplip:2.7.7 cpe:/a:hp:hplip:2.8.2 CVE-2009-0122 2009-01-15T12:30:00.483-05:00 2009-01-31T01:54:38.047-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33249 UBUNTU USN-708-1 CONFIRM https://launchpad.net/bugs/191299 hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories. cpe:/a:apple:safari CVE-2009-0123 2009-01-15T12:30:00.500-05:00 2017-08-07T21:33:47.640-04:00 7.1 NETWORK MEDIUM NONE COMPLETE NONE NONE http://nvd.nist.gov MISC http://brian.mastenbrook.net/display/27 MISC http://isc.sans.org/diary.html?storyid=5689 BID 33234 SECTRACK 1021581 XF safari-rss-feed-info-disclosure(47917) Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. cpe:/a:arrl:tqsllib:2.0 CVE-2009-0124 2009-01-15T12:30:00.530-05:00 2009-02-06T02:05:51.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479650 FEDORA FEDORA-2009-0543 The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:finkproject:libnasl:2.2.11 CVE-2009-0125 2009-01-15T12:30:00.547-05:00 2009-02-10T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T10:42:00.000-05:00 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511517 CONFIRM http://cvs.fedoraproject.org/viewvc/rpms/libnasl/F-10/libnasl.spec?r1=1.16&r2=1.17 SUSE SUSE-SR:2009:003 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto VIM 20090120 CVE-2009-0125 (fwd) CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479655 ** DISPUTED ** NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification." cpe:/a:berkeley:boinc_client:6.2.14 cpe:/a:berkeley:boinc_client:6.4.5 CVE-2009-0126 2009-01-15T12:30:00.563-05:00 2009-03-06T01:49:14.547-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://boinc.berkeley.edu/trac/changeset/16883 CONFIRM http://boinc.berkeley.edu/trac/ticket/823 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521 SUSE SUSE-SR:2009:003 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479664 FEDORA FEDORA-2009-0578 The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:heikki_toivonen:m2crypto:- CVE-2009-0127 2009-01-15T12:30:00.577-05:00 2016-05-13T13:09:07.033-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2016-05-11T12:04:40.137-04:00 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto MISC https://bugzilla.redhat.com/show_bug.cgi?id=479676 ** DISPUTED ** M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto." cpe:/a:llnl:slurm:_nil_ CVE-2009-0128 2009-01-15T12:30:00.610-05:00 2009-01-16T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T11:26:00.000-05:00 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511511 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:perl-openssl:libcrypt-openssl-dsa-perl:_nil_ CVE-2009-0129 2009-01-15T12:30:00.627-05:00 2009-01-16T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T11:33:00.000-05:00 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. cpe:/a:erlang:erlang:_nil_ CVE-2009-0130 2009-01-15T12:30:00.640-05:00 2009-01-16T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-01-16T11:37:00.000-05:00 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520 MLIST [oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto ** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid." cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90::x86 CVE-2009-0131 2009-01-15T12:30:00.657-05:00 2009-02-05T01:53:13.453-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://bugs.opensolaris.org/view_bug.do?bug_id=6711995 SUNALERT 239188 BID 33267 SECTRACK 1021600 The UFS implementation in the kernel in Sun OpenSolaris snv_29 through snv_90 allows local users to cause a denial of service (panic) via the single posix_fallocate test in the SUSv3 POSIX test suite, related to an F_ALLOCSP fcntl call. cpe:/o:sun:opensolaris:::sparc cpe:/o:sun:opensolaris:::x86 cpe:/o:sun:solaris:8::sparc cpe:/o:sun:solaris:8::x86 cpe:/o:sun:solaris:9::sparc cpe:/o:sun:solaris:9::x86 cpe:/o:sun:solaris:10::sparc cpe:/o:sun:solaris:10::x86 CVE-2009-0132 2009-01-15T12:30:00.687-05:00 2011-03-07T22:17:56.563-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1 SUNALERT 247986 BID 33188 SECTRACK 1021553 MISC http://www.trapkit.de/advisories/TKADV2009-001.txt VUPEN ADV-2009-0099 Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument). cpe:/a:microsoft:html_help_workshop:4.74 CVE-2009-0133 2009-01-15T12:30:00.703-05:00 2017-09-28T21:33:38.777-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SREASON 4914 EXPLOIT-DB 7727 Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564. cpe:/a:share2:easy_grid_control:3.51 CVE-2009-0134 2009-01-16T13:30:00.203-05:00 2017-09-28T21:33:38.840-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SREASON 4913 BID 33272 XF easygrid-activex-dosavefile-file-overwrite(47946) EXPLOIT-DB 7779 Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. cpe:/a:amarok:amarok:1.4.10 cpe:/a:amarok:amarok:2.0 cpe:/a:amarok:amarok:2.0.1 CVE-2009-0135 2009-01-16T13:30:00.233-05:00 2018-10-11T16:59:51.077-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://amarok.kde.org/en/releases/2.0.1.1 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=254896 SUSE SUSE-SR:2009:003 MLIST [oss-security] 20090114 CVE Request -- amarok GENTOO GLSA-200903-34 SREASON 4915 MISC http://trapkit.de/advisories/TKADV2009-002.txt CONFIRM http://websvn.kde.org/?view=rev&revision=908391 CONFIRM http://websvn.kde.org/?view=rev&revision=908401 CONFIRM http://websvn.kde.org/?view=rev&revision=908415 DEBIAN DSA-1706 MANDRIVA MDVSA-2009:030 BUGTRAQ 20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities BID 33210 SECTRACK 1021558 UBUNTU USN-739-1 VUPEN ADV-2009-0100 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479560 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479946 FEDORA FEDORA-2009-0715 Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow. cpe:/a:amarok:amarok:1.4.10 cpe:/a:amarok:amarok:2.0 cpe:/a:amarok:amarok:2.0.1 CVE-2009-0136 2009-01-16T13:30:00.250-05:00 2018-10-11T16:59:53.810-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://amarok.kde.org/en/releases/2.0.1.1 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=254896 SUSE SUSE-SR:2009:003 MLIST [oss-security] 20090114 CVE Request -- amarok GENTOO GLSA-200903-34 SREASON 4915 MISC http://trapkit.de/advisories/TKADV2009-002.txt CONFIRM http://websvn.kde.org/?view=rev&revision=908391 CONFIRM http://websvn.kde.org/?view=rev&revision=908401 CONFIRM http://websvn.kde.org/?view=rev&revision=908415 DEBIAN DSA-1706 MANDRIVA MDVSA-2009:030 BUGTRAQ 20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities BID 33210 SECTRACK 1021558 UBUNTU USN-739-1 VUPEN ADV-2009-0100 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479560 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479946 FEDORA FEDORA-2009-0715 Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure. cpe:/a:apple:safari CVE-2009-0137 2009-02-12T19:30:05.000-05:00 2009-08-19T01:25:07.127-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-02-12 APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0138 2009-02-12T19:30:05.017-05:00 2011-03-07T22:17:57.157-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 BID 33813 VUPEN ADV-2009-0422 servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration. cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0139 2009-02-12T19:30:05.030-05:00 2011-03-07T22:17:57.237-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 VUPEN ADV-2009-0422 Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0140 2009-02-12T19:30:05.047-05:00 2011-03-07T22:17:57.347-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 VUPEN ADV-2009-0422 Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0141 2009-02-12T19:30:05.077-05:00 2017-08-07T21:33:47.750-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov APPLE APPLE-SA-2009-02-12 SECTRACK 1021729 CONFIRM http://support.apple.com/kb/HT3438 BID 33798 VUPEN ADV-2009-0422 XF macosx-xterm-information-disclosure(48727) XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0142 2009-02-12T18:30:01.110-05:00 2011-03-07T22:17:57.547-05:00 1.9 LOCAL MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-02-12 CONFIRM http://support.apple.com/kb/HT3438 BID 33759 BID 33812 VUPEN ADV-2009-0422 Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." cpe:/a:apple:itunes:- cpe:/a:apple:itunes:4.0.0 cpe:/a:apple:itunes:4.0.0:-:mac cpe:/a:apple:itunes:4.0.0:-:windows cpe:/a:apple:itunes:4.0.1 cpe:/a:apple:itunes:4.0.1:-:mac cpe:/a:apple:itunes:4.0.1:-:windows cpe:/a:apple:itunes:4.1.0 cpe:/a:apple:itunes:4.1.0:-:mac cpe:/a:apple:itunes:4.1.0:-:windows cpe:/a:apple:itunes:4.2.0 cpe:/a:apple:itunes:4.2.0:-:mac cpe:/a:apple:itunes:4.2.0:-:windows cpe:/a:apple:itunes:4.5 cpe:/a:apple:itunes:4.5::windows cpe:/a:apple:itunes:4.5.0 cpe:/a:apple:itunes:4.5.0:-:mac cpe:/a:apple:itunes:4.5.0:-:windows cpe:/a:apple:itunes:4.6 cpe:/a:apple:itunes:4.6::windows cpe:/a:apple:itunes:4.6.0 cpe:/a:apple:itunes:4.6.0:-:mac cpe:/a:apple:itunes:4.6.0:-:windows cpe:/a:apple:itunes:4.7 cpe:/a:apple:itunes:4.7::windows cpe:/a:apple:itunes:4.7.0 cpe:/a:apple:itunes:4.7.0:-:mac cpe:/a:apple:itunes:4.7.0:-:windows cpe:/a:apple:itunes:4.7.1 cpe:/a:apple:itunes:4.7.1::windows cpe:/a:apple:itunes:4.7.1:-:mac cpe:/a:apple:itunes:4.7.1:-:windows cpe:/a:apple:itunes:4.7.2 cpe:/a:apple:itunes:4.8.0 cpe:/a:apple:itunes:4.8.0:-:mac cpe:/a:apple:itunes:4.8.0:-:windows cpe:/a:apple:itunes:4.9.0 cpe:/a:apple:itunes:4.9.0:-:mac cpe:/a:apple:itunes:4.9.0:-:windows cpe:/a:apple:itunes:5.0 cpe:/a:apple:itunes:5.0::windows cpe:/a:apple:itunes:5.0.0 cpe:/a:apple:itunes:5.0.0:-:mac cpe:/a:apple:itunes:5.0.0:-:windows cpe:/a:apple:itunes:5.0.1 cpe:/a:apple:itunes:5.0.1:-:mac cpe:/a:apple:itunes:5.0.1:-:windows cpe:/a:apple:itunes:6.0.0 cpe:/a:apple:itunes:6.0.0:-:mac cpe:/a:apple:itunes:6.0.0:-:windows cpe:/a:apple:itunes:6.0.1 cpe:/a:apple:itunes:6.0.1::windows cpe:/a:apple:itunes:6.0.1:-:mac cpe:/a:apple:itunes:6.0.1:-:windows cpe:/a:apple:itunes:6.0.2 cpe:/a:apple:itunes:6.0.2::windows cpe:/a:apple:itunes:6.0.2:-:mac cpe:/a:apple:itunes:6.0.2:-:windows cpe:/a:apple:itunes:6.0.3 cpe:/a:apple:itunes:6.0.3:-:mac cpe:/a:apple:itunes:6.0.3:-:windows cpe:/a:apple:itunes:6.0.4 cpe:/a:apple:itunes:6.0.4::windows cpe:/a:apple:itunes:6.0.4:-:mac cpe:/a:apple:itunes:6.0.4:-:windows cpe:/a:apple:itunes:6.0.5 cpe:/a:apple:itunes:6.0.5:-:mac cpe:/a:apple:itunes:6.0.5:-:windows cpe:/a:apple:itunes:7.0.0 cpe:/a:apple:itunes:7.0.0:-:mac cpe:/a:apple:itunes:7.0.0:-:windows cpe:/a:apple:itunes:7.0.1 cpe:/a:apple:itunes:7.0.1:-:mac cpe:/a:apple:itunes:7.0.1:-:windows cpe:/a:apple:itunes:7.0.2 cpe:/a:apple:itunes:7.0.2::windows cpe:/a:apple:itunes:7.0.2:-:mac cpe:/a:apple:itunes:7.0.2:-:windows cpe:/a:apple:itunes:7.1.0 cpe:/a:apple:itunes:7.1.0:-:mac cpe:/a:apple:itunes:7.1.0:-:windows cpe:/a:apple:itunes:7.1.1 cpe:/a:apple:itunes:7.1.1:-:mac cpe:/a:apple:itunes:7.1.1:-:windows cpe:/a:apple:itunes:7.2.0 cpe:/a:apple:itunes:7.2.0:-:mac cpe:/a:apple:itunes:7.2.0:-:windows cpe:/a:apple:itunes:7.3.0 cpe:/a:apple:itunes:7.3.0:-:mac cpe:/a:apple:itunes:7.3.0:-:windows cpe:/a:apple:itunes:7.3.1 cpe:/a:apple:itunes:7.3.1:-:mac cpe:/a:apple:itunes:7.3.1:-:windows cpe:/a:apple:itunes:7.3.2 cpe:/a:apple:itunes:7.3.2::windows cpe:/a:apple:itunes:7.3.2:-:mac cpe:/a:apple:itunes:7.3.2:-:windows cpe:/a:apple:itunes:7.4 cpe:/a:apple:itunes:7.4::windows cpe:/a:apple:itunes:7.4.0 cpe:/a:apple:itunes:7.4.0:-:mac cpe:/a:apple:itunes:7.4.0:-:windows cpe:/a:apple:itunes:7.4.1 cpe:/a:apple:itunes:7.4.1::windows cpe:/a:apple:itunes:7.4.1:-:mac cpe:/a:apple:itunes:7.4.1:-:windows cpe:/a:apple:itunes:7.4.2 cpe:/a:apple:itunes:7.4.2::windows cpe:/a:apple:itunes:7.4.2:-:mac cpe:/a:apple:itunes:7.4.2:-:windows cpe:/a:apple:itunes:7.4.3 cpe:/a:apple:itunes:7.4.3::windows cpe:/a:apple:itunes:7.5 cpe:/a:apple:itunes:7.5::windows cpe:/a:apple:itunes:7.5.0 cpe:/a:apple:itunes:7.5.0:-:mac cpe:/a:apple:itunes:7.5.0:-:windows cpe:/a:apple:itunes:7.6 cpe:/a:apple:itunes:7.6.0 cpe:/a:apple:itunes:7.6.0:-:mac cpe:/a:apple:itunes:7.6.0:-:windows cpe:/a:apple:itunes:7.6.1 cpe:/a:apple:itunes:7.6.1::windows cpe:/a:apple:itunes:7.6.1:-:mac cpe:/a:apple:itunes:7.6.1:-:windows cpe:/a:apple:itunes:7.6.2 cpe:/a:apple:itunes:7.6.2:-:mac cpe:/a:apple:itunes:7.6.2:-:windows cpe:/a:apple:itunes:7.7 cpe:/a:apple:itunes:7.7.0 cpe:/a:apple:itunes:7.7.0:-:mac cpe:/a:apple:itunes:7.7.0:-:windows cpe:/a:apple:itunes:7.7.1 cpe:/a:apple:itunes:7.7.1::windows cpe:/a:apple:itunes:7.7.1:-:mac cpe:/a:apple:itunes:7.7.1:-:windows cpe:/a:apple:itunes:8.0.0 cpe:/a:apple:itunes:8.0.0:-:mac cpe:/a:apple:itunes:8.0.0:-:windows cpe:/a:apple:itunes:8.0.1 cpe:/a:apple:itunes:8.0.1:-:mac cpe:/a:apple:itunes:8.0.1:-:windows CVE-2009-0143 2009-03-14T14:30:00.437-04:00 2018-11-08T15:21:13.067-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2018-11-07T09:39:39.437-05:00 APPLE APPLE-SA-2009-03-11 SECTRACK 1021843 CONFIRM http://support.apple.com/kb/HT3487 BID 34094 VUPEN ADV-2009-0702 XF itunes-podcast-information-disclosure(49201) Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast. cpe:/a:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0144 2009-05-13T11:30:00.250-04:00 2017-08-07T21:33:47.877-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 BID 34926 SECTRACK 1022214 CERT TA09-133A VUPEN ADV-2009-1297 XF macos-cfnetwork-info-disclosure(50479) CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0145 2009-05-13T11:30:00.280-04:00 2017-08-07T21:33:47.937-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS APPLE APPLE-SA-2009-06-08-1 APPLE APPLE-SA-2009-06-17-1 APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3613 CONFIRM http://support.apple.com/kb/HT3639 BID 34926 SECTRACK 1022209 CERT TA09-133A VUPEN ADV-2009-1297 VUPEN ADV-2009-1522 VUPEN ADV-2009-1621 XF macos-coregraphics-pdf-code-execution(50481) CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. cpe:/a:apple:cups:1.1 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.4 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.1.6-1 cpe:/a:apple:cups:1.1.6-2 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.1.8 cpe:/a:apple:cups:1.1.9 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.10-1 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.1.12 cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.15 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.1.19 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.21 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.23 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.2.2 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.2.7 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.2.9 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.3.2 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.3.6 cpe:/a:apple:cups:1.3.7 cpe:/a:apple:cups:1.3.8 cpe:/a:apple:cups:1.3.9 cpe:/a:apple:cups:1.3.10 cpe:/a:apple:cups:1.3.11 cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.7a cpe:/a:foolabs:xpdf:0.91a cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.92c cpe:/a:foolabs:xpdf:0.92d cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.93a cpe:/a:foolabs:xpdf:0.93b cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:1.00a cpe:/a:glyphandcog:xpdfreader:0.2 cpe:/a:glyphandcog:xpdfreader:0.3 cpe:/a:glyphandcog:xpdfreader:0.4 cpe:/a:glyphandcog:xpdfreader:0.5 cpe:/a:glyphandcog:xpdfreader:0.6 cpe:/a:glyphandcog:xpdfreader:0.7 cpe:/a:glyphandcog:xpdfreader:0.80 cpe:/a:glyphandcog:xpdfreader:0.90 cpe:/a:glyphandcog:xpdfreader:0.91 cpe:/a:glyphandcog:xpdfreader:0.92 cpe:/a:glyphandcog:xpdfreader:0.93 cpe:/a:glyphandcog:xpdfreader:1.00 cpe:/a:glyphandcog:xpdfreader:1.01 cpe:/a:glyphandcog:xpdfreader:2.00 cpe:/a:glyphandcog:xpdfreader:2.01 cpe:/a:glyphandcog:xpdfreader:2.02 cpe:/a:glyphandcog:xpdfreader:2.03 cpe:/a:glyphandcog:xpdfreader:3.00 cpe:/a:glyphandcog:xpdfreader:3.01 cpe:/a:glyphandcog:xpdfreader:3.02 CVE-2009-0146 2009-04-23T13:30:01.547-04:00 2019-03-06T11:30:38.330-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=263028 APPLE APPLE-SA-2009-06-17-1 APPLE APPLE-SA-2009-05-12 SUSE SUSE-SA:2009:024 SUSE SUSE-SR:2009:010 SUSE SUSE-SR:2009:012 REDHAT RHSA-2009:0458 GENTOO GLSA-200904-20 SLACKWARE SSA:2009-129-01 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3639 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0059 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0061 DEBIAN DSA-1790 DEBIAN DSA-1793 MANDRIVA MDVSA-2009:101 MANDRIVA MDVSA-2010:087 REDHAT RHSA-2009:0429 REDHAT RHSA-2009:0430 REDHAT RHSA-2009:0431 REDHAT RHSA-2009:0480 BUGTRAQ 20090417 rPSA-2009-0061-1 cups BUGTRAQ 20090417 rPSA-2009-0059-1 poppler BID 34568 SECTRACK 1022073 CERT TA09-133A VUPEN ADV-2009-1065 VUPEN ADV-2009-1066 VUPEN ADV-2009-1077 VUPEN ADV-2009-1297 VUPEN ADV-2009-1621 VUPEN ADV-2010-1040 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=490612 FEDORA FEDORA-2009-6972 FEDORA FEDORA-2009-6973 FEDORA FEDORA-2009-6982 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. cpe:/a:apple:cups:1.1 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.4 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.1.6-1 cpe:/a:apple:cups:1.1.6-2 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.1.8 cpe:/a:apple:cups:1.1.9 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.10-1 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.1.12 cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.15 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.1.19 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.21 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.23 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.2.2 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.2.7 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.2.9 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.3.2 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.3.6 cpe:/a:apple:cups:1.3.7 cpe:/a:apple:cups:1.3.8 cpe:/a:apple:cups:1.3.9 cpe:/a:apple:cups:1.3.10 cpe:/a:apple:cups:1.3.11 cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.7a cpe:/a:foolabs:xpdf:0.91a cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.92c cpe:/a:foolabs:xpdf:0.92d cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.93a cpe:/a:foolabs:xpdf:0.93b cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:1.00a cpe:/a:glyphandcog:xpdfreader:0.2 cpe:/a:glyphandcog:xpdfreader:0.3 cpe:/a:glyphandcog:xpdfreader:0.4 cpe:/a:glyphandcog:xpdfreader:0.5 cpe:/a:glyphandcog:xpdfreader:0.6 cpe:/a:glyphandcog:xpdfreader:0.7 cpe:/a:glyphandcog:xpdfreader:0.80 cpe:/a:glyphandcog:xpdfreader:0.90 cpe:/a:glyphandcog:xpdfreader:0.91 cpe:/a:glyphandcog:xpdfreader:0.92 cpe:/a:glyphandcog:xpdfreader:0.93 cpe:/a:glyphandcog:xpdfreader:1.00 cpe:/a:glyphandcog:xpdfreader:1.01 cpe:/a:glyphandcog:xpdfreader:2.00 cpe:/a:glyphandcog:xpdfreader:2.01 cpe:/a:glyphandcog:xpdfreader:2.02 cpe:/a:glyphandcog:xpdfreader:2.03 cpe:/a:glyphandcog:xpdfreader:3.00 cpe:/a:glyphandcog:xpdfreader:3.01 cpe:/a:glyphandcog:xpdfreader:3.02 CVE-2009-0147 2009-04-23T13:30:01.563-04:00 2019-03-06T11:30:38.330-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=263028 APPLE APPLE-SA-2009-06-17-1 APPLE APPLE-SA-2009-05-12 SUSE SUSE-SA:2009:024 SUSE SUSE-SR:2009:010 SUSE SUSE-SR:2009:012 REDHAT RHSA-2009:0458 GENTOO GLSA-200904-20 SLACKWARE SSA:2009-129-01 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3639 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0059 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0061 DEBIAN DSA-1790 DEBIAN DSA-1793 MANDRIVA MDVSA-2009:101 MANDRIVA MDVSA-2010:087 REDHAT RHSA-2009:0429 REDHAT RHSA-2009:0430 REDHAT RHSA-2009:0431 REDHAT RHSA-2009:0480 BUGTRAQ 20090417 rPSA-2009-0061-1 cups BUGTRAQ 20090417 rPSA-2009-0059-1 poppler BID 34568 SECTRACK 1022073 CERT TA09-133A VUPEN ADV-2009-1065 VUPEN ADV-2009-1066 VUPEN ADV-2009-1077 VUPEN ADV-2009-1297 VUPEN ADV-2009-1621 VUPEN ADV-2010-1040 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=490614 FEDORA FEDORA-2009-6972 FEDORA FEDORA-2009-6973 FEDORA FEDORA-2009-6982 Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. cpe:/a:cscope:cscope:13.0 cpe:/a:cscope:cscope:15.0bl2 cpe:/a:cscope:cscope:15.1 cpe:/a:cscope:cscope:15.3 cpe:/a:cscope:cscope:15.4 cpe:/a:cscope:cscope:15.5 cpe:/a:cscope:cscope:15.6 cpe:/a:cscope:cscope:15.7 CVE-2009-0148 2009-05-05T13:30:00.233-04:00 2017-09-28T21:33:39.263-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 GENTOO GLSA-200905-02 CONFIRM http://sourceforge.net/forum/forum.php?forum_id=947983 MLIST [cscope-cvs] 20090410 CVS: cscope/src snprintf.c, NONE, 1.1 build.c, 1.14, 1.15 command.c, 1.32, 1.33 dir.c, 1.30, 1.31 display.c, 1.29, 1.30 edit.c, 1.6, 1.7 exec.c, 1.11, 1.12 find.c, 1.20, 1.21 global.h, 1.36, 1.37 main.c, 1.45, 1.46 Makefile.am, 1.12, 1.13 Makefile.in, 1.15, 1.16 vpaccess.c, 1.2, 1.3 vpfopen.c, 1.3, 1.4 vpopen.c, 1.4, 1.5 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=4664&release_id=679527 CONFIRM http://support.apple.com/kb/HT3549 DEBIAN DSA-1806 MLIST [oss-security] 20090506 Re: Old cscope buffer overflow REDHAT RHSA-2009:1101 REDHAT RHSA-2009:1102 BID 34805 SECTRACK 1022218 CERT TA09-133A VUPEN ADV-2009-1238 VUPEN ADV-2009-1297 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=490667 Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0149 2009-05-13T11:30:00.297-04:00 2017-08-07T21:33:48.000-04:00 4.4 LOCAL MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 BID 34926 BID 34942 SECTRACK 1022217 CERT TA09-133A VUPEN ADV-2009-1297 XF macos-diskimages-code-execution-var1(50484) Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0150 2009-05-13T11:30:00.313-04:00 2017-08-07T21:33:48.063-04:00 4.4 LOCAL MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 BID 34926 SECTRACK 1022217 CERT TA09-133A VUPEN ADV-2009-1297 XF macos-diskimages-bo(50483) Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image. cpe:/a:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.2:2008-002 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.7 CVE-2009-0151 2009-08-06T11:30:00.203-04:00 2017-08-07T21:33:48.127-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov APPLE APPLE-SA-2009-08-05-1 CONFIRM http://support.apple.com/kb/HT3757 BID 35954 CERT TA09-218A VUPEN ADV-2009-2172 XF macosx-dock-security-bypass(52421) The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0152 2009-05-13T11:30:00.327-04:00 2017-08-07T21:33:48.187-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 BID 34926 SECTRACK 1022212 CERT TA09-133A VUPEN ADV-2009-1297 XF macos-ichat-ssl-weak-security(50487) iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0153 2009-05-13T11:30:00.360-04:00 2017-09-28T21:33:39.340-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://bugs.icu-project.org/trac/ticket/5691 APPLE APPLE-SA-2009-06-08-1 APPLE APPLE-SA-2009-06-17-1 APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3613 CONFIRM http://support.apple.com/kb/HT3639 REDHAT RHSA-2009:1122 BID 34926 BID 34974 CERT TA09-133A VUPEN ADV-2009-1297 VUPEN ADV-2009-1522 VUPEN ADV-2009-1621 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=503071 XF macos-icu-security-bypass(50488) FEDORA FEDORA-2009-6121 FEDORA FEDORA-2009-6273 International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0154 2009-05-13T11:30:00.377-04:00 2018-10-11T17:00:14.970-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 BUGTRAQ 20090519 ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability BID 34926 SECTRACK 1022218 CERT TA09-133A VUPEN ADV-2009-1297 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-023 XF macos-ats-cff-bo(50478) Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font. cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0155 2009-05-13T11:30:00.390-04:00 2017-08-07T21:33:48.390-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-06-17-1 APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3639 BID 34926 SECTRACK 1022209 CERT TA09-133A VUPEN ADV-2009-1297 VUPEN ADV-2009-1621 XF macos-coregraphics-pdf-bo(50482) Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0156 2009-05-13T11:30:00.420-04:00 2017-08-07T21:33:48.437-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 BID 34926 BID 34932 SECTRACK 1022215 CERT TA09-133A VUPEN ADV-2009-1297 XF macos-launchservices-dos(50490) Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0157 2009-05-13T11:30:00.437-04:00 2017-08-07T21:33:48.500-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 BID 34926 SECTRACK 1022211 CERT TA09-133A VUPEN ADV-2009-1297 XF macos-cfnetwork-bo(50480) Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0158 2009-05-13T11:30:00.453-04:00 2016-08-22T21:59:32.877-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 HP SSRT101144 CONFIRM http://support.apple.com/kb/HT3549 BID 34926 CERT TA09-133A VUPEN ADV-2009-1297 Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. cpe:/a:ntp:ntp:4.0.72 cpe:/a:ntp:ntp:4.0.73 cpe:/a:ntp:ntp:4.0.90 cpe:/a:ntp:ntp:4.0.91 cpe:/a:ntp:ntp:4.0.92 cpe:/a:ntp:ntp:4.0.93 cpe:/a:ntp:ntp:4.0.94 cpe:/a:ntp:ntp:4.0.95 cpe:/a:ntp:ntp:4.0.96 cpe:/a:ntp:ntp:4.0.97 cpe:/a:ntp:ntp:4.0.98 cpe:/a:ntp:ntp:4.0.99 cpe:/a:ntp:ntp:4.1.0 cpe:/a:ntp:ntp:4.1.2 cpe:/a:ntp:ntp:4.2.0 cpe:/a:ntp:ntp:4.2.2 cpe:/a:ntp:ntp:4.2.2p1 cpe:/a:ntp:ntp:4.2.2p2 cpe:/a:ntp:ntp:4.2.2p3 cpe:/a:ntp:ntp:4.2.2p4 cpe:/a:ntp:ntp:4.2.4 cpe:/a:ntp:ntp:4.2.4p0 cpe:/a:ntp:ntp:4.2.4p1 cpe:/a:ntp:ntp:4.2.4p2 cpe:/a:ntp:ntp:4.2.4p3 cpe:/a:ntp:ntp:4.2.4p4 cpe:/a:ntp:ntp:4.2.4p5 cpe:/a:ntp:ntp:4.2.4p6 cpe:/a:ntp:ntp:4.2.4p7:rc1 CVE-2009-0159 2009-04-14T11:30:00.517-04:00 2018-10-11T17:00:15.907-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS NETBSD NetBSD-SA2009-006 CONFIRM http://bugs.pardus.org.tr/show_bug.cgi?id=9532 APPLE APPLE-SA-2009-05-12 SUSE SUSE-SR:2009:011 HP SSRT101144 CONFIRM http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565 REDHAT RHSA-2009:1039 REDHAT RHSA-2009:1040 SLACKWARE SSA:2009-154-01 CONFIRM http://support.apple.com/kb/HT3549 DEBIAN DSA-1801 GENTOO GLSA-200905-08 MANDRIVA MDVSA-2009:092 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 34481 SECTRACK 1022033 CERT TA09-133A CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-0999 VUPEN ADV-2009-1297 VUPEN ADV-2009-3316 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=490617 XF ntp-cookedprint-bo(49838) REDHAT RHSA-2009:1651 CONFIRM https://support.ntp.org/bugs/show_bug.cgi?id=1144 UBUNTU USN-777-1 FEDORA FEDORA-2009-5273 FEDORA FEDORA-2009-5275 Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0160 2009-05-13T11:30:00.467-04:00 2009-05-16T01:29:00.563-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 BID 34926 BID 34937 SECTRACK 1022209 CERT TA09-133A VUPEN ADV-2009-1297 QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.6 CVE-2009-0161 2009-05-13T11:30:00.500-04:00 2017-08-07T21:33:48.640-04:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 BID 34926 CERT TA09-133A VUPEN ADV-2009-1297 XF macos-opensslocsp-weak-security(50592) The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate. cpe:/a:apple:safari:0.8 cpe:/a:apple:safari:0.9 cpe:/a:apple:safari:1.0 cpe:/a:apple:safari:1.0:beta cpe:/a:apple:safari:1.0:beta2 cpe:/a:apple:safari:1.0.0 cpe:/a:apple:safari:1.0.0b1 cpe:/a:apple:safari:1.0.0b2 cpe:/a:apple:safari:1.0.1 cpe:/a:apple:safari:1.0.2 cpe:/a:apple:safari:1.0.3 cpe:/a:apple:safari:1.0.3:85.8 cpe:/a:apple:safari:1.0.3:85.8.1 cpe:/a:apple:safari:1.1 cpe:/a:apple:safari:1.1.0 cpe:/a:apple:safari:1.1.1 cpe:/a:apple:safari:1.2 cpe:/a:apple:safari:1.2.0 cpe:/a:apple:safari:1.2.1 cpe:/a:apple:safari:1.2.2 cpe:/a:apple:safari:1.2.3 cpe:/a:apple:safari:1.2.4 cpe:/a:apple:safari:1.2.5 cpe:/a:apple:safari:1.3 cpe:/a:apple:safari:1.3.0 cpe:/a:apple:safari:1.3.1 cpe:/a:apple:safari:1.3.2 cpe:/a:apple:safari:1.3.2:312.5 cpe:/a:apple:safari:1.3.2:312.6 cpe:/a:apple:safari:2 cpe:/a:apple:safari:2.0 cpe:/a:apple:safari:2.0.0 cpe:/a:apple:safari:2.0.1 cpe:/a:apple:safari:2.0.2 cpe:/a:apple:safari:2.0.3 cpe:/a:apple:safari:2.0.3:417.8 cpe:/a:apple:safari:2.0.3:417.9 cpe:/a:apple:safari:2.0.3:417.9.2 cpe:/a:apple:safari:2.0.4 cpe:/a:apple:safari:3 cpe:/a:apple:safari:3.0 cpe:/a:apple:safari:3.0.0 cpe:/a:apple:safari:3.0.1 cpe:/a:apple:safari:3.0.2 cpe:/a:apple:safari:3.0.3 cpe:/a:apple:safari:3.0.4 cpe:/a:apple:safari:3.1 cpe:/a:apple:safari:3.1.0 cpe:/a:apple:safari:3.1.1 cpe:/a:apple:safari:3.1.2 cpe:/a:apple:safari:3.2 cpe:/a:apple:safari:3.2.0 cpe:/a:apple:safari:3.2.1 cpe:/a:apple:safari:3.2.2 cpe:/a:apple:safari:4.0:beta CVE-2009-0162 2009-05-13T11:30:00.517-04:00 2017-08-07T21:33:48.720-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 APPLE APPLE-SA-2009-05-12 APPLE APPLE-SA-2009-05-12 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3550 BID 34925 SECTRACK 1022206 CERT TA09-133A VUPEN ADV-2009-1297 VUPEN ADV-2009-1298 XF safari-feedurl-code-execution(50476) Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. cpe:/a:apple:cups:1.1 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.4 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.1.6-1 cpe:/a:apple:cups:1.1.6-2 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.1.8 cpe:/a:apple:cups:1.1.9 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.10-1 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.1.12 cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.15 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.1.19 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.21 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.23 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:apple:cups:1.2:b1 cpe:/a:apple:cups:1.2:b2 cpe:/a:apple:cups:1.2:rc1 cpe:/a:apple:cups:1.2:rc2 cpe:/a:apple:cups:1.2:rc3 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.2.2 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.2.7 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.2.9 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.3:b1 cpe:/a:apple:cups:1.3:rc1 cpe:/a:apple:cups:1.3:rc2 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.3.2 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.3.6 cpe:/a:apple:cups:1.3.7 cpe:/a:apple:cups:1.3.8 cpe:/a:apple:cups:1.3.9 CVE-2009-0163 2009-04-23T13:30:01.577-04:00 2018-10-11T17:00:23.407-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SUSE SUSE-SA:2009:024 GENTOO GLSA-200904-20 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0061 CONFIRM http://www.cups.org/articles.php?L582 CONFIRM http://www.cups.org/str.php?L3031 DEBIAN DSA-1773 REDHAT RHSA-2009:0428 REDHAT RHSA-2009:0429 BUGTRAQ 20090417 rPSA-2009-0061-1 cups BID 34571 SECTRACK 1022070 UBUNTU USN-760-1 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=490596 Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. cpe:/a:apple:cups:1.1 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.4 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.1.6-1 cpe:/a:apple:cups:1.1.6-2 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.1.8 cpe:/a:apple:cups:1.1.9 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.10-1 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.1.12 cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.15 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.1.19 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.21 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.23 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:apple:cups:1.2:b1 cpe:/a:apple:cups:1.2:b2 cpe:/a:apple:cups:1.2:rc1 cpe:/a:apple:cups:1.2:rc2 cpe:/a:apple:cups:1.2:rc3 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.2.2 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.2.7 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.2.9 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.3:b1 cpe:/a:apple:cups:1.3:rc1 cpe:/a:apple:cups:1.3:rc2 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.3.2 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.3.6 cpe:/a:apple:cups:1.3.7 cpe:/a:apple:cups:1.3.8 cpe:/a:apple:cups:1.3.9 CVE-2009-0164 2009-04-24T11:30:00.217-04:00 2018-10-11T17:00:25.673-04:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=263070 APPLE APPLE-SA-2009-05-12 GENTOO GLSA-200904-20 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0061 CONFIRM http://www.cups.org/articles.php?L582 CONFIRM http://www.cups.org/str.php?L3118 BUGTRAQ 20090417 rPSA-2009-0061-1 cups BID 34665 CERT TA09-133A VUPEN ADV-2009-1297 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=490597 The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.7a cpe:/a:foolabs:xpdf:0.91a cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.92c cpe:/a:foolabs:xpdf:0.92d cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.93a cpe:/a:foolabs:xpdf:0.93b cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:1.00a cpe:/a:foolabs:xpdf:3.0.1 cpe:/a:glyphandcog:xpdfreader:0.2 cpe:/a:glyphandcog:xpdfreader:0.3 cpe:/a:glyphandcog:xpdfreader:0.4 cpe:/a:glyphandcog:xpdfreader:0.5 cpe:/a:glyphandcog:xpdfreader:0.6 cpe:/a:glyphandcog:xpdfreader:0.7 cpe:/a:glyphandcog:xpdfreader:0.80 cpe:/a:glyphandcog:xpdfreader:0.90 cpe:/a:glyphandcog:xpdfreader:0.91 cpe:/a:glyphandcog:xpdfreader:0.92 cpe:/a:glyphandcog:xpdfreader:0.93 cpe:/a:glyphandcog:xpdfreader:1.00 cpe:/a:glyphandcog:xpdfreader:1.01 cpe:/a:glyphandcog:xpdfreader:2.00 cpe:/a:glyphandcog:xpdfreader:2.01 cpe:/a:glyphandcog:xpdfreader:2.02 cpe:/a:glyphandcog:xpdfreader:2.03 cpe:/a:glyphandcog:xpdfreader:3.00 cpe:/a:glyphandcog:xpdfreader:3.01 cpe:/a:glyphandcog:xpdfreader:3.02 CVE-2009-0165 2009-04-23T15:30:00.500-04:00 2019-03-06T11:30:38.330-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=263028 APPLE APPLE-SA-2009-06-17-1 APPLE APPLE-SA-2009-05-12 SUSE SUSE-SA:2009:024 SUSE SUSE-SR:2009:010 SUSE SUSE-SR:2009:012 SLACKWARE SSA:2009-129-01 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3639 DEBIAN DSA-1790 DEBIAN DSA-1793 MANDRIVA MDVSA-2009:101 BID 34568 CERT TA09-133A VUPEN ADV-2009-1297 VUPEN ADV-2009-1621 XF multiple-jbig2-unspecified(50377) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." cpe:/a:apple:cups:1.1 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.4 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.1.6-1 cpe:/a:apple:cups:1.1.6-2 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.1.8 cpe:/a:apple:cups:1.1.9 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.10-1 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.1.12 cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.15 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.1.19 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.21 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.23 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.2.2 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.2.7 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.2.9 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.3.2 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.3.6 cpe:/a:apple:cups:1.3.7 cpe:/a:apple:cups:1.3.8 cpe:/a:apple:cups:1.3.9 cpe:/a:apple:cups:1.3.10 cpe:/a:apple:cups:1.3.11 cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.7a cpe:/a:foolabs:xpdf:0.91a cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.92c cpe:/a:foolabs:xpdf:0.92d cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.93a cpe:/a:foolabs:xpdf:0.93b cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:1.00a cpe:/a:glyphandcog:xpdfreader:0.2 cpe:/a:glyphandcog:xpdfreader:0.3 cpe:/a:glyphandcog:xpdfreader:0.4 cpe:/a:glyphandcog:xpdfreader:0.5 cpe:/a:glyphandcog:xpdfreader:0.6 cpe:/a:glyphandcog:xpdfreader:0.7 cpe:/a:glyphandcog:xpdfreader:0.80 cpe:/a:glyphandcog:xpdfreader:0.90 cpe:/a:glyphandcog:xpdfreader:0.91 cpe:/a:glyphandcog:xpdfreader:0.92 cpe:/a:glyphandcog:xpdfreader:0.93 cpe:/a:glyphandcog:xpdfreader:1.00 cpe:/a:glyphandcog:xpdfreader:1.01 cpe:/a:glyphandcog:xpdfreader:2.00 cpe:/a:glyphandcog:xpdfreader:2.01 cpe:/a:glyphandcog:xpdfreader:2.02 cpe:/a:glyphandcog:xpdfreader:2.03 cpe:/a:glyphandcog:xpdfreader:3.00 cpe:/a:glyphandcog:xpdfreader:3.01 cpe:/a:glyphandcog:xpdfreader:3.02 cpe:/a:poppler:poppler:0.1 cpe:/a:poppler:poppler:0.1.1 cpe:/a:poppler:poppler:0.1.2 cpe:/a:poppler:poppler:0.2.0 cpe:/a:poppler:poppler:0.3.0 cpe:/a:poppler:poppler:0.3.1 cpe:/a:poppler:poppler:0.3.2 cpe:/a:poppler:poppler:0.3.3 cpe:/a:poppler:poppler:0.4.0 cpe:/a:poppler:poppler:0.4.1 cpe:/a:poppler:poppler:0.4.2 cpe:/a:poppler:poppler:0.4.3 cpe:/a:poppler:poppler:0.4.4 cpe:/a:poppler:poppler:0.5.0 cpe:/a:poppler:poppler:0.5.1 cpe:/a:poppler:poppler:0.5.2 cpe:/a:poppler:poppler:0.5.3 cpe:/a:poppler:poppler:0.5.4 cpe:/a:poppler:poppler:0.5.9 cpe:/a:poppler:poppler:0.5.90 cpe:/a:poppler:poppler:0.5.91 cpe:/a:poppler:poppler:0.6.0 cpe:/a:poppler:poppler:0.6.1 cpe:/a:poppler:poppler:0.6.2 cpe:/a:poppler:poppler:0.6.3 cpe:/a:poppler:poppler:0.6.4 cpe:/a:poppler:poppler:0.7.0 cpe:/a:poppler:poppler:0.7.1 cpe:/a:poppler:poppler:0.7.2 cpe:/a:poppler:poppler:0.7.3 cpe:/a:poppler:poppler:0.8.0 cpe:/a:poppler:poppler:0.8.1 cpe:/a:poppler:poppler:0.8.2 cpe:/a:poppler:poppler:0.8.3 cpe:/a:poppler:poppler:0.8.4 cpe:/a:poppler:poppler:0.8.5 cpe:/a:poppler:poppler:0.8.6 cpe:/a:poppler:poppler:0.8.7 cpe:/a:poppler:poppler:0.9.0 cpe:/a:poppler:poppler:0.9.1 cpe:/a:poppler:poppler:0.9.2 cpe:/a:poppler:poppler:0.9.3 cpe:/a:poppler:poppler:0.10.0 cpe:/a:poppler:poppler:0.10.1 cpe:/a:poppler:poppler:0.10.2 cpe:/a:poppler:poppler:0.10.3 cpe:/a:poppler:poppler:0.10.4 cpe:/a:poppler:poppler:0.10.5 CVE-2009-0166 2009-04-23T13:30:01.610-04:00 2019-03-06T11:30:38.330-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov SUSE SUSE-SA:2009:024 SUSE SUSE-SR:2009:010 SUSE SUSE-SR:2009:012 REDHAT RHSA-2009:0458 GENTOO GLSA-200904-20 SLACKWARE SSA:2009-129-01 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0061 DEBIAN DSA-1790 DEBIAN DSA-1793 MANDRIVA MDVSA-2009:101 MANDRIVA MDVSA-2010:087 REDHAT RHSA-2009:0429 REDHAT RHSA-2009:0430 REDHAT RHSA-2009:0431 REDHAT RHSA-2009:0480 BUGTRAQ 20090417 rPSA-2009-0061-1 cups BID 34568 SECTRACK 1022073 VUPEN ADV-2009-1065 VUPEN ADV-2009-1066 VUPEN ADV-2009-1077 VUPEN ADV-2010-1040 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=490625 FEDORA FEDORA-2009-6972 FEDORA FEDORA-2009-6973 FEDORA FEDORA-2009-6982 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_102::sparc cpe:/o:sun:opensolaris:snv_102::x86 cpe:/o:sun:opensolaris:snv_103::sparc cpe:/o:sun:opensolaris:snv_103::x86 cpe:/o:sun:opensolaris:snv_104::sparc cpe:/o:sun:opensolaris:snv_104::x86 cpe:/o:sun:opensolaris:snv_105::sparc cpe:/o:sun:opensolaris:snv_105::x86 cpe:/o:sun:opensolaris:snv_106::sparc cpe:/o:sun:opensolaris:snv_106::x86 cpe:/o:sun:solaris:10.0::sparc cpe:/o:sun:solaris:10.0::x86 CVE-2009-0167 2009-01-16T16:30:03.483-05:00 2017-09-28T21:33:39.763-04:00 4.7 LOCAL MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov MISC http://opensolaris.org/os/bug_reports/request_sponsor/ CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-139390-01-1 SUNALERT 249306 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-026.htm BID 33269 SECTRACK 1021601 VUPEN ADV-2009-0155 Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability." cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_102::sparc cpe:/o:sun:opensolaris:snv_102::x86 cpe:/o:sun:opensolaris:snv_103::sparc cpe:/o:sun:opensolaris:snv_103::x86 cpe:/o:sun:opensolaris:snv_104::sparc cpe:/o:sun:opensolaris:snv_104::x86 cpe:/o:sun:opensolaris:snv_105::sparc cpe:/o:sun:opensolaris:snv_105::x86 cpe:/o:sun:opensolaris:snv_106::sparc cpe:/o:sun:opensolaris:snv_106::x86 cpe:/o:sun:solaris:10::sparc cpe:/o:sun:solaris:10::x86 CVE-2009-0168 2009-01-16T16:30:03.517-05:00 2017-09-28T21:33:39.840-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov MISC http://opensolaris.org/os/bug_reports/request_sponsor/ CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-139390-01-1 SUNALERT 249306 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-026.htm BID 33269 SECTRACK 1021601 VUPEN ADV-2009-0155 XF solaris-ppdmgr-dos(48143) Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporary files. cpe:/a:sun:java_system_access_manager:7.1::linux cpe:/a:sun:java_system_access_manager:7.1::solaris_sparc cpe:/a:sun:java_system_access_manager:7.1::solaris_x86 cpe:/a:sun:java_system_access_manager:7.1::windows CVE-2009-0169 2009-01-16T16:30:03.530-05:00 2017-08-07T21:33:48.923-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1 SUNALERT 249106 BID 33266 SECTRACK 1021604 VUPEN ADV-2009-0157 XF sun-jsam-subrealm-privilege-escalation(47944) Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. cpe:/a:sun:java_system_access_manager:6.3 cpe:/a:sun:java_system_access_manager:7.0_2005q4 cpe:/a:sun:java_system_access_manager:7.1 CVE-2009-0170 2009-01-16T16:30:03.547-05:00 2018-10-30T12:26:33.030-04:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1 SUNALERT 242166 BID 33265 SECTRACK 1021605 VUPEN ADV-2009-0156 XF sun-jsam-password-info-disclosure(47942) Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console. cpe:/h:sun:sparc_enterprise_server:m4000 cpe:/h:sun:sparc_enterprise_server:m5000 CVE-2009-0171 2009-01-16T16:30:03.563-05:00 2011-06-13T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-19T13:34:00.000-05:00 ALLOWS_ADMIN_ACCESS SUNALERT 249126 BID 33280 SECTRACK 1021602 VUPEN ADV-2009-0207 The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System Control Facility Unit (aka XSCFU or Service Processor), and have unspecified other impact. cpe:/a:ibm:db2_universal_database:9.1::aix cpe:/a:ibm:db2_universal_database:9.1::hp-ux cpe:/a:ibm:db2_universal_database:9.1::linux cpe:/a:ibm:db2_universal_database:9.1::solaris cpe:/a:ibm:db2_universal_database:9.1::windows cpe:/a:ibm:db2_universal_database:9.1:fp2 cpe:/a:ibm:db2_universal_database:9.1:fp2:aix cpe:/a:ibm:db2_universal_database:9.1:fp2:hp-ux cpe:/a:ibm:db2_universal_database:9.1:fp2:linux cpe:/a:ibm:db2_universal_database:9.1:fp2:solaris cpe:/a:ibm:db2_universal_database:9.1:fp2:windows cpe:/a:ibm:db2_universal_database:9.1:fp3:aix cpe:/a:ibm:db2_universal_database:9.1:fp3:hp-ux cpe:/a:ibm:db2_universal_database:9.1:fp3:solaris cpe:/a:ibm:db2_universal_database:9.1:fp4 cpe:/a:ibm:db2_universal_database:9.1:fp4:aix cpe:/a:ibm:db2_universal_database:9.1:fp4:hp-ux cpe:/a:ibm:db2_universal_database:9.1:fp4:linux cpe:/a:ibm:db2_universal_database:9.1:fp4:windows cpe:/a:ibm:db2_universal_database:9.1:fp4a cpe:/a:ibm:db2_universal_database:9.1:fp4a:hp-ux cpe:/a:ibm:db2_universal_database:9.1:fp4a:linux cpe:/a:ibm:db2_universal_database:9.1:fp4a:windows cpe:/a:ibm:db2_universal_database:9.1:ga cpe:/a:ibm:db2_universal_database:9.5 cpe:/a:ibm:db2_universal_database:9.5::aix cpe:/a:ibm:db2_universal_database:9.5::hp-ux cpe:/a:ibm:db2_universal_database:9.5::linux cpe:/a:ibm:db2_universal_database:9.5::solaris cpe:/a:ibm:db2_universal_database:9.5::windows cpe:/a:ibm:db2_universal_database:9.5:fp1:aix cpe:/a:ibm:db2_universal_database:9.5:fp1:hp-ux cpe:/a:ibm:db2_universal_database:9.5:fp1:linux cpe:/a:ibm:db2_universal_database:9.5:fp1:solaris cpe:/a:ibm:db2_universal_database:9.5:fp1:windows CVE-2009-0172 2009-01-16T16:30:03.593-05:00 2017-08-07T21:33:49.047-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT CONFIRM ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT CONFIRM ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT SECTRACK 1021591 BID 33258 VUPEN ADV-2009-0137 AIXAPAR IZ37696 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21363936 XF ibm-db2-connect-stream-dos(47931) Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. cpe:/a:ibm:db2_universal_database:9.1::aix cpe:/a:ibm:db2_universal_database:9.1::hp-ux cpe:/a:ibm:db2_universal_database:9.1::linux cpe:/a:ibm:db2_universal_database:9.1::solaris cpe:/a:ibm:db2_universal_database:9.1::windows cpe:/a:ibm:db2_universal_database:9.1:fp2 cpe:/a:ibm:db2_universal_database:9.1:fp2:aix cpe:/a:ibm:db2_universal_database:9.1:fp2:hp-ux cpe:/a:ibm:db2_universal_database:9.1:fp2:linux cpe:/a:ibm:db2_universal_database:9.1:fp2:solaris cpe:/a:ibm:db2_universal_database:9.1:fp2:windows cpe:/a:ibm:db2_universal_database:9.1:fp3:aix cpe:/a:ibm:db2_universal_database:9.1:fp3:hp-ux cpe:/a:ibm:db2_universal_database:9.1:fp3:solaris cpe:/a:ibm:db2_universal_database:9.1:fp4 cpe:/a:ibm:db2_universal_database:9.1:fp4:aix cpe:/a:ibm:db2_universal_database:9.1:fp4:hp-ux cpe:/a:ibm:db2_universal_database:9.1:fp4:linux cpe:/a:ibm:db2_universal_database:9.1:fp4:windows cpe:/a:ibm:db2_universal_database:9.1:fp4a cpe:/a:ibm:db2_universal_database:9.1:fp4a:hp-ux cpe:/a:ibm:db2_universal_database:9.1:fp4a:linux cpe:/a:ibm:db2_universal_database:9.1:fp4a:windows cpe:/a:ibm:db2_universal_database:9.1:ga cpe:/a:ibm:db2_universal_database:9.5 cpe:/a:ibm:db2_universal_database:9.5::aix cpe:/a:ibm:db2_universal_database:9.5::hp-ux cpe:/a:ibm:db2_universal_database:9.5::linux cpe:/a:ibm:db2_universal_database:9.5::solaris cpe:/a:ibm:db2_universal_database:9.5::windows cpe:/a:ibm:db2_universal_database:9.5:fp1:aix cpe:/a:ibm:db2_universal_database:9.5:fp1:hp-ux cpe:/a:ibm:db2_universal_database:9.5:fp1:linux cpe:/a:ibm:db2_universal_database:9.5:fp1:solaris cpe:/a:ibm:db2_universal_database:9.5:fp1:windows CVE-2009-0173 2009-01-16T16:30:03.610-05:00 2017-08-07T21:33:49.110-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT CONFIRM ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT CONFIRM ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT SECTRACK 1021591 BID 33258 VUPEN ADV-2009-0137 AIXAPAR IZ39652 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21363936 XF ibm-db2-datastream-dos(47934) Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream. cpe:/a:vuplayer:vuplayer:2.49 CVE-2009-0174 2009-01-20T11:00:08.967-05:00 2017-09-28T21:33:39.917-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SREASON 4918 BID 33185 XF vuplayer-asx-bo(47851) EXPLOIT-DB 7709 EXPLOIT-DB 7713 EXPLOIT-DB 7714 EXPLOIT-DB 7715 Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file. cpe:/a:heathcosoft:mp3_trackmaker:1.5 CVE-2009-0175 2009-01-20T11:00:08.983-05:00 2017-09-28T21:33:39.980-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SREASON 4920 BID 33183 XF mp3trackmaker-mp3-bo(47852) EXPLOIT-DB 7708 Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an invalid .mp3 file. cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.3 cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.4 cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.5 cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.6 cpe:/a:research_in_motion_limited:blackberry_professional_software:4.1.4 cpe:/a:research_in_motion_limited:blackberry_unite:1.0 cpe:/a:research_in_motion_limited:blackberry_unite:1.0.1 cpe:/a:research_in_motion_limited:blackberry_unite:1.0.2 cpe:/a:research_in_motion_limited:blackberry_unite:1.0.3 CVE-2009-0176 2009-01-20T11:00:09.000-05:00 2009-05-18T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-20T12:34:00.000-05:00 IDEFENSE 20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'symWidths' Heap Overflow Vulnerability IDEFENSE 20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller 'bitmaps' Heap Overflow Vulnerability CONFIRM http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118 CONFIRM http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119 BID 33224 Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps." cpe:/a:vmware:ace:2.5.0 cpe:/a:vmware:ace:2.5.1 cpe:/a:vmware:fusion:2.0.1 cpe:/a:vmware:server:2.0.0 cpe:/a:vmware:vmware_player:1.0.0 cpe:/a:vmware:vmware_player:1.0.1 cpe:/a:vmware:vmware_player:1.0.2 cpe:/a:vmware:vmware_player:1.0.3 cpe:/a:vmware:vmware_player:1.0.4 cpe:/a:vmware:vmware_player:1.0.6 cpe:/a:vmware:vmware_player:1.0.7 cpe:/a:vmware:vmware_player:1.0.8 cpe:/a:vmware:vmware_player:1.0.9 cpe:/a:vmware:vmware_player:1.05 cpe:/a:vmware:vmware_player:2.0 cpe:/a:vmware:vmware_player:2.0.1 cpe:/a:vmware:vmware_player:2.0.2 cpe:/a:vmware:vmware_player:2.0.3 cpe:/a:vmware:vmware_player:2.0.4 cpe:/a:vmware:vmware_player:2.0.5 cpe:/a:vmware:vmware_player:2.5 cpe:/a:vmware:vmware_player:2.5.1 cpe:/a:vmware:vmware_workstation:4.5.3 cpe:/a:vmware:vmware_workstation:5.0 cpe:/a:vmware:vmware_workstation:5.5.0 cpe:/a:vmware:vmware_workstation:5.5.1 cpe:/a:vmware:vmware_workstation:5.5.2 cpe:/a:vmware:vmware_workstation:5.5.3 cpe:/a:vmware:vmware_workstation:5.5.4 cpe:/a:vmware:vmware_workstation:5.5.5 cpe:/a:vmware:vmware_workstation:5.5.6 cpe:/a:vmware:vmware_workstation:5.5.7 cpe:/a:vmware:vmware_workstation:5.5.8 cpe:/a:vmware:vmware_workstation:6.0 cpe:/a:vmware:vmware_workstation:6.0.1 cpe:/a:vmware:vmware_workstation:6.0.2 cpe:/a:vmware:vmware_workstation:6.0.3 cpe:/a:vmware:vmware_workstation:6.0.4 cpe:/a:vmware:vmware_workstation:6.0.5 cpe:/a:vmware:vmware_workstation:6.5 cpe:/a:vmware:vmware_workstation:6.51 CVE-2009-0177 2009-01-20T11:00:09.030-05:00 2017-10-18T21:30:16.987-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov MLIST [security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues FULLDISC 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues BID 34373 SECTRACK 1021512 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0005.html VUPEN ADV-2009-0024 VUPEN ADV-2009-0944 EXPLOIT-DB 7647 vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command. cpe:/a:ibm:hardware_management_console:7.3.2.0:sp1 CVE-2009-0178 2009-01-20T11:30:00.420-05:00 2017-08-07T21:33:49.283-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BID 33293 VUPEN ADV-2009-0158 CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4521 XF ibm-hmc-unspecified(48010) Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors. cpe:/a:igno_saitz:libmikmod:3.1.9-1 cpe:/a:igno_saitz:libmikmod:3.1.9-2 cpe:/a:igno_saitz:libmikmod:3.1.9-3 cpe:/a:igno_saitz:libmikmod:3.1.9-4 cpe:/a:igno_saitz:libmikmod:3.1.9-5 cpe:/a:igno_saitz:libmikmod:3.1.9-6 cpe:/a:igno_saitz:libmikmod:3.1.10-1 cpe:/a:igno_saitz:libmikmod:3.1.10-2 cpe:/a:igno_saitz:libmikmod:3.1.10-3 cpe:/a:igno_saitz:libmikmod:3.1.10-4 cpe:/a:igno_saitz:libmikmod:3.1.10-5 cpe:/a:igno_saitz:libmikmod:3.1.11-1 cpe:/a:igno_saitz:libmikmod:3.1.11-2 cpe:/a:igno_saitz:libmikmod:3.1.11-3 cpe:/a:igno_saitz:libmikmod:3.1.11-4 cpe:/a:igno_saitz:libmikmod:3.1.11-5 cpe:/a:igno_saitz:libmikmod:3.1.11-6 cpe:/a:igno_saitz:libmikmod:3.1.12 cpe:/a:igno_saitz:libmikmod:3.2.0 CVE-2009-0179 2009-01-20T11:30:00.453-05:00 2009-09-02T01:20:21.140-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476339 SUSE SUSE-SR:2009:006 MLIST [oss-security] 20090113 CVE Request -- libmikmod BID 33240 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=479833 FEDORA FEDORA-2009-9095 FEDORA FEDORA-2009-9112 libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. cpe:/a:nfs:nfs-utils:0.2 cpe:/a:nfs:nfs-utils:0.2.1 cpe:/a:nfs:nfs-utils:0.3.1 cpe:/a:nfs:nfs-utils:0.3.3 cpe:/a:nfs:nfs-utils:1.0 cpe:/a:nfs:nfs-utils:1.0.1 cpe:/a:nfs:nfs-utils:1.0.2 cpe:/a:nfs:nfs-utils:1.0.3 cpe:/a:nfs:nfs-utils:1.0.4 cpe:/a:nfs:nfs-utils:1.0.6 cpe:/a:nfs:nfs-utils:1.0.7 cpe:/a:nfs:nfs-utils:1.0.7:pre-1 cpe:/a:nfs:nfs-utils:1.0.7:pre-2 cpe:/a:nfs:nfs-utils:1.0.8 cpe:/a:nfs:nfs-utils:1.0.8:rc-1 cpe:/a:nfs:nfs-utils:1.0.8:rc-2 cpe:/a:nfs:nfs-utils:1.0.8:rc-3 cpe:/a:nfs:nfs-utils:1.0.8:rc-4 cpe:/a:nfs:nfs-utils:1.0.9 cpe:/a:nfs:nfs-utils:1.0.10 cpe:/a:nfs:nfs-utils:1.0.11 cpe:/a:nfs:nfs-utils:1.0.12 cpe:/a:nfs:nfs-utils:1.1.0 cpe:/a:nfs:nfs-utils:1.1.0:rc-1 cpe:/a:nfs:nfs-utils:1.1.1 cpe:/a:nfs:nfs-utils:1.1.2 cpe:/a:nfs:nfs-utils:1.1.3 cpe:/a:nfs:nfs-utils:1.1.4 CVE-2009-0180 2009-01-20T11:30:00.467-05:00 2017-08-07T21:33:49.343-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33294 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=477864 XF nfsutils-tcpwrapper-security-bypass(48058) FEDORA FEDORA-2009-0266 FEDORA FEDORA-2009-0297 Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. cpe:/a:vuplayer:vuplayer CVE-2009-0181 2009-01-20T11:30:00.483-05:00 2018-10-11T17:00:34.143-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SREASON 4921 BUGTRAQ 20090106 VUPLAYER BufferOver flow POC XF vuplayer-file-bo(48169) Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters. cpe:/a:vuplayer:vuplayer:0.1 cpe:/a:vuplayer:vuplayer:0.2 cpe:/a:vuplayer:vuplayer:0.3 cpe:/a:vuplayer:vuplayer:0.4 cpe:/a:vuplayer:vuplayer:0.5 cpe:/a:vuplayer:vuplayer:0.6 cpe:/a:vuplayer:vuplayer:0.7 cpe:/a:vuplayer:vuplayer:0.8 cpe:/a:vuplayer:vuplayer:0.9 cpe:/a:vuplayer:vuplayer:1.0 cpe:/a:vuplayer:vuplayer:1.1 cpe:/a:vuplayer:vuplayer:1.2 cpe:/a:vuplayer:vuplayer:1.3 cpe:/a:vuplayer:vuplayer:1.4 cpe:/a:vuplayer:vuplayer:1.5 cpe:/a:vuplayer:vuplayer:1.6 cpe:/a:vuplayer:vuplayer:1.7 cpe:/a:vuplayer:vuplayer:1.8 cpe:/a:vuplayer:vuplayer:1.9 cpe:/a:vuplayer:vuplayer:2.0 cpe:/a:vuplayer:vuplayer:2.1 cpe:/a:vuplayer:vuplayer:2.2 cpe:/a:vuplayer:vuplayer:2.3 cpe:/a:vuplayer:vuplayer:2.4 cpe:/a:vuplayer:vuplayer:2.11 cpe:/a:vuplayer:vuplayer:2.21 cpe:/a:vuplayer:vuplayer:2.22 cpe:/a:vuplayer:vuplayer:2.23 cpe:/a:vuplayer:vuplayer:2.41 cpe:/a:vuplayer:vuplayer:2.42 cpe:/a:vuplayer:vuplayer:2.43 cpe:/a:vuplayer:vuplayer:2.44 cpe:/a:vuplayer:vuplayer:2.45 cpe:/a:vuplayer:vuplayer:2.46 cpe:/a:vuplayer:vuplayer:2.47 cpe:/a:vuplayer:vuplayer:2.48 cpe:/a:vuplayer:vuplayer:2.49 CVE-2009-0182 2009-01-20T11:30:00.500-05:00 2017-09-28T21:33:40.120-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SREASON 4923 XF vuplayer-fileline-bo(48170) EXPLOIT-DB 7695 Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line. cpe:/a:free_download_manager:free_download_manager:2.5 cpe:/a:free_download_manager:free_download_manager:3.0 CVE-2009-0183 2009-02-03T14:30:00.250-05:00 2018-10-11T17:00:34.440-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BUGTRAQ 20090202 Secunia Research: Free Download Manager Remote Control Server Buffer Overflow BID 33554 VUPEN ADV-2009-0302 EXPLOIT-DB 7986 Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request. cpe:/a:free_download_manager:free_download_manager:2.5 cpe:/a:free_download_manager:free_download_manager:3.0 CVE-2009-0184 2009-02-03T14:30:00.297-05:00 2018-10-11T17:00:35.020-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090202 Secunia Research: Free Download Manager Torrent Parsing Buffer Overflows BID 33555 VUPEN ADV-2009-0302 Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file. cpe:/a:apple:quicktime:- cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:4.1.2:-:mac cpe:/a:apple:quicktime:4.1.2:-:windows cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:5.0.1:-:mac cpe:/a:apple:quicktime:5.0.1:-:windows cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:5.0.2:-:mac cpe:/a:apple:quicktime:5.0.2:-:windows cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:6.0:-:windows cpe:/a:apple:quicktime:6.0.0 cpe:/a:apple:quicktime:6.0.0:-:mac cpe:/a:apple:quicktime:6.0.0:-:windows cpe:/a:apple:quicktime:6.0.1 cpe:/a:apple:quicktime:6.0.1:-:mac cpe:/a:apple:quicktime:6.0.1:-:windows cpe:/a:apple:quicktime:6.0.2 cpe:/a:apple:quicktime:6.0.2:-:mac cpe:/a:apple:quicktime:6.0.2:-:windows cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:6.1.0 cpe:/a:apple:quicktime:6.1.0:-:mac cpe:/a:apple:quicktime:6.1.0:-:windows cpe:/a:apple:quicktime:6.1.1 cpe:/a:apple:quicktime:6.1.1:-:mac cpe:/a:apple:quicktime:6.1.1:-:windows cpe:/a:apple:quicktime:6.2.0 cpe:/a:apple:quicktime:6.2.0:-:mac cpe:/a:apple:quicktime:6.2.0:-:windows cpe:/a:apple:quicktime:6.3.0 cpe:/a:apple:quicktime:6.3.0:-:mac cpe:/a:apple:quicktime:6.3.0:-:windows cpe:/a:apple:quicktime:6.4.0 cpe:/a:apple:quicktime:6.4.0:-:mac cpe:/a:apple:quicktime:6.4.0:-:windows cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:6.5.0 cpe:/a:apple:quicktime:6.5.0:-:mac cpe:/a:apple:quicktime:6.5.0:-:windows cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:6.5.1:-:mac cpe:/a:apple:quicktime:6.5.1:-:windows cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:6.5.2:-:mac cpe:/a:apple:quicktime:6.5.2:-:windows cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0::windows cpe:/a:apple:quicktime:7.0:-:windows cpe:/a:apple:quicktime:7.0.0 cpe:/a:apple:quicktime:7.0.0:-:mac cpe:/a:apple:quicktime:7.0.0:-:windows cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.1::windows cpe:/a:apple:quicktime:7.0.1:-:mac cpe:/a:apple:quicktime:7.0.1:-:windows cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.2::windows cpe:/a:apple:quicktime:7.0.2:-:mac cpe:/a:apple:quicktime:7.0.2:-:windows cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.3:-:mac cpe:/a:apple:quicktime:7.0.3:-:windows cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.0.4:-:mac cpe:/a:apple:quicktime:7.0.4:-:windows cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.0 cpe:/a:apple:quicktime:7.1.0:-:mac cpe:/a:apple:quicktime:7.1.0:-:windows cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.1:-:mac cpe:/a:apple:quicktime:7.1.1:-:windows cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.2:-:mac cpe:/a:apple:quicktime:7.1.2:-:windows cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.3:-:mac cpe:/a:apple:quicktime:7.1.3:-:windows cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.4:-:mac cpe:/a:apple:quicktime:7.1.4:-:windows cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.5:-:mac cpe:/a:apple:quicktime:7.1.5:-:windows cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.1.6:-:mac cpe:/a:apple:quicktime:7.1.6:-:windows cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.2::vista cpe:/a:apple:quicktime:7.2.0 cpe:/a:apple:quicktime:7.2.0:-:mac cpe:/a:apple:quicktime:7.2.0:-:windows cpe:/a:apple:quicktime:7.2.1 cpe:/a:apple:quicktime:7.2.1:-:mac cpe:/a:apple:quicktime:7.2.1:-:windows cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.3.0 cpe:/a:apple:quicktime:7.3.0:-:mac cpe:/a:apple:quicktime:7.3.0:-:windows cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1:-:mac cpe:/a:apple:quicktime:7.3.1:-:windows cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.4.0 cpe:/a:apple:quicktime:7.4.0:-:mac cpe:/a:apple:quicktime:7.4.0:-:windows cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.1:-:mac cpe:/a:apple:quicktime:7.4.1:-:windows cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.4.5:-:mac cpe:/a:apple:quicktime:7.4.5:-:windows cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:7.5.0 cpe:/a:apple:quicktime:7.5.0:-:mac cpe:/a:apple:quicktime:7.5.0:-:windows cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:7.5.5:-:mac cpe:/a:apple:quicktime:7.5.5:-:windows cpe:/a:apple:quicktime:7.6.0 cpe:/a:apple:quicktime:7.6.1 CVE-2009-0185 2009-06-02T14:30:00.187-04:00 2018-10-30T12:25:17.590-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov APPLE APPLE-SA-2009-06-01-1 CONFIRM http://support.apple.com/kb/HT3591 BUGTRAQ 20090602 Secunia Research: Apple QuickTime MS ADPCM Encoding Buffer Overflow BID 35163 SECTRACK 1022314 VUPEN ADV-2009-1469 XF quicktime-msadpcm-bo(50894) Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file. cpe:/a:mega-nerd:libsndfile:0.0.8 cpe:/a:mega-nerd:libsndfile:0.0.28 cpe:/a:mega-nerd:libsndfile:1.0.0 cpe:/a:mega-nerd:libsndfile:1.0.0:rc1 cpe:/a:mega-nerd:libsndfile:1.0.0:rc6 cpe:/a:mega-nerd:libsndfile:1.0.1 cpe:/a:mega-nerd:libsndfile:1.0.2 cpe:/a:mega-nerd:libsndfile:1.0.3 cpe:/a:mega-nerd:libsndfile:1.0.4 cpe:/a:mega-nerd:libsndfile:1.0.5 cpe:/a:mega-nerd:libsndfile:1.0.6 cpe:/a:mega-nerd:libsndfile:1.0.7 cpe:/a:mega-nerd:libsndfile:1.0.8 cpe:/a:mega-nerd:libsndfile:1.0.9 cpe:/a:mega-nerd:libsndfile:1.0.10 cpe:/a:mega-nerd:libsndfile:1.0.11 cpe:/a:mega-nerd:libsndfile:1.0.12 cpe:/a:mega-nerd:libsndfile:1.0.13 cpe:/a:mega-nerd:libsndfile:1.0.14 cpe:/a:mega-nerd:libsndfile:1.0.15 cpe:/a:mega-nerd:libsndfile:1.0.16 cpe:/a:mega-nerd:libsndfile:1.0.17 cpe:/a:mega-nerd:libsndfile:1.0.18 cpe:/a:nullsoft:winamp:5.55 cpe:/a:nullsoft:winamp:5.541 CVE-2009-0186 2009-03-04T21:30:00.280-05:00 2018-10-11T17:00:36.940-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUSE SUSE-SR:2009:008 GENTOO GLSA-200904-16 DEBIAN DSA-1742 CONFIRM http://www.mega-nerd.com/libsndfile/NEWS BUGTRAQ 20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability BUGTRAQ 20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability BID 33963 SECTRACK 1021784 UBUNTU USN-749-1 VUPEN ADV-2009-0584 VUPEN ADV-2009-0585 XF libsndfile-caf-bo(49038) Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow. cpe:/a:orbitdownloader:orbit_downloader:2.8.2 cpe:/a:orbitdownloader:orbit_downloader:2.8.3 cpe:/a:orbitdownloader:orbit_downloader:2.8.4 CVE-2009-0187 2009-02-26T11:17:19.827-05:00 2018-10-11T17:00:39.127-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090225 Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow BID 33894 VUPEN ADV-2009-0521 XF orbitdownloader-connecting-bo(48932) Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message. cpe:/a:apple:quicktime:- cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:4.1.2:-:mac cpe:/a:apple:quicktime:4.1.2:-:windows cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:5.0.1:-:mac cpe:/a:apple:quicktime:5.0.1:-:windows cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:5.0.2:-:mac cpe:/a:apple:quicktime:5.0.2:-:windows cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:6.0:-:windows cpe:/a:apple:quicktime:6.0.0 cpe:/a:apple:quicktime:6.0.0:-:mac cpe:/a:apple:quicktime:6.0.0:-:windows cpe:/a:apple:quicktime:6.0.1 cpe:/a:apple:quicktime:6.0.1:-:mac cpe:/a:apple:quicktime:6.0.1:-:windows cpe:/a:apple:quicktime:6.0.2 cpe:/a:apple:quicktime:6.0.2:-:mac cpe:/a:apple:quicktime:6.0.2:-:windows cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:6.1.0 cpe:/a:apple:quicktime:6.1.0:-:mac cpe:/a:apple:quicktime:6.1.0:-:windows cpe:/a:apple:quicktime:6.1.1 cpe:/a:apple:quicktime:6.1.1:-:mac cpe:/a:apple:quicktime:6.1.1:-:windows cpe:/a:apple:quicktime:6.2.0 cpe:/a:apple:quicktime:6.2.0:-:mac cpe:/a:apple:quicktime:6.2.0:-:windows cpe:/a:apple:quicktime:6.3.0 cpe:/a:apple:quicktime:6.3.0:-:mac cpe:/a:apple:quicktime:6.3.0:-:windows cpe:/a:apple:quicktime:6.4.0 cpe:/a:apple:quicktime:6.4.0:-:mac cpe:/a:apple:quicktime:6.4.0:-:windows cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:6.5.0 cpe:/a:apple:quicktime:6.5.0:-:mac cpe:/a:apple:quicktime:6.5.0:-:windows cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:6.5.1:-:mac cpe:/a:apple:quicktime:6.5.1:-:windows cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:6.5.2:-:mac cpe:/a:apple:quicktime:6.5.2:-:windows cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0::windows cpe:/a:apple:quicktime:7.0:-:windows cpe:/a:apple:quicktime:7.0.0 cpe:/a:apple:quicktime:7.0.0:-:mac cpe:/a:apple:quicktime:7.0.0:-:windows cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.1::windows cpe:/a:apple:quicktime:7.0.1:-:mac cpe:/a:apple:quicktime:7.0.1:-:windows cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.2::windows cpe:/a:apple:quicktime:7.0.2:-:mac cpe:/a:apple:quicktime:7.0.2:-:windows cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.3:-:mac cpe:/a:apple:quicktime:7.0.3:-:windows cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.0.4:-:mac cpe:/a:apple:quicktime:7.0.4:-:windows cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.0 cpe:/a:apple:quicktime:7.1.0:-:mac cpe:/a:apple:quicktime:7.1.0:-:windows cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.1:-:mac cpe:/a:apple:quicktime:7.1.1:-:windows cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.2:-:mac cpe:/a:apple:quicktime:7.1.2:-:windows cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.3:-:mac cpe:/a:apple:quicktime:7.1.3:-:windows cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.4:-:mac cpe:/a:apple:quicktime:7.1.4:-:windows cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.5:-:mac cpe:/a:apple:quicktime:7.1.5:-:windows cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.1.6:-:mac cpe:/a:apple:quicktime:7.1.6:-:windows cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.2::vista cpe:/a:apple:quicktime:7.2.0 cpe:/a:apple:quicktime:7.2.0:-:mac cpe:/a:apple:quicktime:7.2.0:-:windows cpe:/a:apple:quicktime:7.2.1 cpe:/a:apple:quicktime:7.2.1:-:mac cpe:/a:apple:quicktime:7.2.1:-:windows cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.3.0 cpe:/a:apple:quicktime:7.3.0:-:mac cpe:/a:apple:quicktime:7.3.0:-:windows cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1:-:mac cpe:/a:apple:quicktime:7.3.1:-:windows cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.4.0 cpe:/a:apple:quicktime:7.4.0:-:mac cpe:/a:apple:quicktime:7.4.0:-:windows cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.1:-:mac cpe:/a:apple:quicktime:7.4.1:-:windows cpe:/a:apple:quicktime:7.4.4 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.4.5:-:mac cpe:/a:apple:quicktime:7.4.5:-:windows cpe:/a:apple:quicktime:7.5 cpe:/a:apple:quicktime:7.5.0 cpe:/a:apple:quicktime:7.5.0:-:mac cpe:/a:apple:quicktime:7.5.0:-:windows cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:7.5.5:-:mac cpe:/a:apple:quicktime:7.5.5:-:windows cpe:/a:apple:quicktime:7.6.0 cpe:/a:apple:quicktime:7.6.1 CVE-2009-0188 2009-06-02T14:30:00.203-04:00 2018-10-30T12:25:17.590-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov APPLE APPLE-SA-2009-06-01-1 CONFIRM http://support.apple.com/kb/HT3591 BUGTRAQ 20090602 Secunia Research: QuickTime Sorenson Video 3 Content Parsing Vulnerability BID 35159 SECTRACK 1022314 VUPEN ADV-2009-1469 XF quicktime-sorensonvideo-code-execution(50886) Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file. CVE-2009-0189 2011-02-01T14:00:03.890-05:00 2011-02-01T14:00:38.877-05:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1012. Reason: This candidate is a reservation duplicate of CVE-2009-1012. Notes: All CVE users should reference CVE-2009-1012 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2009-0190 2011-02-01T14:00:39.033-05:00 2011-02-01T14:00:39.313-05:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1016. Reason: This candidate is a reservation duplicate of CVE-2009-1016. Notes: All CVE users should reference CVE-2009-1016 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:foxitsoftware:foxit_reader:2.3 cpe:/a:foxitsoftware:foxit_reader:3.0 cpe:/a:foxitsoftware:foxit_reader:3.0.2009.1301 CVE-2009-0191 2009-03-10T16:30:06.547-04:00 2018-10-11T17:00:41.097-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://www.foxitsoftware.com/pdf/reader/security.htm#Processing BUGTRAQ 20090309 Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability BID 34035 SECTRACK 1021822 VUPEN ADV-2009-0634 XF foxitreader-jbig2-code-execution(49135) Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location. cpe:/a:novell:edirectory:8.8:sp3 cpe:/a:novell:edirectory:8.8:sp3:ftf3 CVE-2009-0192 2009-07-14T16:30:00.187-04:00 2018-10-11T17:00:41.787-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://www.novell.com/support/viewContent.do?externalId=3426981 BUGTRAQ 20090714 Secunia Research: Novell eDirectory iMonitor "Accept-Language" Buffer Overflow BID 35666 VUPEN ADV-2009-1883 XF edirectory-imonitor-acceptlanguage-bo(51703) Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow. cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat_reader:7.0.9 cpe:/a:adobe:acrobat_reader:7.1.0 cpe:/a:adobe:acrobat_reader:8.0 cpe:/a:adobe:acrobat_reader:8.1 cpe:/a:adobe:acrobat_reader:8.1.1 cpe:/a:adobe:acrobat_reader:8.1.2 cpe:/a:adobe:acrobat_reader:8.1.3 cpe:/a:adobe:acrobat_reader:9.0 CVE-2009-0193 2009-03-24T21:30:00.390-04:00 2018-11-08T15:27:53.853-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2018-11-07T09:57:57.653-05:00 SUSE SUSE-SA:2009:014 SUSE SUSE-SR:2009:009 GENTOO GLSA-200904-17 SUNALERT 256788 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-04.html REDHAT RHSA-2009:0376 BUGTRAQ 20090325 Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow BID 34229 SECTRACK 1021892 VUPEN ADV-2009-1019 Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062. cpe:/a:garmin:garmin_communicator_plugin:2.6.4.0 CVE-2009-0194 2009-05-11T11:30:00.313-04:00 2018-10-11T17:00:43.863-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SECTRACK 1022173 BUGTRAQ 20090507 Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass BID 34858 XF communicator-domain-security-bypass(50360) The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error." cpe:/a:apple:cups:1.3.9 cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.7a cpe:/a:foolabs:xpdf:0.91a cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.92c cpe:/a:foolabs:xpdf:0.92d cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.93a cpe:/a:foolabs:xpdf:0.93b cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:1.00a cpe:/a:foolabs:xpdf:3.0.1 cpe:/a:glyphandcog:xpdfreader:0.2 cpe:/a:glyphandcog:xpdfreader:0.3 cpe:/a:glyphandcog:xpdfreader:0.4 cpe:/a:glyphandcog:xpdfreader:0.5 cpe:/a:glyphandcog:xpdfreader:0.6 cpe:/a:glyphandcog:xpdfreader:0.7 cpe:/a:glyphandcog:xpdfreader:0.80 cpe:/a:glyphandcog:xpdfreader:0.90 cpe:/a:glyphandcog:xpdfreader:0.91 cpe:/a:glyphandcog:xpdfreader:0.92 cpe:/a:glyphandcog:xpdfreader:0.93 cpe:/a:glyphandcog:xpdfreader:1.00 cpe:/a:glyphandcog:xpdfreader:1.01 cpe:/a:glyphandcog:xpdfreader:2.00 cpe:/a:glyphandcog:xpdfreader:2.01 cpe:/a:glyphandcog:xpdfreader:2.02 cpe:/a:glyphandcog:xpdfreader:2.03 cpe:/a:glyphandcog:xpdfreader:3.00 cpe:/a:glyphandcog:xpdfreader:3.02 CVE-2009-0195 2009-04-23T13:30:01.627-04:00 2019-03-06T11:30:38.330-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov REDHAT RHSA-2009:0458 MANDRIVA MDVSA-2010:087 REDHAT RHSA-2009:0480 BUGTRAQ 20090417 Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow BUGTRAQ 20090417 Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability BID 34791 VUPEN ADV-2010-1040 Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments. cpe:/a:ghostscript:ghostscript:0 cpe:/a:ghostscript:ghostscript:5.50 cpe:/a:ghostscript:ghostscript:7.07 cpe:/a:ghostscript:ghostscript:8.0.1 cpe:/a:ghostscript:ghostscript:8.15 cpe:/a:ghostscript:ghostscript:8.15.2 cpe:/a:ghostscript:ghostscript:8.54 cpe:/a:ghostscript:ghostscript:8.56 cpe:/a:ghostscript:ghostscript:8.57 cpe:/a:ghostscript:ghostscript:8.60 cpe:/a:ghostscript:ghostscript:8.61 cpe:/a:ghostscript:ghostscript:8.62 cpe:/a:ghostscript:ghostscript:8.63 cpe:/a:ghostscript:ghostscript:8.64 CVE-2009-0196 2009-04-16T11:12:57.343-04:00 2018-10-11T17:00:46.097-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SR:2009:009 SUSE SUSE-SR:2009:011 GENTOO GLSA-201412-17 SUNALERT 262288 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0060 MANDRIVA MDVSA-2009:095 REDHAT RHSA-2009:0421 BUGTRAQ 20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow BUGTRAQ 20090417 rPSA-2009-0060-1 ghostscript BID 34445 SECTRACK 1022029 VUPEN ADV-2009-0983 VUPEN ADV-2009-1708 MISC https://bugzilla.redhat.com/attachment.cgi?id=337747 UBUNTU USN-757-1 FEDORA FEDORA-2009-3709 FEDORA FEDORA-2009-3710 Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value. cpe:/a:irfanview:formats:4.00 cpe:/a:irfanview:formats:4.10 cpe:/a:irfanview:formats:4.20 cpe:/a:irfanview:formats:4.22 CVE-2009-0197 2009-04-09T11:08:35.593-04:00 2018-10-11T17:00:49.207-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://www.irfanview.com/plugins.htm BUGTRAQ 20090407 Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow BID 34402 VUPEN ADV-2009-0953 XF irfanview-formatsplugin-xpm-bo(49717) Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow. cpe:/a:adobe:acrobat:7.0 cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat:7.0.1 cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat:7.0.2 cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat:7.0.2::standard cpe:/a:adobe:acrobat:7.0.3 cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat:7.0.4 cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat:7.0.5 cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat:7.0.6 cpe:/a:adobe:acrobat:7.0.6::professional cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0.7 cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.8 cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat:7.0.9 cpe:/a:adobe:acrobat:7.0.9::professional cpe:/a:adobe:acrobat:7.1 cpe:/a:adobe:acrobat:7.1::professional cpe:/a:adobe:acrobat:7.1::standard cpe:/a:adobe:acrobat:7.1.0 cpe:/a:adobe:acrobat:7.1.1 cpe:/a:adobe:acrobat:7.1.1::standard cpe:/a:adobe:acrobat:8.0 cpe:/a:adobe:acrobat:8.0::professional cpe:/a:adobe:acrobat:8.0::standard cpe:/a:adobe:acrobat:8.1 cpe:/a:adobe:acrobat:8.1::standard cpe:/a:adobe:acrobat:8.1.1 cpe:/a:adobe:acrobat:8.1.1::professional cpe:/a:adobe:acrobat:8.1.1::standard cpe:/a:adobe:acrobat:8.1.2 cpe:/a:adobe:acrobat:8.1.2::professional cpe:/a:adobe:acrobat:8.1.2::standard cpe:/a:adobe:acrobat:8.1.2:security_update:professional cpe:/a:adobe:acrobat:8.1.3 cpe:/a:adobe:acrobat:8.1.3::professional cpe:/a:adobe:acrobat:8.1.3::standard cpe:/a:adobe:acrobat:8.1.4 cpe:/a:adobe:acrobat:8.1.4::professional cpe:/a:adobe:acrobat:8.1.4::standard cpe:/a:adobe:acrobat:9 cpe:/a:adobe:acrobat:9.0 cpe:/a:adobe:acrobat:9.0::standard cpe:/a:adobe:acrobat:9.0.0 cpe:/a:adobe:acrobat:9.1 cpe:/a:adobe:acrobat:9.1::standard cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat_reader:7.0.9 cpe:/a:adobe:acrobat_reader:7.1 cpe:/a:adobe:acrobat_reader:7.1.1 cpe:/a:adobe:acrobat_reader:8.0 cpe:/a:adobe:acrobat_reader:8.1 cpe:/a:adobe:acrobat_reader:8.1.1 cpe:/a:adobe:acrobat_reader:8.1.2 cpe:/a:adobe:acrobat_reader:8.1.2:security_update cpe:/a:adobe:acrobat_reader:8.1.3 cpe:/a:adobe:acrobat_reader:8.1.4 cpe:/a:adobe:acrobat_reader:8.1.5 cpe:/a:adobe:acrobat_reader:9 cpe:/a:adobe:acrobat_reader:9.1 cpe:/a:adobe:acrobat_reader:9.1.1 CVE-2009-0198 2009-06-11T11:30:00.203-04:00 2018-10-11T17:00:49.910-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SA:2009:035 SUSE SUSE-SR:2009:012 GENTOO GLSA-200907-06 SECTRACK 1022361 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-07.html REDHAT RHSA-2009:1109 BUGTRAQ 20090610 Secunia Research: Adobe Reader JBIG2 Text Region Segment Buffer Overflow BID 35274 BID 35302 CERT TA09-161A VUPEN ADV-2009-1547 XF reader-acrobat-jbig2-code-exec(51015) Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding. cpe:/a:vmware:ace:2.5.0 cpe:/a:vmware:ace:2.5.1 cpe:/a:vmware:ace:2.5.2 cpe:/a:vmware:movie_decoder:6.5.3 cpe:/a:vmware:player:2.5 cpe:/a:vmware:player:2.5.1 cpe:/a:vmware:player:2.5.2 cpe:/a:vmware:player:2.5.2_build_156735 cpe:/a:vmware:workstation:6.5 cpe:/a:vmware:workstation:6.5.0 cpe:/a:vmware:workstation:6.5.1 cpe:/a:vmware:workstation:6.5.2 CVE-2009-0199 2009-09-08T18:30:00.217-04:00 2018-10-11T17:00:51.943-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MLIST [security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues. BUGTRAQ 20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues. BID 36290 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0012.html VUPEN ADV-2009-2553 Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters). cpe:/a:openoffice:openoffice.org:1.0-ru cpe:/a:openoffice:openoffice.org:1.0.0 cpe:/a:openoffice:openoffice.org:1.0.1 cpe:/a:openoffice:openoffice.org:1.0.2 cpe:/a:openoffice:openoffice.org:1.0.3.1 cpe:/a:openoffice:openoffice.org:1.1 cpe:/a:openoffice:openoffice.org:1.1:beta cpe:/a:openoffice:openoffice.org:1.1:beta2 cpe:/a:openoffice:openoffice.org:1.1:rc1 cpe:/a:openoffice:openoffice.org:1.1:rc3 cpe:/a:openoffice:openoffice.org:1.1.1 cpe:/a:openoffice:openoffice.org:1.1.2 cpe:/a:openoffice:openoffice.org:1.1.3 cpe:/a:openoffice:openoffice.org:1.1.4 cpe:/a:openoffice:openoffice.org:1.1.5 cpe:/a:openoffice:openoffice.org:1.9.84 cpe:/a:openoffice:openoffice.org:1.9.87 cpe:/a:openoffice:openoffice.org:1.9.91 cpe:/a:openoffice:openoffice.org:1.9.93 cpe:/a:openoffice:openoffice.org:1.9.95 cpe:/a:openoffice:openoffice.org:1.9.100 cpe:/a:openoffice:openoffice.org:1.9.104 cpe:/a:openoffice:openoffice.org:1.9.113 cpe:/a:openoffice:openoffice.org:1.9.118 cpe:/a:openoffice:openoffice.org:1.9.122 cpe:/a:openoffice:openoffice.org:1.9.130 cpe:/a:openoffice:openoffice.org:1.9.156 cpe:/a:openoffice:openoffice.org:1.9.680 cpe:/a:openoffice:openoffice.org:2.0 cpe:/a:openoffice:openoffice.org:2.0:beta2 cpe:/a:openoffice:openoffice.org:2.0.1 cpe:/a:openoffice:openoffice.org:2.0.2 cpe:/a:openoffice:openoffice.org:2.0.2:rc1 cpe:/a:openoffice:openoffice.org:2.0.2:rc2 cpe:/a:openoffice:openoffice.org:2.0.3 cpe:/a:openoffice:openoffice.org:2.0.4 cpe:/a:openoffice:openoffice.org:2.1 cpe:/a:openoffice:openoffice.org:2.1.152 cpe:/a:openoffice:openoffice.org:2.1.154 cpe:/a:openoffice:openoffice.org:2.2 cpe:/a:openoffice:openoffice.org:2.2.1 cpe:/a:openoffice:openoffice.org:2.3 cpe:/a:openoffice:openoffice.org:2.3.1 cpe:/a:openoffice:openoffice.org:2.4 cpe:/a:openoffice:openoffice.org:2.4.1 cpe:/a:openoffice:openoffice.org:2.4.1::64-bit cpe:/a:openoffice:openoffice.org:3.01 cpe:/a:openoffice:openoffice.org:605b cpe:/a:openoffice:openoffice.org:609 cpe:/a:openoffice:openoffice.org:614 cpe:/a:openoffice:openoffice.org:619 cpe:/a:openoffice:openoffice.org:627 cpe:/a:openoffice:openoffice.org:633 cpe:/a:openoffice:openoffice.org:638 cpe:/a:openoffice:openoffice.org:638c cpe:/a:openoffice:openoffice.org:641b cpe:/a:openoffice:openoffice.org:641d cpe:/a:openoffice:openoffice.org:643 CVE-2009-0200 2009-09-02T13:30:00.577-04:00 2018-10-11T17:00:52.537-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://development.openoffice.org/releases/3.1.1.html SUSE SUSE-SR:2009:015 SUNALERT 263508 SUNALERT 1020715 DEBIAN DSA-1880 GENTOO GLSA-201408-19 MANDRIVA MDVSA-2010:035 MANDRIVA MDVSA-2010:091 MANDRIVA MDVSA-2010:105 CONFIRM http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html BUGTRAQ 20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow BID 36200 VUPEN ADV-2009-2490 Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. cpe:/a:openoffice:openoffice.org:1.1.2 cpe:/a:openoffice:openoffice.org:1.1.3 cpe:/a:openoffice:openoffice.org:1.1.4 cpe:/a:openoffice:openoffice.org:1.1.5 cpe:/a:openoffice:openoffice.org:2.0 cpe:/a:openoffice:openoffice.org:2.0.2 cpe:/a:openoffice:openoffice.org:2.0.3 cpe:/a:openoffice:openoffice.org:2.0.4 cpe:/a:openoffice:openoffice.org:2.1 cpe:/a:openoffice:openoffice.org:2.2 cpe:/a:openoffice:openoffice.org:2.2.1 cpe:/a:openoffice:openoffice.org:2.3 cpe:/a:openoffice:openoffice.org:2.3.1 cpe:/a:openoffice:openoffice.org:2.4 cpe:/a:openoffice:openoffice.org:2.4.1 cpe:/a:openoffice:openoffice.org:2.4.1::64-bit cpe:/a:openoffice:openoffice.org:3.1 CVE-2009-0201 2009-09-02T13:30:00.640-04:00 2018-10-11T17:00:54.473-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://development.openoffice.org/releases/3.1.1.html SUSE SUSE-SR:2009:015 SUNALERT 263508 SUNALERT 1020715 DEBIAN DSA-1880 GENTOO GLSA-201408-19 MANDRIVA MDVSA-2010:035 MANDRIVA MDVSA-2010:091 MANDRIVA MDVSA-2010:105 CONFIRM http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html BUGTRAQ 20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Buffer Overflow BID 36200 SECTRACK 1022798 VUPEN ADV-2009-2490 Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing." cpe:/a:microsoft:office_powerpoint:2000 cpe:/a:microsoft:office_powerpoint:2002 CVE-2009-0202 2009-06-11T17:30:00.170-04:00 2018-10-11T17:00:56.303-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SECTRACK 1022369 BUGTRAQ 20090610 Secunia Research: Microsoft PowerPoint Freelance Layout Parsing Vulnerability BID 35275 XF ms-powerpoint-freelance-bo(51034) Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. cpe:/a:hp:select_access:6.1 cpe:/a:hp:select_access:6.2 CVE-2009-0204 2009-01-30T14:30:00.297-05:00 2017-08-07T21:33:50.250-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov HP SSRT090007 SECTRACK 1021641 BID 33505 VUPEN ADV-2009-0296 XF selectaccess-unspecified-xss(48334) Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:hp:oncplus:b.11.31_01 cpe:/a:hp:oncplus:b.11.31_02 cpe:/a:hp:oncplus:b.11.31_03 cpe:/a:hp:oncplus:b.11.31_04 cpe:/a:hp:oncplus:b.11.31_05 CVE-2009-0206 2009-02-08T16:30:09.767-05:00 2017-08-07T21:33:50.313-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov BID 33653 VUPEN ADV-2009-0350 XF hpux-nfs-dos(48556) Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. cpe:/o:hp:hp-ux:b.11.11 cpe:/o:hp:hp-ux:b.11.23 cpe:/o:hp:hp-ux:b.11.31 CVE-2009-0207 2009-03-24T21:30:00.420-04:00 2017-09-28T21:33:40.763-04:00 6.8 LOCAL LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS HP HPSBUX02409 BID 34226 SECTRACK 1021891 VUPEN ADV-2009-0823 XF hpux-veritas-unspecified-priv-escalation(49403) Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors. cpe:/a:hp:virtual_rooms:6.0 cpe:/a:hp:virtual_rooms:7.0 CVE-2009-0208 2009-02-26T18:30:00.420-05:00 2019-10-09T18:57:49.787-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov HP SSRT080135 Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors. cpe:/a:osisoft:pi_server:2.4 cpe:/a:osisoft:pi_server:2.6 cpe:/a:osisoft:pi_server:3.4.363.97 cpe:/a:osisoft:pi_server:3.4.370 cpe:/a:osisoft:pi_server:3.4.375.99:sp2:32bit_windows cpe:/a:osisoft:pi_server:3.4.375.99:sp2:64bit_windows CVE-2009-0209 2009-10-01T11:30:00.217-04:00 2018-10-11T17:00:56.910-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090930 C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors. cpe:/a:areva:e-terrahabitat:5.5 cpe:/a:areva:e-terrahabitat:5.6 cpe:/a:areva:e-terrahabitat:5.7 CVE-2009-0210 2009-02-08T17:30:00.233-05:00 2018-10-11T17:00:57.037-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CERT-VN VU#337569 MISC http://www.scada-security.com/vulnerabilities/areva1.html BUGTRAQ 20090205 C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities BID 33637 Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service (system crash) via unspecified vectors, aka PD28578. cpe:/a:areva:e-terrahabitat:5.5 cpe:/a:areva:e-terrahabitat:5.6 cpe:/a:areva:e-terrahabitat:5.7 CVE-2009-0211 2009-02-08T17:30:00.280-05:00 2018-10-11T17:00:57.410-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CERT-VN VU#337569 MISC http://www.scada-security.com/vulnerabilities/areva1.html BUGTRAQ 20090205 C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities BID 33637 Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32018. cpe:/a:areva:e-terrahabitat:5.5 cpe:/a:areva:e-terrahabitat:5.6 cpe:/a:areva:e-terrahabitat:5.7 CVE-2009-0212 2009-02-08T17:30:00.297-05:00 2018-10-11T17:00:57.787-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CERT-VN VU#337569 MISC http://www.scada-security.com/vulnerabilities/areva1.html BUGTRAQ 20090205 C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities BID 33637 Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32020. cpe:/a:areva:e-terrahabitat:5.5 cpe:/a:areva:e-terrahabitat:5.6 cpe:/a:areva:e-terrahabitat:5.7 CVE-2009-0213 2009-02-08T17:30:00.313-05:00 2018-10-11T17:00:58.160-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CERT-VN VU#337569 MISC http://www.scada-security.com/vulnerabilities/areva1.html BUGTRAQ 20090205 C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities BID 33637 Unspecified vulnerability in the NETIO application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32021. cpe:/a:areva:e-terrahabitat:5.5 cpe:/a:areva:e-terrahabitat:5.6 cpe:/a:areva:e-terrahabitat:5.7 CVE-2009-0214 2009-02-08T17:30:00.343-05:00 2018-10-11T17:00:58.537-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CERT-VN VU#337569 MISC http://www.scada-security.com/vulnerabilities/areva1.html BUGTRAQ 20090205 C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities BID 33637 Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote authenticated users to gain privileges via unknown vectors, aka PD32022. cpe:/a:ibm:access_support_activex_control:3.20.284.0 CVE-2009-0215 2009-03-25T11:30:00.217-04:00 2017-08-07T21:33:50.453-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CERT-VN VU#340420 BID 34228 VUPEN ADV-2009-0824 XF ibm-access-activex-bo(49409) Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors. cpe:/a:ge_fanuc:ifix:2.0 cpe:/a:ge_fanuc:ifix:2.2 cpe:/a:ge_fanuc:ifix:2.5 cpe:/a:ge_fanuc:ifix:2.6 cpe:/a:ge_fanuc:ifix:2.21 cpe:/a:ge_fanuc:ifix:3.0 cpe:/a:ge_fanuc:ifix:3.5 cpe:/a:ge_fanuc:ifix:4.0 cpe:/a:ge_fanuc:ifix:4.5 cpe:/a:ge_fanuc:ifix:5.0 CVE-2009-0216 2009-02-13T12:30:00.627-05:00 2017-08-07T21:33:50.517-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://support.gefanuc.com/support/index?page=kbchannel&id=S:KB13253&actp=search CERT-VN VU#310355 MISC http://www.mcgrewsecurity.com/2009/02/10/ge-fanuc-releases-info-on-ifix-vulnerabilities-vu-310355/ BID 33739 XF gefanucifix-multiple-unauth-access(48691) GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. cpe:/a:ibm:websphere_application_server:6.0 cpe:/a:ibm:websphere_application_server:6.0.0.1 cpe:/a:ibm:websphere_application_server:6.0.0.2 cpe:/a:ibm:websphere_application_server:6.0.0.3 cpe:/a:ibm:websphere_application_server:6.0.1 cpe:/a:ibm:websphere_application_server:6.0.1.1 cpe:/a:ibm:websphere_application_server:6.0.1.2 cpe:/a:ibm:websphere_application_server:6.0.1.3 cpe:/a:ibm:websphere_application_server:6.0.1.5 cpe:/a:ibm:websphere_application_server:6.0.1.7 cpe:/a:ibm:websphere_application_server:6.0.1.9 cpe:/a:ibm:websphere_application_server:6.0.1.11 cpe:/a:ibm:websphere_application_server:6.0.1.13 cpe:/a:ibm:websphere_application_server:6.0.1.15 cpe:/a:ibm:websphere_application_server:6.0.1.17 cpe:/a:ibm:websphere_application_server:6.0.2 cpe:/a:ibm:websphere_application_server:6.0.2::fp17 cpe:/a:ibm:websphere_application_server:6.0.2.1 cpe:/a:ibm:websphere_application_server:6.0.2.2 cpe:/a:ibm:websphere_application_server:6.0.2.3 cpe:/a:ibm:websphere_application_server:6.0.2.10 cpe:/a:ibm:websphere_application_server:6.0.2.11 cpe:/a:ibm:websphere_application_server:6.0.2.12 cpe:/a:ibm:websphere_application_server:6.0.2.13 cpe:/a:ibm:websphere_application_server:6.0.2.14 cpe:/a:ibm:websphere_application_server:6.0.2.15 cpe:/a:ibm:websphere_application_server:6.0.2.16 cpe:/a:ibm:websphere_application_server:6.0.2.17 cpe:/a:ibm:websphere_application_server:6.0.2.18 cpe:/a:ibm:websphere_application_server:6.0.2.19 cpe:/a:ibm:websphere_application_server:6.0.2.20 cpe:/a:ibm:websphere_application_server:6.0.2.21 cpe:/a:ibm:websphere_application_server:6.0.2.22 cpe:/a:ibm:websphere_application_server:6.0.2.23 cpe:/a:ibm:websphere_application_server:6.0.2.24 cpe:/a:ibm:websphere_application_server:6.0.2.25 cpe:/a:ibm:websphere_application_server:6.0.2.28 cpe:/a:ibm:websphere_application_server:6.0.2.29 cpe:/a:ibm:websphere_application_server:6.0.2.30 cpe:/a:ibm:websphere_application_server:6.0.2.31 cpe:/a:ibm:websphere_application_server:6.0.2.32 cpe:/a:ibm:websphere_application_server:6.0.2.33 cpe:/a:ibm:websphere_application_server:6.1 cpe:/a:ibm:websphere_application_server:6.1.0 cpe:/a:ibm:websphere_application_server:6.1.0.0 cpe:/a:ibm:websphere_application_server:6.1.0.1 cpe:/a:ibm:websphere_application_server:6.1.0.2 cpe:/a:ibm:websphere_application_server:6.1.0.3 cpe:/a:ibm:websphere_application_server:6.1.0.4 cpe:/a:ibm:websphere_application_server:6.1.0.5 cpe:/a:ibm:websphere_application_server:6.1.0.6 cpe:/a:ibm:websphere_application_server:6.1.0.7 cpe:/a:ibm:websphere_application_server:6.1.0.8 cpe:/a:ibm:websphere_application_server:6.1.0.9 cpe:/a:ibm:websphere_application_server:6.1.0.10 cpe:/a:ibm:websphere_application_server:6.1.0.11 cpe:/a:ibm:websphere_application_server:6.1.0.12 cpe:/a:ibm:websphere_application_server:6.1.0.13 cpe:/a:ibm:websphere_application_server:6.1.0.14 cpe:/a:ibm:websphere_application_server:6.1.0.15 cpe:/a:ibm:websphere_application_server:6.1.0.16 cpe:/a:ibm:websphere_application_server:6.1.0.17 cpe:/a:ibm:websphere_application_server:6.1.0.18 cpe:/a:ibm:websphere_application_server:6.1.0.19 cpe:/a:ibm:websphere_application_server:6.1.0.20 cpe:/a:ibm:websphere_application_server:6.1.0.21 cpe:/a:ibm:websphere_application_server:6.1.0.22 cpe:/a:ibm:websphere_application_server:6.1.0.23 cpe:/a:ibm:websphere_application_server:7.0 cpe:/a:ibm:websphere_application_server:7.0.0.1 cpe:/a:mono_project:mono:1.2.1 cpe:/a:mono_project:mono:1.2.2 cpe:/a:mono_project:mono:1.2.3 cpe:/a:mono_project:mono:1.2.4 cpe:/a:mono_project:mono:1.2.5 cpe:/a:mono_project:mono:1.2.6 cpe:/a:mono_project:mono:1.9 cpe:/a:mono_project:mono:2.0 cpe:/a:oracle:application_server:10.1.2.3 cpe:/a:oracle:application_server:10.1.3.4 cpe:/a:oracle:application_server:10.1.4.3im cpe:/a:oracle:bea_product_suite:8.1:sp6 cpe:/a:oracle:bea_product_suite:9.0 cpe:/a:oracle:bea_product_suite:9.1 cpe:/a:oracle:bea_product_suite:9.2:mp3 cpe:/a:oracle:bea_product_suite:10.0:mp1 cpe:/a:oracle:bea_product_suite:10.3 cpe:/a:oracle:weblogic_server_component:8.1:sp6 cpe:/a:oracle:weblogic_server_component:9.0 cpe:/a:oracle:weblogic_server_component:9.1 cpe:/a:oracle:weblogic_server_component:9.2:mp3 cpe:/a:oracle:weblogic_server_component:10.0:mp1 cpe:/a:oracle:weblogic_server_component:10.3 CVE-2009-0217 2009-07-14T19:30:00.187-04:00 2018-10-12T17:49:44.190-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161 CONFIRM http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7 CONFIRM http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7 APPLE APPLE-SA-2009-09-03-1 SUSE SUSE-SA:2009:053 SUSE SUSE-SA:2010:017 HP HPSBUX02476 CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1 SUNALERT 263429 SUNALERT 269208 SUNALERT 1020710 CONFIRM http://svn.apache.org/viewvc?revision=794013&view=revision CONFIRM http://www.aleksey.com/xmlsec/ DEBIAN DSA-1995 GENTOO GLSA-201408-19 CERT-VN VU#466161 CONFIRM http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ CONFIRM http://www.kb.cert.org/vuls/id/WDON-7TY529 MANDRIVA MDVSA-2009:209 CONFIRM http://www.mono-project.com/Vulnerabilities CONFIRM http://www.openoffice.org/security/cves/CVE-2009-0217.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html REDHAT RHSA-2009:1694 BID 35671 SECTRACK 1022561 SECTRACK 1022567 SECTRACK 1022661 UBUNTU USN-903-1 CERT TA09-294A CERT TA10-159B VUPEN ADV-2009-1900 VUPEN ADV-2009-1908 VUPEN ADV-2009-1909 VUPEN ADV-2009-1911 VUPEN ADV-2009-2543 VUPEN ADV-2009-3122 VUPEN ADV-2010-0366 VUPEN ADV-2010-0635 CONFIRM http://www.w3.org/2008/06/xmldsigcore-errata.html#e03 MISC http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html AIXAPAR PK80596 AIXAPAR PK80627 CONFIRM http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=511915 MS MS10-041 CONFIRM https://issues.apache.org/bugzilla/show_bug.cgi?id=47526 CONFIRM https://issues.apache.org/bugzilla/show_bug.cgi?id=47527 REDHAT RHSA-2009:1200 REDHAT RHSA-2009:1201 REDHAT RHSA-2009:1428 REDHAT RHSA-2009:1636 REDHAT RHSA-2009:1637 REDHAT RHSA-2009:1649 REDHAT RHSA-2009:1650 UBUNTU USN-826-1 FEDORA FEDORA-2009-8329 FEDORA FEDORA-2009-8337 FEDORA FEDORA-2009-8456 FEDORA FEDORA-2009-8473 The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. cpe:/a:particlesoftware:intralaunch:- CVE-2009-0218 2009-04-13T12:30:00.233-04:00 2017-08-07T21:33:50.563-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CERT-VN VU#908801 CONFIRM http://www.kb.cert.org/vuls/id/MAPG-7PYRP4 MISC http://www.kb.cert.org/vuls/id/WDON-7Q4RZN BID 34395 XF intralaunch-activex-code-execution(49684) Insecure method vulnerability in Particle Software IntraLaunch Application Launcher ActiveX control in IntraLaunch.ocx, as used in LDRA TBbrowse and possibly other products, allows remote attackers to execute arbitrary code via unknown vectors. cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.3 cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.4 cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.5 cpe:/a:research_in_motion_limited:blackberry_enterprise_server:4.1.6 cpe:/a:research_in_motion_limited:blackberry_professional_software:4.1.4 cpe:/a:research_in_motion_limited:blackberry_unite:1.0 cpe:/a:research_in_motion_limited:blackberry_unite:1.0.1 cpe:/a:research_in_motion_limited:blackberry_unite:1.0.2 cpe:/a:research_in_motion_limited:blackberry_unite:1.0.3 CVE-2009-0219 2009-01-20T20:30:00.343-05:00 2009-02-05T01:53:18.063-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov IDEFENSE 20090113 RIM BlackBerry Enterprise Server Attachment Service PDF Distiller Uninitialized Memory Vulnerability CONFIRM http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118 CONFIRM http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119 BID 33250 SECTRACK 1021559 The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file. cpe:/a:microsoft:office_powerpoint:2000:sp3 cpe:/a:microsoft:office_powerpoint:2002:sp3 cpe:/a:microsoft:office_powerpoint:2003:sp3 CVE-2009-0220 2009-05-12T18:30:00.187-04:00 2018-10-12T17:50:08.817-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS IDEFENSE 20090512 Microsoft PowerPoint PPT 4.0 Importer Multiple Stack Buffer Overflow Vulnerabilities BID 34833 SECTRACK 1022205 CERT TA09-132A VUPEN ADV-2009-1290 MS MS09-017 Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability." cpe:/a:microsoft:office_powerpoint:2002:sp3 cpe:/a:microsoft:office_powerpoint:2003:sp3 CVE-2009-0221 2009-05-12T18:30:00.203-04:00 2018-10-12T17:50:09.613-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS IDEFENSE 20090512 Microsoft PowerPoint Integer Overflow Vulnerability BID 34835 SECTRACK 1022205 CERT TA09-132A VUPEN ADV-2009-1290 MS MS09-017 Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability." cpe:/a:microsoft:office_powerpoint:2000:sp3 cpe:/a:microsoft:office_powerpoint:2002:sp3 cpe:/a:microsoft:office_powerpoint:2003:sp3 CVE-2009-0222 2009-05-12T18:30:00.217-04:00 2018-10-12T17:50:10.393-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 34831 SECTRACK 1022205 CERT TA09-132A VUPEN ADV-2009-1290 MISC http://www.vupen.com/exploits/Microsoft_PowerPoint_Memory_Corruption_Code_Execution_Exploit_MS09_017_1290124.php MISC http://www.vupen.com/exploits/Microsoft_PowerPoint_Pointer_Overwrite_Code_Execution_Exploit_MS09_017_1290123.php MS MS09-017 Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. cpe:/a:microsoft:office_powerpoint:2000:sp3 cpe:/a:microsoft:office_powerpoint:2002:sp3 cpe:/a:microsoft:office_powerpoint:2003:sp3 CVE-2009-0223 2009-05-12T18:30:00.250-04:00 2018-10-12T17:50:11.300-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 34834 SECTRACK 1022205 CERT TA09-132A VUPEN ADV-2009-1290 MS MS09-017 Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. cpe:/a:microsoft:compatibility_pack_word_excel_powerpoint:2007 cpe:/a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp1 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:::sp1 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp2 cpe:/a:microsoft:office_powerpoint:2000:sp3 cpe:/a:microsoft:office_powerpoint:2002:sp3 cpe:/a:microsoft:office_powerpoint:2003:sp3 cpe:/a:microsoft:office_powerpoint:2007:sp1 cpe:/a:microsoft:office_powerpoint_viewer:2003 cpe:/a:microsoft:office_powerpoint_viewer:2007:sp1 cpe:/a:microsoft:office_powerpoint_viewer:2007:sp2 cpe:/a:microsoft:open_xml_file_format_converter:::mac cpe:/a:microsoft:powerpoint:2004::mac cpe:/a:microsoft:powerpoint:2008::mac cpe:/a:microsoft:works:8.5 cpe:/a:microsoft:works:9.0 CVE-2009-0224 2009-05-12T18:30:00.267-04:00 2018-10-12T17:50:12.113-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS IDEFENSE 20090512 Microsoft PowerPoint Build List Memory Corruption Vulnerability BID 34879 SECTRACK 1022205 CERT TA09-132A VUPEN ADV-2009-1290 MS MS09-017 Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include ChartBuild containers, which triggers memory corruption, aka "Memory Corruption Vulnerability." cpe:/a:microsoft:office_powerpoint:2002:sp3 CVE-2009-0225 2009-05-12T18:30:00.280-04:00 2018-10-12T17:50:12.927-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 34880 SECTRACK 1022205 CERT TA09-132A VUPEN ADV-2009-1290 MISC http://www.vupen.com/exploits/Microsoft_PowerPoint_Array_Indexing_Code_Execution_Exploit_MS09_017_1290125.php MS MS09-017 Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability." cpe:/a:microsoft:office_powerpoint:2000:sp3 cpe:/a:microsoft:office_powerpoint:2002:sp3 cpe:/a:microsoft:office_powerpoint:2003:sp3 CVE-2009-0226 2009-05-12T18:30:00.297-04:00 2018-10-12T17:50:13.863-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS IDEFENSE 20090512 Microsoft PowerPoint 4.2 Conversion Filter Stack Overflow BID 34881 SECTRACK 1022205 CERT TA09-132A VUPEN ADV-2009-1290 MS MS09-017 Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137. cpe:/a:microsoft:office_powerpoint:2000:sp3 cpe:/a:microsoft:office_powerpoint:2002:sp3 cpe:/a:microsoft:office_powerpoint:2003:sp3 CVE-2009-0227 2009-05-12T18:30:00.327-04:00 2018-10-12T17:50:14.690-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS IDEFENSE 20090512 Microsoft PowerPoint 4.2 Conversion Filter Stack Buffer Overflow Vulnerability BID 34882 SECTRACK 1022205 CERT TA09-132A VUPEN ADV-2009-1290 MS MS09-017 Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137. cpe:/o:microsoft:windows_2000::sp4 CVE-2009-0228 2009-06-10T14:00:00.217-04:00 2018-10-12T17:50:15.487-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov IDEFENSE 20090609 Microsoft Windows 2000 Print Spooler Remote Stack Buffer Overflow Vulnerability CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm BID 35206 SECTRACK 1022352 CERT TA09-160A VUPEN ADV-2009-1541 MS MS09-022 Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." cpe:/o:microsoft:windows_2000:sp4 cpe:/o:microsoft:windows_2003_server:sp2 cpe:/o:microsoft:windows_2003_server:sp2::itanium cpe:/o:microsoft:windows_2003_server:sp2::x64 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:-:x32 cpe:/o:microsoft:windows_server_2008:sp2:x32 cpe:/o:microsoft:windows_server_2008:sp2:x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_vista:sp1 cpe:/o:microsoft:windows_vista:sp2 cpe:/o:microsoft:windows_xp:- cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_xp:sp3 CVE-2009-0229 2009-06-10T14:00:00.250-04:00 2018-10-30T12:25:57.340-04:00 4.9 LOCAL LOW NONE COMPLETE NONE NONE http://nvd.nist.gov CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm BID 35208 SECTRACK 1022352 CERT TA09-160A VUPEN ADV-2009-1541 MS MS09-022 The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:~~~~itanium~ cpe:/o:microsoft:windows_2003_server::sp2:~~~~x64~ cpe:/o:microsoft:windows_server:2008::~~~~itanium~ cpe:/o:microsoft:windows_server:2008::~sp2~~~itanium~ cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::~~~~x64~ cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:-:sp2:~~~~x64~ cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::~~~~x64~ cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:~~~~x64~ cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0230 2009-06-10T14:00:00.280-04:00 2018-10-12T17:50:17.270-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm BID 35209 SECTRACK 1022352 CERT TA09-160A VUPEN ADV-2009-1541 MS MS09-022 The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_vista:-:sp1 cpe:/o:microsoft:windows_vista:-:sp2 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0231 2009-07-15T11:30:01.233-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov IDEFENSE 20090714 Microsoft Embedded OpenType Font Engine (T2EMBED.DLL) Heap Buffer Overflow Vulnerability SECTRACK 1022543 CERT TA09-195A VUPEN ADV-2009-1887 MS MS09-029 The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_vista:-:sp1 cpe:/o:microsoft:windows_vista:-:sp2 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0232 2009-07-15T11:30:01.280-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SECTRACK 1022543 CERT TA09-195A VUPEN ADV-2009-1887 MS MS09-029 Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::x64 CVE-2009-0233 2009-03-11T10:19:15.280-04:00 2019-02-26T09:04:00.993-05:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm BID 33982 SECTRACK 1021831 CERT TA09-069A VUPEN ADV-2009-0661 MS MS09-008 The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::x64 CVE-2009-0234 2009-03-11T10:19:15.297-04:00 2019-02-26T09:04:00.993-05:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm CERT-VN VU#319331 BID 33988 SECTRACK 1021831 CERT TA09-069A VUPEN ADV-2009-0661 MS MS09-008 The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server::sp1 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0235 2009-04-15T04:00:00.563-04:00 2018-10-12T17:50:21.567-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov IDEFENSE 20090414 Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability BID 34470 SECTRACK 1022043 CERT TA09-104A VUPEN ADV-2009-1024 MS MS09-010 Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." CVE-2009-0236 2017-05-11T10:29:09.103-04:00 2017-05-11T10:29:09.120-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none. cpe:/a:microsoft:forefront_threat_management_gateway:-:-:medium_business cpe:/a:microsoft:internet_security_and_acceleration_server:2004:sp3:enterprise cpe:/a:microsoft:internet_security_and_acceleration_server:2004:sp3:standard cpe:/a:microsoft:internet_security_and_acceleration_server:2006:sp1 cpe:/a:microsoft:internet_security_and_acceleration_server:2006:supportability CVE-2009-0237 2009-04-15T04:00:00.577-04:00 2018-10-12T17:50:22.537-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SECTRACK 1022046 CERT TA09-104A VUPEN ADV-2009-1030 MS MS09-016 Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability." cpe:/a:microsoft:excel:2004::mac cpe:/a:microsoft:excel_viewer cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office_compatibility_pack:2007:sp1 cpe:/a:microsoft:office_excel:2000:sp3 cpe:/a:microsoft:office_excel:2002:sp3 cpe:/a:microsoft:office_excel:2003:sp3 cpe:/a:microsoft:office_excel:2007:sp1 cpe:/a:microsoft:office_excel_viewer cpe:/a:microsoft:office_excel_viewer:2003:gold cpe:/a:microsoft:office_excel_viewer:2003:sp3 CVE-2009-0238 2009-02-25T11:30:00.343-05:00 2018-10-12T17:50:23.473-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://blogs.zdnet.com/security/?p=2658 MISC http://isc.sans.org/diary.html?storyid=5923 SECTRACK 1021744 CONFIRM http://www.microsoft.com/technet/security/advisory/968272.mspx BID 33870 MISC http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99 CERT TA09-104A VUPEN ADV-2009-1023 MS MS09-009 XF ms-excel-unspecified-code-execution(48875) Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC. cpe:/a:microsoft:windows_search:4.0 CVE-2009-0239 2009-06-10T14:00:00.297-04:00 2019-02-26T09:04:00.993-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SECTRACK 1022353 CERT TA09-160A VUPEN ADV-2009-1542 MS MS09-023 Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." cpe:/a:tigris:websvn:2.0 CVE-2009-0240 2009-01-20T21:30:00.327-05:00 2017-08-07T21:33:50.720-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191 DEBIAN DSA-1725 GENTOO GLSA-200903-20 MLIST [oss-security] 20090118 CVE request: WebSVN XF websvn-listing-information-disclosure(48171) listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter. cpe:/a:ganglia:ganglia:3.1.1 CVE-2009-0241 2009-01-21T06:30:00.390-05:00 2009-06-13T01:30:40.780-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223 SUSE SUSE-SR:2009:011 GENTOO GLSA-200903-22 MLIST [Ganglia-developers] 20090113 patches for: [Sec] Gmetad server BoF and network overload + [Feature] multiple requests per conn on interactive port BID 33299 Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname. CVE-2009-0242 2009-01-21T06:30:04.233-05:00 2016-12-15T21:59:02.083-05:00 ** REJECT ** gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an interactive port, allows remote attackers to cause a denial of service via a request to the gmetad service with a path that does not exist, which causes Ganglia to (1) perform excessive CPU computation and (2) send the entire tree, which consumes network bandwidth. NOTE: the vendor and original researcher have disputed this issue, since legitimate requests can generate the same amount of resource consumption. CVE concurs with the dispute, so this identifier should not be used. cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_xp:::professional_x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0243 2009-01-21T15:30:00.420-05:00 2019-02-26T09:04:00.993-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://isc.sans.org/diary.html?storyid=5695 SECTRACK 1021629 CERT TA09-020A Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\Devices with Removable Storage and (7) an option in an AutoPlay dialog, related to the Autorun.inf file. NOTE: vectors 1 and 3 on Vista are already covered by CVE-2008-0951. cpe:/o:microsoft:windows_mobile:5.0 cpe:/o:microsoft:windows_mobile:5.0::pocket_pc cpe:/o:microsoft:windows_mobile:5.0::smartphone cpe:/o:microsoft:windows_mobile:6.0 cpe:/o:microsoft:windows_mobile:6.0::pro cpe:/o:microsoft:windows_mobile:6.0::standard CVE-2009-0244 2009-01-21T15:30:00.453-05:00 2018-10-11T17:00:58.927-04:00 8.5 NETWORK MEDIUM SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SREASON 4938 BUGTRAQ 20090119 Microsoft Bluetooth Stack OBEX Directory Traversal BID 33359 MISC http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html XF winmobile-obexftp-directory-traversal(48124) Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. cpe:/a:usagi:mynets:1.0.0 cpe:/a:usagi:mynets:1.0.1 cpe:/a:usagi:mynets:1.1.0 cpe:/a:usagi:mynets:1.2.0 cpe:/a:usagi:mynets:1.2.0.1 CVE-2009-0245 2009-01-21T21:30:01.483-05:00 2009-01-22T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-01-22T11:09:00.000-05:00 JVN JVN#36802959 JVNDB JVNDB-2009-000001 CONFIRM http://usagi-project.org/PRESS/archives/57 BID 33145 Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629. cpe:/a:easyhdr:easyhdr:1.60.2::pro CVE-2009-0246 2009-01-22T11:30:00.233-05:00 2018-10-11T17:00:59.457-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://easyhdr.com/version.php SREASON 4941 BUGTRAQ 20090120 Secunia Research: EasyHDR Pro Radiance RGBE Buffer Overflow BID 33363 VUPEN ADV-2009-0190 XF easyhdrpro-hdr-bo(48119) Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file. cpe:/a:53kf:web_im_2009:_nil_:enterprise cpe:/a:53kf:web_im_2009:_nil_:home cpe:/a:53kf:web_im_2009:_nil_:professional CVE-2009-0247 2009-01-22T11:30:00.250-05:00 2018-10-11T17:01:00.223-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090119 53KF Web IM 2009 Cross-Site Scripting Vulnerabilities BID 33341 XF 53kfwebim-msg-xss(48096) The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable. cpe:/a:katywhitton:rankem CVE-2009-0248 2009-01-22T11:30:00.267-05:00 2017-09-28T21:33:42.607-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33324 XF rankem-rankup-xss(48071) XF rankem-siteid-xss(48072) EXPLOIT-DB 7805 Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter. cpe:/a:katywhitton:rankem CVE-2009-0249 2009-01-22T11:30:00.297-05:00 2017-09-28T21:33:42.653-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov XF rankem-topsites-information-disclosure(48070) EXPLOIT-DB 7805 Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb. cpe:/a:ryneezy:phosheezy:0.2 CVE-2009-0250 2009-01-22T11:30:00.313-05:00 2017-09-28T21:33:42.700-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov SREASON 4935 XF phosheezy-configpassword-info-disclosure(48056) EXPLOIT-DB 7780 Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password. cpe:/a:ryneezy:phosheezy:0.2 CVE-2009-0251 2009-01-22T11:30:00.327-05:00 2017-09-28T21:33:42.763-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SREASON 4935 EXPLOIT-DB 7780 Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information. cpe:/a:enthrallweb:ereservations CVE-2009-0252 2009-01-22T11:30:00.343-05:00 2017-09-28T21:33:42.823-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33321 XF ereservations-login-sql-injection(48062) EXPLOIT-DB 7801 Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information. cpe:/a:mozilla:firefox:3.0.5 CVE-2009-0253 2009-01-22T13:30:03.827-05:00 2017-09-28T21:33:42.870-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SREASON 4936 XF firefox-onclickaction-click-hijacking(48212) EXPLOIT-DB 7842 Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack. cpe:/a:easyhdr:easyhdr:1.60.2::pro CVE-2009-0254 2009-01-22T13:30:03.860-05:00 2011-03-07T22:18:10.470-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://easyhdr.com/version.php BID 33363 VUPEN ADV-2009-0190 Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Flexible Image Transport System (FITS) file. NOTE: some of these details are obtained from third party information. cpe:/a:typo3:typo3:4.0 cpe:/a:typo3:typo3:4.0.1 cpe:/a:typo3:typo3:4.0.2 cpe:/a:typo3:typo3:4.0.3 cpe:/a:typo3:typo3:4.0.4 cpe:/a:typo3:typo3:4.0.5 cpe:/a:typo3:typo3:4.0.6 cpe:/a:typo3:typo3:4.0.7 cpe:/a:typo3:typo3:4.0.8 cpe:/a:typo3:typo3:4.0.9 cpe:/a:typo3:typo3:4.1.0 cpe:/a:typo3:typo3:4.1.0:beta1 cpe:/a:typo3:typo3:4.1.0:rc1 cpe:/a:typo3:typo3:4.1.1 cpe:/a:typo3:typo3:4.1.2 cpe:/a:typo3:typo3:4.1.3 cpe:/a:typo3:typo3:4.1.4 cpe:/a:typo3:typo3:4.1.5 cpe:/a:typo3:typo3:4.1.6 cpe:/a:typo3:typo3:4.1.7 cpe:/a:typo3:typo3:4.2.0 cpe:/a:typo3:typo3:4.2.1 cpe:/a:typo3:typo3:4.2.2 cpe:/a:typo3:typo3:4.2.3 CVE-2009-0255 2009-01-22T18:30:00.203-05:00 2017-08-07T21:33:51.500-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ DEBIAN DSA-1711 BID 33376 XF typo3-installtool-weak-security(48132) The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. cpe:/a:typo3:typo3:4.0 cpe:/a:typo3:typo3:4.0.1 cpe:/a:typo3:typo3:4.0.2 cpe:/a:typo3:typo3:4.0.3 cpe:/a:typo3:typo3:4.0.4 cpe:/a:typo3:typo3:4.0.5 cpe:/a:typo3:typo3:4.0.6 cpe:/a:typo3:typo3:4.0.7 cpe:/a:typo3:typo3:4.0.8 cpe:/a:typo3:typo3:4.0.9 cpe:/a:typo3:typo3:4.1.0 cpe:/a:typo3:typo3:4.1.0:beta1 cpe:/a:typo3:typo3:4.1.0:rc1 cpe:/a:typo3:typo3:4.1.1 cpe:/a:typo3:typo3:4.1.2 cpe:/a:typo3:typo3:4.1.3 cpe:/a:typo3:typo3:4.1.4 cpe:/a:typo3:typo3:4.1.5 cpe:/a:typo3:typo3:4.1.6 cpe:/a:typo3:typo3:4.1.7 cpe:/a:typo3:typo3:4.2.0 cpe:/a:typo3:typo3:4.2.1 cpe:/a:typo3:typo3:4.2.2 cpe:/a:typo3:typo3:4.2.3 CVE-2009-0256 2009-01-22T18:30:04.437-05:00 2017-08-07T21:33:51.593-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ DEBIAN DSA-1711 BID 33376 XF typo3-library-session-hijacking(48133) Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. cpe:/a:typo3:typo3:4.0 cpe:/a:typo3:typo3:4.0.1 cpe:/a:typo3:typo3:4.0.2 cpe:/a:typo3:typo3:4.0.3 cpe:/a:typo3:typo3:4.0.4 cpe:/a:typo3:typo3:4.0.5 cpe:/a:typo3:typo3:4.0.6 cpe:/a:typo3:typo3:4.0.7 cpe:/a:typo3:typo3:4.0.8 cpe:/a:typo3:typo3:4.0.9 cpe:/a:typo3:typo3:4.1.0 cpe:/a:typo3:typo3:4.1.0:beta1 cpe:/a:typo3:typo3:4.1.0:rc1 cpe:/a:typo3:typo3:4.1.1 cpe:/a:typo3:typo3:4.1.2 cpe:/a:typo3:typo3:4.1.3 cpe:/a:typo3:typo3:4.1.4 cpe:/a:typo3:typo3:4.1.5 cpe:/a:typo3:typo3:4.1.6 cpe:/a:typo3:typo3:4.1.7 cpe:/a:typo3:typo3:4.2.0 cpe:/a:typo3:typo3:4.2.1 cpe:/a:typo3:typo3:4.2.2 cpe:/a:typo3:typo3:4.2.3 CVE-2009-0257 2009-01-22T18:30:04.453-05:00 2017-08-07T21:33:51.657-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ DEBIAN DSA-1711 BID 33376 XF typo3-library-session-hijacking(48133) XF typo3-indexedsearchengine-xss(48135) XF typo3-workspace-xss(48136) XF typo3-adodb-xss(48137) Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. cpe:/a:typo3:typo3:4.0 cpe:/a:typo3:typo3:4.0.1 cpe:/a:typo3:typo3:4.0.2 cpe:/a:typo3:typo3:4.0.3 cpe:/a:typo3:typo3:4.0.4 cpe:/a:typo3:typo3:4.0.5 cpe:/a:typo3:typo3:4.0.6 cpe:/a:typo3:typo3:4.0.7 cpe:/a:typo3:typo3:4.0.8 cpe:/a:typo3:typo3:4.0.9 cpe:/a:typo3:typo3:4.1.0 cpe:/a:typo3:typo3:4.1.0:beta1 cpe:/a:typo3:typo3:4.1.0:rc1 cpe:/a:typo3:typo3:4.1.1 cpe:/a:typo3:typo3:4.1.2 cpe:/a:typo3:typo3:4.1.3 cpe:/a:typo3:typo3:4.1.4 cpe:/a:typo3:typo3:4.1.5 cpe:/a:typo3:typo3:4.1.6 cpe:/a:typo3:typo3:4.1.7 cpe:/a:typo3:typo3:4.2.0 cpe:/a:typo3:typo3:4.2.1 cpe:/a:typo3:typo3:4.2.2 cpe:/a:typo3:typo3:4.2.3 CVE-2009-0258 2009-01-22T18:30:04.467-05:00 2017-08-07T21:33:51.703-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ DEBIAN DSA-1711 MLIST [oss-security] 20090123 Re: CVE id request: typo3 SA-2009-001 BID 33376 XF typo3-indexedsearch-command-execution(48138) The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. cpe:/a:openoffice:openoffice.org:1.1.2 cpe:/a:openoffice:openoffice.org:1.1.3 cpe:/a:openoffice:openoffice.org:1.1.4 cpe:/a:openoffice:openoffice.org:1.1.5 CVE-2009-0259 2009-01-22T18:30:04.500-05:00 2017-09-28T21:33:42.933-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://milw0rm.com/sploits/2008-crash.doc.rar MLIST [oss-security] 20090121 CVE Request -- openoffice.org (CVE-2008-4841) BID 33383 XF openoffice-wordprocessor-code-execution(48213) EXPLOIT-DB 6560 The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841. cpe:/a:moinmoin:moinmoin:0.1 cpe:/a:moinmoin:moinmoin:0.2 cpe:/a:moinmoin:moinmoin:0.3 cpe:/a:moinmoin:moinmoin:0.7 cpe:/a:moinmoin:moinmoin:0.8 cpe:/a:moinmoin:moinmoin:0.9 cpe:/a:moinmoin:moinmoin:0.10 cpe:/a:moinmoin:moinmoin:0.11 cpe:/a:moinmoin:moinmoin:1.0 cpe:/a:moinmoin:moinmoin:1.1 cpe:/a:moinmoin:moinmoin:1.2 cpe:/a:moinmoin:moinmoin:1.2.1 cpe:/a:moinmoin:moinmoin:1.2.2 cpe:/a:moinmoin:moinmoin:1.5.0 cpe:/a:moinmoin:moinmoin:1.5.1 cpe:/a:moinmoin:moinmoin:1.5.2 cpe:/a:moinmoin:moinmoin:1.5.3 cpe:/a:moinmoin:moinmoin:1.5.3_rc1 cpe:/a:moinmoin:moinmoin:1.5.3_rc2 cpe:/a:moinmoin:moinmoin:1.5.4 cpe:/a:moinmoin:moinmoin:1.5.5 cpe:/a:moinmoin:moinmoin:1.5.5_rc1 cpe:/a:moinmoin:moinmoin:1.5.5a cpe:/a:moinmoin:moinmoin:1.5.6 cpe:/a:moinmoin:moinmoin:1.5.7 cpe:/a:moinmoin:moinmoin:1.5.8 cpe:/a:moinmoin:moinmoin:1.6 cpe:/a:moinmoin:moinmoin:1.6.0 cpe:/a:moinmoin:moinmoin:1.6.1 cpe:/a:moinmoin:moinmoin:1.6.2 cpe:/a:moinmoin:moinmoin:1.6.3 cpe:/a:moinmoin:moinmoin:1.7.0 cpe:/a:moinmoin:moinmoin:1.7.1 cpe:/a:moinmoin:moinmoin:1.7.2 cpe:/a:moinmoin:moinmoin:1.7.3 cpe:/a:moinmoin:moinmoin:1.8.0 CVE-2009-0260 2009-01-23T14:00:05.233-05:00 2018-10-11T17:01:00.537-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1 CONFIRM http://moinmo.in/SecurityFixes#moin1.8.1 BUGTRAQ 20090120 MoinMoin Wiki Engine XSS Vulnerability BID 33365 VUPEN ADV-2009-0195 XF moinmoin-attachfilepy-xss(48126) UBUNTU USN-716-1 DEBIAN DSA-1715 Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable). cpe:/a:effectmatrix:total_video_player:1.31 CVE-2009-0261 2009-01-23T14:00:05.250-05:00 2017-09-28T21:33:42.997-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BID 33373 XF totalvideoplayer-defaultskin-bo(48140) EXPLOIT-DB 7839 Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\DefaultSkin\DefaultSkin.ini file with a large ColumnHeaderSpan value. cpe:/a:trilogic:media_player:7 cpe:/a:trilogic:media_player:8.0.0.0 CVE-2009-0262 2009-01-23T14:00:05.280-05:00 2017-10-18T21:30:17.067-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33221 VUPEN ADV-2009-0097 EXPLOIT-DB 7737 Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information. cpe:/a:nullsoft:winamp:2.0 cpe:/a:nullsoft:winamp:2.4 cpe:/a:nullsoft:winamp:2.5e cpe:/a:nullsoft:winamp:2.6x cpe:/a:nullsoft:winamp:2.7x cpe:/a:nullsoft:winamp:2.10 cpe:/a:nullsoft:winamp:2.24 cpe:/a:nullsoft:winamp:2.50 cpe:/a:nullsoft:winamp:2.60 cpe:/a:nullsoft:winamp:2.60::full cpe:/a:nullsoft:winamp:2.60::lite cpe:/a:nullsoft:winamp:2.61 cpe:/a:nullsoft:winamp:2.61::full cpe:/a:nullsoft:winamp:2.62 cpe:/a:nullsoft:winamp:2.62::standard cpe:/a:nullsoft:winamp:2.64 cpe:/a:nullsoft:winamp:2.64::standard cpe:/a:nullsoft:winamp:2.65 cpe:/a:nullsoft:winamp:2.70 cpe:/a:nullsoft:winamp:2.70::full cpe:/a:nullsoft:winamp:2.71 cpe:/a:nullsoft:winamp:2.72 cpe:/a:nullsoft:winamp:2.73 cpe:/a:nullsoft:winamp:2.73::full cpe:/a:nullsoft:winamp:2.74 cpe:/a:nullsoft:winamp:2.75 cpe:/a:nullsoft:winamp:2.76 cpe:/a:nullsoft:winamp:2.77 cpe:/a:nullsoft:winamp:2.78 cpe:/a:nullsoft:winamp:2.79 cpe:/a:nullsoft:winamp:2.80 cpe:/a:nullsoft:winamp:2.81 cpe:/a:nullsoft:winamp:2.90 cpe:/a:nullsoft:winamp:2.91 cpe:/a:nullsoft:winamp:2.95 cpe:/a:nullsoft:winamp:3.0 cpe:/a:nullsoft:winamp:3.1 cpe:/a:nullsoft:winamp:5.0 cpe:/a:nullsoft:winamp:5.0.1 cpe:/a:nullsoft:winamp:5.0.2 cpe:/a:nullsoft:winamp:5.01 cpe:/a:nullsoft:winamp:5.02 cpe:/a:nullsoft:winamp:5.03 cpe:/a:nullsoft:winamp:5.03a cpe:/a:nullsoft:winamp:5.04 cpe:/a:nullsoft:winamp:5.05 cpe:/a:nullsoft:winamp:5.06 cpe:/a:nullsoft:winamp:5.07 cpe:/a:nullsoft:winamp:5.08 cpe:/a:nullsoft:winamp:5.08:c cpe:/a:nullsoft:winamp:5.08:d cpe:/a:nullsoft:winamp:5.08:e cpe:/a:nullsoft:winamp:5.08c cpe:/a:nullsoft:winamp:5.08d cpe:/a:nullsoft:winamp:5.08e cpe:/a:nullsoft:winamp:5.09 cpe:/a:nullsoft:winamp:5.11 cpe:/a:nullsoft:winamp:5.12 cpe:/a:nullsoft:winamp:5.13 cpe:/a:nullsoft:winamp:5.21 cpe:/a:nullsoft:winamp:5.22 cpe:/a:nullsoft:winamp:5.23 cpe:/a:nullsoft:winamp:5.24 cpe:/a:nullsoft:winamp:5.31 cpe:/a:nullsoft:winamp:5.32 cpe:/a:nullsoft:winamp:5.33 cpe:/a:nullsoft:winamp:5.34 cpe:/a:nullsoft:winamp:5.35 cpe:/a:nullsoft:winamp:5.36 cpe:/a:nullsoft:winamp:5.51 cpe:/a:nullsoft:winamp:5.52 cpe:/a:nullsoft:winamp:5.53 cpe:/a:nullsoft:winamp:5.54 cpe:/a:nullsoft:winamp:5.091 cpe:/a:nullsoft:winamp:5.093 cpe:/a:nullsoft:winamp:5.094 cpe:/a:nullsoft:winamp:5.111 cpe:/a:nullsoft:winamp:5.112 cpe:/a:nullsoft:winamp:5.541 CVE-2009-0263 2009-01-23T14:00:05.297-05:00 2017-10-18T21:30:17.130-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BID 33226 VUPEN ADV-2009-0113 EXPLOIT-DB 7742 Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file. cpe:/a:fujitsu:systemcastwizard_lite:1.7 cpe:/a:fujitsu:systemcastwizard_lite:1.8 cpe:/a:fujitsu:systemcastwizard_lite:1.8a cpe:/a:fujitsu:systemcastwizard_lite:1.9 cpe:/a:fujitsu:systemcastwizard_lite:2.0 cpe:/a:fujitsu:systemcastwizard_lite:2.0a CVE-2009-0264 2009-01-26T10:30:04.877-05:00 2017-08-07T21:33:51.987-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html BID 33644 XF systemcast-registrytool-bo(48315) Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors. cpe:/a:isc:bind:4 cpe:/a:isc:bind:4.9 cpe:/a:isc:bind:4.9.2 cpe:/a:isc:bind:4.9.3 cpe:/a:isc:bind:4.9.4 cpe:/a:isc:bind:4.9.5 cpe:/a:isc:bind:4.9.5:p1 cpe:/a:isc:bind:4.9.6 cpe:/a:isc:bind:4.9.7 cpe:/a:isc:bind:4.9.8 cpe:/a:isc:bind:4.9.9 cpe:/a:isc:bind:4.9.10 cpe:/a:isc:bind:8 cpe:/a:isc:bind:8.1 cpe:/a:isc:bind:8.1.1 cpe:/a:isc:bind:8.1.2 cpe:/a:isc:bind:8.2 cpe:/a:isc:bind:8.2:p1 cpe:/a:isc:bind:8.2.1 cpe:/a:isc:bind:8.2.2 cpe:/a:isc:bind:8.2.2:p1 cpe:/a:isc:bind:8.2.2:p2 cpe:/a:isc:bind:8.2.2:p3 cpe:/a:isc:bind:8.2.2:p4 cpe:/a:isc:bind:8.2.2:p5 cpe:/a:isc:bind:8.2.2:p6 cpe:/a:isc:bind:8.2.2:p7 cpe:/a:isc:bind:8.2.3 cpe:/a:isc:bind:8.2.4 cpe:/a:isc:bind:8.2.5 cpe:/a:isc:bind:8.2.6 cpe:/a:isc:bind:8.2.7 cpe:/a:isc:bind:8.3.0 cpe:/a:isc:bind:8.3.1 cpe:/a:isc:bind:8.3.2 cpe:/a:isc:bind:8.3.3 cpe:/a:isc:bind:8.3.4 cpe:/a:isc:bind:8.3.5 cpe:/a:isc:bind:8.3.6 cpe:/a:isc:bind:8.4 cpe:/a:isc:bind:8.4.1 cpe:/a:isc:bind:8.4.4 cpe:/a:isc:bind:8.4.5 cpe:/a:isc:bind:8.4.7 cpe:/a:isc:bind:9.0 cpe:/a:isc:bind:9.0.1 cpe:/a:isc:bind:9.1 cpe:/a:isc:bind:9.1.1 cpe:/a:isc:bind:9.1.2 cpe:/a:isc:bind:9.1.3 cpe:/a:isc:bind:9.2 cpe:/a:isc:bind:9.2.0 cpe:/a:isc:bind:9.2.1 cpe:/a:isc:bind:9.2.2 cpe:/a:isc:bind:9.2.2:p3 cpe:/a:isc:bind:9.2.3 cpe:/a:isc:bind:9.2.4 cpe:/a:isc:bind:9.2.5 cpe:/a:isc:bind:9.2.6 cpe:/a:isc:bind:9.2.7 cpe:/a:isc:bind:9.2.9 cpe:/a:isc:bind:9.3 cpe:/a:isc:bind:9.3.0 cpe:/a:isc:bind:9.3.1 cpe:/a:isc:bind:9.3.2 cpe:/a:isc:bind:9.3.3 cpe:/a:isc:bind:9.3.5-p2-w1:windows cpe:/a:isc:bind:9.4 cpe:/a:isc:bind:9.4.0 cpe:/a:isc:bind:9.4.0:rc1 cpe:/a:isc:bind:9.4.1 cpe:/a:isc:bind:9.4.2 cpe:/a:isc:bind:9.4.3 cpe:/a:isc:bind:9.4.3:rc1 cpe:/a:isc:bind:9.5.0 cpe:/a:isc:bind:9.5.0:rc1 cpe:/a:isc:bind:9.5.1 cpe:/a:isc:bind:9.5.1:rc1 cpe:/a:isc:bind:9.5.1:rc2 cpe:/a:isc:bind:9.6.0 cpe:/a:isc:bind:9.6.0:p1 cpe:/a:isc:bind:9.6.0:rc1 cpe:/a:isc:bind:9.6.0:rc2 CVE-2009-0265 2009-01-26T10:30:04.890-05:00 2018-10-30T12:27:02.357-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 SLACKWARE SSA:2009-014-02 MANDRIVA MDVSA-2009:037 VUPEN ADV-2009-0043 CONFIRM https://www.isc.org/node/373 Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. cpe:/a:trilogic:media_player:8.0.0.0 CVE-2009-0266 2009-01-26T10:30:04.920-05:00 2009-01-26T10:30:04.920-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-26T11:47:00.000-05:00 Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/o:sun:opensolaris:snv_01::sparc cpe:/o:sun:opensolaris:snv_01::x86 cpe:/o:sun:opensolaris:snv_02::sparc cpe:/o:sun:opensolaris:snv_02::x86 cpe:/o:sun:opensolaris:snv_03::sparc cpe:/o:sun:opensolaris:snv_03::x86 cpe:/o:sun:opensolaris:snv_04::sparc cpe:/o:sun:opensolaris:snv_04::x86 cpe:/o:sun:opensolaris:snv_05::sparc cpe:/o:sun:opensolaris:snv_05::x86 cpe:/o:sun:opensolaris:snv_06::sparc cpe:/o:sun:opensolaris:snv_06::x86 cpe:/o:sun:opensolaris:snv_07::sparc cpe:/o:sun:opensolaris:snv_07::x86 cpe:/o:sun:opensolaris:snv_08::sparc cpe:/o:sun:opensolaris:snv_08::x86 cpe:/o:sun:opensolaris:snv_09::sparc cpe:/o:sun:opensolaris:snv_09::x86 cpe:/o:sun:opensolaris:snv_10::sparc cpe:/o:sun:opensolaris:snv_10::x86 cpe:/o:sun:opensolaris:snv_11::sparc cpe:/o:sun:opensolaris:snv_12::sparc cpe:/o:sun:opensolaris:snv_13::sparc cpe:/o:sun:opensolaris:snv_14::sparc cpe:/o:sun:opensolaris:snv_15::sparc cpe:/o:sun:opensolaris:snv_16::sparc cpe:/o:sun:opensolaris:snv_17::sparc cpe:/o:sun:opensolaris:snv_18::sparc cpe:/o:sun:opensolaris:snv_19::sparc cpe:/o:sun:opensolaris:snv_20::sparc cpe:/o:sun:opensolaris:snv_21::sparc cpe:/o:sun:opensolaris:snv_21::x86 cpe:/o:sun:opensolaris:snv_22::sparc cpe:/o:sun:opensolaris:snv_22::x86 cpe:/o:sun:opensolaris:snv_23::sparc cpe:/o:sun:opensolaris:snv_23::x86 cpe:/o:sun:opensolaris:snv_24::sparc cpe:/o:sun:opensolaris:snv_24::x86 cpe:/o:sun:opensolaris:snv_25::sparc cpe:/o:sun:opensolaris:snv_25::x86 cpe:/o:sun:opensolaris:snv_26::sparc cpe:/o:sun:opensolaris:snv_26::x86 cpe:/o:sun:opensolaris:snv_27::sparc cpe:/o:sun:opensolaris:snv_27::x86 cpe:/o:sun:opensolaris:snv_28::sparc cpe:/o:sun:opensolaris:snv_28::x86 cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:solaris:9::sparc cpe:/o:sun:solaris:9::x86 cpe:/o:sun:solaris:10::sparc cpe:/o:sun:solaris:10::x86 CVE-2009-0267 2009-01-26T10:30:04.937-05:00 2017-09-28T21:33:43.153-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-113451-15-1 SUNALERT 247406 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-032.htm BID 33407 XF sun-solaris-libike-dos(48178) libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989. cpe:/o:sun:opensolaris:snv_01::sparc cpe:/o:sun:opensolaris:snv_01::x86 cpe:/o:sun:opensolaris:snv_02::sparc cpe:/o:sun:opensolaris:snv_02::x86 cpe:/o:sun:opensolaris:snv_03::sparc cpe:/o:sun:opensolaris:snv_03::x86 cpe:/o:sun:opensolaris:snv_04::sparc cpe:/o:sun:opensolaris:snv_04::x86 cpe:/o:sun:opensolaris:snv_05::sparc cpe:/o:sun:opensolaris:snv_05::x86 cpe:/o:sun:opensolaris:snv_06::sparc cpe:/o:sun:opensolaris:snv_06::x86 cpe:/o:sun:opensolaris:snv_07::sparc cpe:/o:sun:opensolaris:snv_07::x86 cpe:/o:sun:opensolaris:snv_08::sparc cpe:/o:sun:opensolaris:snv_08::x86 cpe:/o:sun:opensolaris:snv_09::sparc cpe:/o:sun:opensolaris:snv_09::x86 cpe:/o:sun:opensolaris:snv_10::sparc cpe:/o:sun:opensolaris:snv_10::x86 cpe:/o:sun:opensolaris:snv_11::sparc cpe:/o:sun:opensolaris:snv_11::x86 cpe:/o:sun:opensolaris:snv_12::sparc cpe:/o:sun:opensolaris:snv_12::x86 cpe:/o:sun:opensolaris:snv_13::sparc cpe:/o:sun:opensolaris:snv_13::x86 cpe:/o:sun:opensolaris:snv_14::sparc cpe:/o:sun:opensolaris:snv_14::x86 cpe:/o:sun:opensolaris:snv_15::sparc cpe:/o:sun:opensolaris:snv_15::x86 cpe:/o:sun:opensolaris:snv_16::sparc cpe:/o:sun:opensolaris:snv_16::x86 cpe:/o:sun:opensolaris:snv_17::sparc cpe:/o:sun:opensolaris:snv_17::x86 cpe:/o:sun:opensolaris:snv_18::sparc cpe:/o:sun:opensolaris:snv_18::x86 cpe:/o:sun:opensolaris:snv_19::sparc cpe:/o:sun:opensolaris:snv_19::x86 cpe:/o:sun:opensolaris:snv_20::sparc cpe:/o:sun:opensolaris:snv_20::x86 cpe:/o:sun:opensolaris:snv_21::sparc cpe:/o:sun:opensolaris:snv_21::x86 cpe:/o:sun:opensolaris:snv_22::sparc cpe:/o:sun:opensolaris:snv_22::x86 cpe:/o:sun:opensolaris:snv_23::sparc cpe:/o:sun:opensolaris:snv_23::x86 cpe:/o:sun:opensolaris:snv_24::sparc cpe:/o:sun:opensolaris:snv_24::x86 cpe:/o:sun:opensolaris:snv_25::sparc cpe:/o:sun:opensolaris:snv_25::x86 cpe:/o:sun:opensolaris:snv_26::sparc cpe:/o:sun:opensolaris:snv_26::x86 cpe:/o:sun:opensolaris:snv_27::sparc cpe:/o:sun:opensolaris:snv_27::x86 cpe:/o:sun:opensolaris:snv_28::sparc cpe:/o:sun:opensolaris:snv_28::x86 cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_102::sparc cpe:/o:sun:opensolaris:snv_102::x86 cpe:/o:sun:solaris:8::sparc cpe:/o:sun:solaris:8::x86 cpe:/o:sun:solaris:9::sparc cpe:/o:sun:solaris:9::x86 cpe:/o:sun:solaris:10::sparc cpe:/o:sun:solaris:10::x86 CVE-2009-0268 2009-01-26T10:30:04.953-05:00 2017-09-28T21:33:43.247-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-113685-07-1 SUNALERT 249586 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-034.htm BID 33406 SECTRACK 1021640 XF solaris-pseudo-terminal-dos(48179) Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl. cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.28 CVE-2009-0269 2009-01-26T10:30:04.967-05:00 2018-10-11T17:01:01.833-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=a17d5232de7b53d34229de79ec22f4bb04adb7e4 SUSE SUSE-SA:2009:010 SUSE SUSE-SA:2009:030 SUSE SUSE-SA:2009:031 DEBIAN DSA-1749 DEBIAN DSA-1787 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1 MANDRIVA MDVSA-2009:118 REDHAT RHSA-2009:0326 REDHAT RHSA-2009:0360 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 33412 UBUNTU USN-751-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-3316 XF linux-kernel-readlink-bo(48188) MLIST [ecryptfs-devel] 20081222 Re: [PATCH, v5] eCryptfs: check readlink result was not an error before using it MLIST [ecryptfs-devel] 20081222 Re: [PATCH, v5] eCryptfs: check readlink result was not an error before using it fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. cpe:/a:fujitsu:systemcastwizard_lite:1.7 cpe:/a:fujitsu:systemcastwizard_lite:1.8 cpe:/a:fujitsu:systemcastwizard_lite:1.8a cpe:/a:fujitsu:systemcastwizard_lite:1.9 cpe:/a:fujitsu:systemcastwizard_lite:2.0 cpe:/a:fujitsu:systemcastwizard_lite:2.0a CVE-2009-0270 2009-01-26T14:30:00.437-05:00 2018-10-11T17:01:06.037-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html BUGTRAQ 20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow. BID 33342 VUPEN ADV-2009-0176 MISC http://www.wintercore.com/advisories/advisory_W010109.html Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet. cpe:/a:fujitsu:systemcastwizard_lite:1.7 cpe:/a:fujitsu:systemcastwizard_lite:1.8 cpe:/a:fujitsu:systemcastwizard_lite:1.8a cpe:/a:fujitsu:systemcastwizard_lite:1.9 cpe:/a:fujitsu:systemcastwizard_lite:2.0 cpe:/a:fujitsu:systemcastwizard_lite:2.0a CVE-2009-0271 2009-01-26T14:30:00.483-05:00 2011-03-07T22:18:12.953-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html BID 33344 VUPEN ADV-2009-0176 Directory traversal vulnerability in the TFTP service in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors. cpe:/a:novell:groupwise:6.5 cpe:/a:novell:groupwise:7.0 cpe:/a:novell:groupwise:7.01 cpe:/a:novell:groupwise:7.02x cpe:/a:novell:groupwise:7.03 cpe:/a:novell:groupwise:7.03:hp1a cpe:/a:novell:groupwise:8.0 CVE-2009-0272 2009-02-02T17:30:00.233-05:00 2018-10-11T17:01:06.553-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319 MISC http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21 BUGTRAQ 20090130 PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors. cpe:/a:novell:groupwise:6.5 cpe:/a:novell:groupwise:7.0 cpe:/a:novell:groupwise:7.01 cpe:/a:novell:groupwise:7.02x cpe:/a:novell:groupwise:7.03 cpe:/a:novell:groupwise:7.03:hp1a cpe:/a:novell:groupwise:8.0 CVE-2009-0273 2009-02-02T17:30:00.267-05:00 2018-10-11T17:01:06.913-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320 CONFIRM http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321 MISC http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22 MISC http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23 BUGTRAQ 20090130 PR08-22: Persistent XSS on Novell GroupWise WebAccess BUGTRAQ 20090130 PR08-23: XSS on Novell GroupWise WebAccess BID 33537 BID 33541 Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments. cpe:/a:novell:groupwise:6.5 cpe:/a:novell:groupwise:7.0 cpe:/a:novell:groupwise:7.01 cpe:/a:novell:groupwise:7.02x cpe:/a:novell:groupwise:7.03 cpe:/a:novell:groupwise:7.03:hp1a cpe:/a:novell:groupwise:8.0 CVE-2009-0274 2009-02-03T14:30:00.313-05:00 2009-02-03T14:30:00.313-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-02-03T14:54:00.000-05:00 CONFIRM http://www.novell.com/support/viewContent.do?externalId=7002322 BID 33559 Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests. cpe:/a:ryneezy:phosheezy:0.2 CVE-2009-0275 2009-01-26T15:30:00.313-05:00 2009-01-26T15:30:00.313-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-26T16:22:00.000-05:00 ALLOWS_OTHER_ACCESS Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:google:chrome:0.2.152.1 cpe:/a:google:chrome:0.2.153.1 cpe:/a:google:chrome:0.3.154.0 cpe:/a:google:chrome:0.3.154.3 cpe:/a:google:chrome:0.4.154.18 cpe:/a:google:chrome:0.4.154.22 cpe:/a:google:chrome:0.4.154.31 cpe:/a:google:chrome:0.4.154.33 cpe:/a:google:chrome:1.0.154.36 cpe:/a:google:chrome:1.0.154.39 cpe:/a:google:chrome:1.0.154.42 cpe:/a:google:chrome:1.0.154.43 CVE-2009-0276 2009-02-03T14:30:00.343-05:00 2009-02-04T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-02-04T08:30:00.000-05:00 CONFIRM http://codereview.chromium.org/18531 CONFIRM http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html CONFIRM http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes CONFIRM http://src.chromium.org/viewvc/chrome?view=rev&revision=8524 Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_102::sparc CVE-2009-0277 2009-01-26T21:30:00.797-05:00 2017-08-07T21:33:52.330-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov SUNALERT 250066 BID 33398 VUPEN ADV-2009-0209 XF solaris-ultrasparct2-dos(48164) Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors. cpe:/a:sun:java_system_application_server:8.1::linux cpe:/a:sun:java_system_application_server:8.1::sparc cpe:/a:sun:java_system_application_server:8.1::windows cpe:/a:sun:java_system_application_server:8.1::x86 cpe:/a:sun:java_system_application_server:8.2::linux cpe:/a:sun:java_system_application_server:8.2::sparc cpe:/a:sun:java_system_application_server:8.2::windows cpe:/a:sun:java_system_application_server:8.2::x86 CVE-2009-0278 2009-01-26T21:30:04.547-05:00 2017-08-07T21:33:52.390-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1 SUNALERT 245446 BID 33397 VUPEN ADV-2009-0208 XF javasystem-webinf-metainf-info-disclosure(48161) Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. cpe:/a:pardalcms:pardalcms:0.1.1 cpe:/a:pardalcms:pardalcms:0.1.2 cpe:/a:pardalcms:pardalcms:0.1.3 cpe:/a:pardalcms:pardalcms:0.1a cpe:/a:pardalcms:pardalcms:0.01b cpe:/a:pardalcms:pardalcms:0.01c cpe:/a:pardalcms:pardalcms:0.2.0 CVE-2009-0279 2009-01-27T13:30:00.280-05:00 2017-09-28T21:33:43.403-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33404 XF pardalcms-comentar-sql-injection(48175) EXPLOIT-DB 7851 SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:asp-project:asp-project:1.0 CVE-2009-0280 2009-01-27T13:30:00.327-05:00 2018-10-11T17:01:07.867-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BUGTRAQ 20090122 Asp-project Cookie Handling BID 33401 XF aspproject-cookie-security-bypass(48172) EXPLOIT-DB 7850 Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. cpe:/a:warhound:walking_club CVE-2009-0281 2009-01-27T13:30:00.360-05:00 2017-09-28T21:33:43.513-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33317 XF walkingclub-login-sql-injection(48061) EXPLOIT-DB 7802 SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. cpe:/h:ralinktech:rt73:3.08 CVE-2009-0282 2009-01-27T13:30:00.377-05:00 2018-10-30T12:25:57.433-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995 GENTOO GLSA-200907-08 DEBIAN DSA-1712 DEBIAN DSA-1713 DEBIAN DSA-1714 BUGTRAQ 20090118 Ralinktech wireless cards drivers vulnerability BID 33340 Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error. cpe:/a:aobosoft:oblog CVE-2009-0283 2009-01-27T13:30:00.390-05:00 2018-10-11T17:01:10.023-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090123 Oblog XSS valnerability BUGTRAQ 20090124 Re: Oblog XSS valnerability BID 33416 Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter. cpe:/a:flaxweb:flax_article_manager:1.1 CVE-2009-0284 2009-01-27T13:30:00.420-05:00 2017-09-28T21:33:43.560-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://www.flaxweb.com/products/articles BID 33422 EXPLOIT-DB 7862 SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. cpe:/a:bbsxp:bbsxp:5.13 CVE-2009-0285 2009-01-27T13:30:00.437-05:00 2018-10-11T17:01:10.337-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090123 BBSxp Xss vulnerability BID 33411 XF bbsxp-error-xss(48187) Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter. cpe:/a:opengoo:opengoo:1.1 CVE-2009-0286 2009-01-27T13:30:00.453-05:00 2017-09-28T21:33:43.637-04:00 2.6 NETWORK HIGH NONE PARTIAL NONE NONE http://nvd.nist.gov BID 33421 EXPLOIT-DB 7863 Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter. cpe:/a:keep_toolkit:keep_toolkit:2.1 cpe:/a:keep_toolkit:keep_toolkit:2.5 CVE-2009-0287 2009-01-27T13:30:00.467-05:00 2009-02-05T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-27T14:11:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://keeptoolkit.svn.sourceforge.net/viewvc/keeptoolkit?view=rev&revision=56 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=655845&group_id=227492 BID 33425 SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password. cpe:/a:windows_tftp_utility:tftputil:1.2.0 cpe:/a:windows_tftp_utility:tftputil:1.3.0 CVE-2009-0288 2009-01-27T14:30:00.280-05:00 2018-10-11T17:01:10.630-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://sourceforge.net/forum/forum.php?forum_id=894598 MISC http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal BUGTRAQ 20090115 TFTPUtil GUI TFTP Directory Traversal BID 33287 XF tftputil-tftpget-directory-traversal(48019) Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request. cpe:/a:windows_tftp_utility:tftputil:1.2.0 cpe:/a:windows_tftp_utility:tftputil:1.3.0 CVE-2009-0289 2009-01-27T14:30:02.297-05:00 2018-10-11T17:01:11.130-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov MISC http://sourceforge.net/forum/forum.php?forum_id=894598 MISC http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-server-denial-of-servi?blog=1 BUGTRAQ 20090115 TFTPUtil GUI TFTP Server Denial of Service Vulnerability BID 33289 k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request. cpe:/a:sir:gnuboard:4.31.03 CVE-2009-0290 2009-01-27T14:30:02.313-05:00 2017-09-28T21:33:43.700-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33304 XF gnuboard-common-file-include(48015) EXPLOIT-DB 7792 Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname. cpe:/a:openx:openx:2.6.3 CVE-2009-0291 2009-01-27T15:30:04.953-05:00 2018-10-11T17:01:11.427-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BUGTRAQ 20090127 OpenX 2.6.3 - Local File Inclusion BID 33458 EXPLOIT-DB 7883 Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter. cpe:/a:shop-inet:shop-inet:4.0 CVE-2009-0292 2009-01-27T15:30:04.983-05:00 2017-09-28T21:33:43.793-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov EXPLOIT-DB 7874 SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter. cpe:/a:wazzum:wazzum_dating_software:_nil_ CVE-2009-0293 2009-01-27T15:30:05.017-05:00 2017-09-28T21:33:43.857-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33461 EXPLOIT-DB 7877 SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter. cpe:/a:webmobo:wbnews:2.0.1 CVE-2009-0294 2009-01-27T15:30:05.030-05:00 2018-10-11T17:01:11.710-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BUGTRAQ 20090125 WB News v2.0.X Remote File include .. BID 33434 Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288. cpe:/a:itlpoll:itpoll:2.7 CVE-2009-0295 2009-01-27T15:30:05.047-05:00 2017-09-28T21:33:43.903-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33452 EXPLOIT-DB 7867 SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:gempar:script_toko_online:5.01 CVE-2009-0296 2009-01-27T15:30:05.063-05:00 2017-09-28T21:33:43.967-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov EXPLOIT-DB 7873 SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. cpe:/a:clicktech:clickauction:_nil_ CVE-2009-0297 2009-01-27T15:30:05.093-05:00 2017-09-28T21:33:44.013-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov EXPLOIT-DB 7880 SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information. cpe:/a:mw6_technologies:barcode_activex:3.0.0.1 CVE-2009-0298 2009-01-27T15:30:05.110-05:00 2017-09-28T21:33:44.073-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33451 EXPLOIT-DB 7869 Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property. cpe:/a:groonesworld:glinks:2.1 CVE-2009-0299 2009-01-27T15:30:05.127-05:00 2017-09-28T21:33:44.137-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33460 EXPLOIT-DB 7878 EXPLOIT-DB 9236 SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. CVE-2009-0300 2009-01-27T15:30:05.140-05:00 2009-01-29T02:01:17.733-05:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2636. Reason: This candidate is a duplicate of CVE-2006-2636. Notes: All CVE users should reference CVE-2006-2636 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:grid2000:flexcell_grid_control:5.6.9 CVE-2009-0301 2009-01-27T15:30:05.157-05:00 2017-09-28T21:33:44.200-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33453 EXPLOIT-DB 7868 Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods. cpe:/a:php-nuke:downloads_module:8.0 CVE-2009-0302 2009-01-27T15:30:05.187-05:00 2018-10-11T17:01:11.977-04:00 4.6 NETWORK HIGH SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://1337day.com/exploits/15481 EXPLOIT-DB 18148 BUGTRAQ 20090123 PHP-Nuke 8.0 Downloads Blind Sql Injection BID 33410 BID 50770 XF downloads-module-sql-injection(48186) XF phpnuke-uri-sql-injection(71475) SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php. cpe:/a:webhelpdesk:web_help_desk:8.0.20 cpe:/a:webhelpdesk:web_help_desk:8.0.21 cpe:/a:webhelpdesk:web_help_desk:8.0.22 cpe:/a:webhelpdesk:web_help_desk:8.2.0 cpe:/a:webhelpdesk:web_help_desk:8.2.0.1 cpe:/a:webhelpdesk:web_help_desk:8.2.0.2 cpe:/a:webhelpdesk:web_help_desk:8.2.0.3 cpe:/a:webhelpdesk:web_help_desk:8.2.0.4 cpe:/a:webhelpdesk:web_help_desk:8.2.0.5 cpe:/a:webhelpdesk:web_help_desk:8.2.0.6 cpe:/a:webhelpdesk:web_help_desk:8.2.0.7 cpe:/a:webhelpdesk:web_help_desk:8.2.0.8 cpe:/a:webhelpdesk:web_help_desk:8.2.0.9 cpe:/a:webhelpdesk:web_help_desk:8.2.0.10 cpe:/a:webhelpdesk:web_help_desk:8.2.1.1 cpe:/a:webhelpdesk:web_help_desk:8.2.1.2 cpe:/a:webhelpdesk:web_help_desk:8.2.1.3 cpe:/a:webhelpdesk:web_help_desk:8.2.1.4 cpe:/a:webhelpdesk:web_help_desk:8.2.1.5 cpe:/a:webhelpdesk:web_help_desk:8.2.2 cpe:/a:webhelpdesk:web_help_desk:8.2.3 cpe:/a:webhelpdesk:web_help_desk:8.2.3.1 cpe:/a:webhelpdesk:web_help_desk:8.2.3.2 cpe:/a:webhelpdesk:web_help_desk:8.2.3.3 cpe:/a:webhelpdesk:web_help_desk:8.2.3.4 cpe:/a:webhelpdesk:web_help_desk:8.2.4 cpe:/a:webhelpdesk:web_help_desk:8.2.4.1 cpe:/a:webhelpdesk:web_help_desk:8.2.4.2 cpe:/a:webhelpdesk:web_help_desk:8.2.4.3 cpe:/a:webhelpdesk:web_help_desk:8.3.0.1 cpe:/a:webhelpdesk:web_help_desk:8.3.0.2 cpe:/a:webhelpdesk:web_help_desk:8.3.0.3 cpe:/a:webhelpdesk:web_help_desk:8.3.0.4 cpe:/a:webhelpdesk:web_help_desk:8.3.0.5 cpe:/a:webhelpdesk:web_help_desk:8.3.1 cpe:/a:webhelpdesk:web_help_desk:8.3.1.1 cpe:/a:webhelpdesk:web_help_desk:8.3.1.2 cpe:/a:webhelpdesk:web_help_desk:8.3.1.3 cpe:/a:webhelpdesk:web_help_desk:8.3.2 cpe:/a:webhelpdesk:web_help_desk:8.3.3 cpe:/a:webhelpdesk:web_help_desk:8.3.3.1 cpe:/a:webhelpdesk:web_help_desk:8.3.3.2 cpe:/a:webhelpdesk:web_help_desk:8.3.3.3 cpe:/a:webhelpdesk:web_help_desk:8.3.3.4 cpe:/a:webhelpdesk:web_help_desk:8.3.4.0 cpe:/a:webhelpdesk:web_help_desk:8.3.4.1 cpe:/a:webhelpdesk:web_help_desk:8.3.4.2 cpe:/a:webhelpdesk:web_help_desk:8.3.5.1 cpe:/a:webhelpdesk:web_help_desk:8.3.5.2 cpe:/a:webhelpdesk:web_help_desk:8.3.5.3 cpe:/a:webhelpdesk:web_help_desk:8.3.5.4 cpe:/a:webhelpdesk:web_help_desk:8.3.5.5 cpe:/a:webhelpdesk:web_help_desk:8.3.5.6 cpe:/a:webhelpdesk:web_help_desk:8.3.6 cpe:/a:webhelpdesk:web_help_desk:8.3.6.1 cpe:/a:webhelpdesk:web_help_desk:8.4.1.0 cpe:/a:webhelpdesk:web_help_desk:8.4.1.1 cpe:/a:webhelpdesk:web_help_desk:8.4.1.2 cpe:/a:webhelpdesk:web_help_desk:8.4.1.3 cpe:/a:webhelpdesk:web_help_desk:8.4.1.4 cpe:/a:webhelpdesk:web_help_desk:8.4.1.5 cpe:/a:webhelpdesk:web_help_desk:8.4.1.6 cpe:/a:webhelpdesk:web_help_desk:8.4.1.7 cpe:/a:webhelpdesk:web_help_desk:8.4.1.8 cpe:/a:webhelpdesk:web_help_desk:8.4.1.9 cpe:/a:webhelpdesk:web_help_desk:8.4.2.0 cpe:/a:webhelpdesk:web_help_desk:8.4.2.1 cpe:/a:webhelpdesk:web_help_desk:8.4.2.2 cpe:/a:webhelpdesk:web_help_desk:8.4.2.3 cpe:/a:webhelpdesk:web_help_desk:8.4.3.0 cpe:/a:webhelpdesk:web_help_desk:8.4.3.1 cpe:/a:webhelpdesk:web_help_desk:8.4.3.2 cpe:/a:webhelpdesk:web_help_desk:8.4.3.3 cpe:/a:webhelpdesk:web_help_desk:8.4.3.4 cpe:/a:webhelpdesk:web_help_desk:8.4.3.5 cpe:/a:webhelpdesk:web_help_desk:8.4.3.6 cpe:/a:webhelpdesk:web_help_desk:8.4.3.7 cpe:/a:webhelpdesk:web_help_desk:8.4.4 cpe:/a:webhelpdesk:web_help_desk:8.4.5 cpe:/a:webhelpdesk:web_help_desk:8.4.5.1 cpe:/a:webhelpdesk:web_help_desk:8.4.5.2 cpe:/a:webhelpdesk:web_help_desk:8.4.6.0 cpe:/a:webhelpdesk:web_help_desk:8.4.6.1 cpe:/a:webhelpdesk:web_help_desk:8.4.6.2 cpe:/a:webhelpdesk:web_help_desk:8.4.6.3 cpe:/a:webhelpdesk:web_help_desk:8.4.6.4 cpe:/a:webhelpdesk:web_help_desk:8.4.6.5 cpe:/a:webhelpdesk:web_help_desk:8.4.6.6 cpe:/a:webhelpdesk:web_help_desk:8.4.6.7 cpe:/a:webhelpdesk:web_help_desk:8.4.6.8 cpe:/a:webhelpdesk:web_help_desk:8.4.6.10 cpe:/a:webhelpdesk:web_help_desk:9.1.0 cpe:/a:webhelpdesk:web_help_desk:9.1.1 cpe:/a:webhelpdesk:web_help_desk:9.1.2 cpe:/a:webhelpdesk:web_help_desk:9.1.4 cpe:/a:webhelpdesk:web_help_desk:9.1.5 cpe:/a:webhelpdesk:web_help_desk:9.1.6 cpe:/a:webhelpdesk:web_help_desk:9.1.7 cpe:/a:webhelpdesk:web_help_desk:9.1.8 cpe:/a:webhelpdesk:web_help_desk:9.1.9 cpe:/a:webhelpdesk:web_help_desk:9.1.10 cpe:/a:webhelpdesk:web_help_desk:9.1.11 cpe:/a:webhelpdesk:web_help_desk:9.1.12 cpe:/a:webhelpdesk:web_help_desk:9.1.13 cpe:/a:webhelpdesk:web_help_desk:9.1.14 cpe:/a:webhelpdesk:web_help_desk:9.1.15 cpe:/a:webhelpdesk:web_help_desk:9.1.16 cpe:/a:webhelpdesk:web_help_desk:9.1.17 CVE-2009-0303 2009-01-27T15:30:05.203-05:00 2009-01-28T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-01-28T10:37:00.000-05:00 CONFIRM http://updates.webhelpdesk.com/weblog/updates/StableReleases/2009/01/23/911812309.html BID 33429 Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa. cpe:/o:sun:opensolaris:snv_01::sparc cpe:/o:sun:opensolaris:snv_01::x86 cpe:/o:sun:opensolaris:snv_02::sparc cpe:/o:sun:opensolaris:snv_02::x86 cpe:/o:sun:opensolaris:snv_03::sparc cpe:/o:sun:opensolaris:snv_03::x86 cpe:/o:sun:opensolaris:snv_04::sparc cpe:/o:sun:opensolaris:snv_04::x86 cpe:/o:sun:opensolaris:snv_05::sparc cpe:/o:sun:opensolaris:snv_05::x86 cpe:/o:sun:opensolaris:snv_06::sparc cpe:/o:sun:opensolaris:snv_06::x86 cpe:/o:sun:opensolaris:snv_07::sparc cpe:/o:sun:opensolaris:snv_07::x86 cpe:/o:sun:opensolaris:snv_08::sparc cpe:/o:sun:opensolaris:snv_08::x86 cpe:/o:sun:opensolaris:snv_09::sparc cpe:/o:sun:opensolaris:snv_09::x86 cpe:/o:sun:opensolaris:snv_10::sparc cpe:/o:sun:opensolaris:snv_10::x86 cpe:/o:sun:opensolaris:snv_11::sparc cpe:/o:sun:opensolaris:snv_11::x86 cpe:/o:sun:opensolaris:snv_12::sparc cpe:/o:sun:opensolaris:snv_12::x86 cpe:/o:sun:opensolaris:snv_13::sparc cpe:/o:sun:opensolaris:snv_13::x86 cpe:/o:sun:opensolaris:snv_14::sparc cpe:/o:sun:opensolaris:snv_14::x86 cpe:/o:sun:opensolaris:snv_15::sparc cpe:/o:sun:opensolaris:snv_15::x86 cpe:/o:sun:opensolaris:snv_16::sparc cpe:/o:sun:opensolaris:snv_16::x86 cpe:/o:sun:opensolaris:snv_17::sparc cpe:/o:sun:opensolaris:snv_17::x86 cpe:/o:sun:opensolaris:snv_18::sparc cpe:/o:sun:opensolaris:snv_18::x86 cpe:/o:sun:opensolaris:snv_19::sparc cpe:/o:sun:opensolaris:snv_19::x86 cpe:/o:sun:opensolaris:snv_20::sparc cpe:/o:sun:opensolaris:snv_20::x86 cpe:/o:sun:opensolaris:snv_21::sparc cpe:/o:sun:opensolaris:snv_21::x86 cpe:/o:sun:opensolaris:snv_22::sparc cpe:/o:sun:opensolaris:snv_22::x86 cpe:/o:sun:opensolaris:snv_23::sparc cpe:/o:sun:opensolaris:snv_23::x86 cpe:/o:sun:opensolaris:snv_24::sparc cpe:/o:sun:opensolaris:snv_24::x86 cpe:/o:sun:opensolaris:snv_25::sparc cpe:/o:sun:opensolaris:snv_25::x86 cpe:/o:sun:opensolaris:snv_26::sparc cpe:/o:sun:opensolaris:snv_26::x86 cpe:/o:sun:opensolaris:snv_27::sparc cpe:/o:sun:opensolaris:snv_27::x86 cpe:/o:sun:opensolaris:snv_28::sparc cpe:/o:sun:opensolaris:snv_28::x86 cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_101b cpe:/o:sun:opensolaris:snv_102::sparc cpe:/o:sun:opensolaris:snv_102::x86 cpe:/o:sun:opensolaris:snv_103::sparc cpe:/o:sun:opensolaris:snv_103::x86 cpe:/o:sun:opensolaris:snv_104::sparc cpe:/o:sun:opensolaris:snv_104::x86 cpe:/o:sun:opensolaris:snv_105::sparc cpe:/o:sun:opensolaris:snv_105::x86 cpe:/o:sun:opensolaris:snv_106::sparc cpe:/o:sun:opensolaris:snv_106::x86 cpe:/o:sun:opensolaris:snv_107::sparc cpe:/o:sun:opensolaris:snv_107::x86 cpe:/o:sun:solaris:10::sparc cpe:/o:sun:solaris:10::x86 CVE-2009-0304 2009-01-27T15:30:05.217-05:00 2017-09-28T21:33:44.293-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov FULLDISC 20090126 Solaris Devs Are Smoking Pot SECTRACK 1021635 SUNALERT 251006 BID 33435 VUPEN ADV-2009-0232 XF sun-solaris-ipv6packets-dos(48208) EXPLOIT-DB 7865 The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c. cpe:/a:research_in_motion_limited:blackberry_application_web_loader:1.0 CVE-2009-0305 2009-02-10T17:30:00.390-05:00 2009-02-17T01:57:01.953-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://blackberry.com/btsc/KB16248 CERT-VN VU#131100 CONFIRM http://www.microsoft.com/technet/security/advisory/960715.mspx BID 33663 Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method. cpe:/a:ibm:lotus_notes_intellisync cpe:/a:rim:blackberry_desktop_software:5.0 CVE-2009-0306 2009-11-04T10:30:00.437-05:00 2009-11-12T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-11-04T11:16:00.000-05:00 CONFIRM http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19701 BID 36903 VUPEN ADV-2009-3133 Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information. cpe:/a:rim:blackberry_enterprise_server:4.0 cpe:/a:rim:blackberry_enterprise_server:4.0:sp3 cpe:/a:rim:blackberry_enterprise_server:4.0.3 cpe:/a:rim:blackberry_enterprise_server:4.1 cpe:/a:rim:blackberry_enterprise_server:4.1:sp3 cpe:/a:rim:blackberry_enterprise_server:4.1.3 cpe:/a:rim:blackberry_enterprise_server:4.1.4 cpe:/a:rim:blackberry_enterprise_server:4.1.5 cpe:/a:rim:blackberry_enterprise_server:4.1.6 cpe:/a:rim:blackberry_enterprise_server:4.1.6:mr4 CVE-2009-0307 2009-04-22T14:30:00.170-04:00 2009-04-28T01:37:41.627-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov FULLDISC 20090417 ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service CONFIRM http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969 BID 34573 SECTRACK 1022081 VUPEN ADV-2009-1090 Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters. cpe:/o:opensuse:opensuse:10.3 cpe:/o:opensuse:opensuse:11.0 CVE-2009-0310 2009-02-18T11:30:00.327-05:00 2018-10-30T12:27:33.250-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUSE SUSE-SR:2009:004 BID 33794 XF suse-blinux-bo(48797) Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings." cpe:/a:emc:autostart:5.3 cpe:/a:emc:autostart:5.3:sp1 CVE-2009-0311 2009-01-27T17:30:00.377-05:00 2018-10-11T17:01:12.867-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090123 ZDI-09-009: EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability BID 33415 SECTRACK 1021636 MISC http://zerodayinitiative.com/advisories/ZDI-09-009/ XF autostart-backbone-code-execution(48197) The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. cpe:/a:moinmoin:moinmoin:1.7.0 cpe:/a:moinmoin:moinmoin:1.8.1 CVE-2009-0312 2009-01-27T20:30:03.170-05:00 2018-10-03T17:58:15.097-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad CONFIRM http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad CONFIRM http://moinmo.in/SecurityFixes#moin1.8.1 MLIST [oss-security] 20090127 CVE Request: MoinMoin XF moinmoin-antispam-xss(48306) UBUNTU USN-716-1 DEBIAN DSA-1715 Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content. cpe:/a:kegel:winetricks:20081127 CVE-2009-0313 2009-01-27T21:30:00.297-05:00 2017-08-07T21:33:53.080-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://code.google.com/p/winezeug/source/detail?r=253 SUSE SUSE-SR:2009:004 BID 33474 XF winetricks-xshowmenu-symlink(48320) winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file. cpe:/a:gnome:gedit CVE-2009-0314 2009-01-28T06:30:00.267-05:00 2017-08-07T21:33:53.127-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://bugzilla.gnome.org/show_bug.cgi?id=569214 GENTOO GLSA-200903-41 MANDRIVA MDVSA-2009:039 MLIST [oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) BID 33445 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=481556 XF gedit-pysyssetargv-privilege-escalation(48271) FEDORA FEDORA-2009-1189 Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). cpe:/a:xchat:xchat CVE-2009-0315 2009-01-28T06:30:00.280-05:00 2009-03-06T01:49:28.233-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MANDRIVA MDVSA-2009:059 MLIST [oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) BID 33444 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=481560 Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). cpe:/a:vim:vim:1.0 cpe:/a:vim:vim:1.22 cpe:/a:vim:vim:3.0 cpe:/a:vim:vim:4.0 cpe:/a:vim:vim:5.0 cpe:/a:vim:vim:5.1 cpe:/a:vim:vim:5.2 cpe:/a:vim:vim:5.3 cpe:/a:vim:vim:5.4 cpe:/a:vim:vim:5.5 cpe:/a:vim:vim:5.6 cpe:/a:vim:vim:5.7 cpe:/a:vim:vim:5.8 cpe:/a:vim:vim:6.0 cpe:/a:vim:vim:6.1 cpe:/a:vim:vim:6.2 cpe:/a:vim:vim:6.3 cpe:/a:vim:vim:6.4 cpe:/a:vim:vim:7.0 cpe:/a:vim:vim:7.1 cpe:/a:vim:vim:7.2 CVE-2009-0316 2009-01-28T06:30:00.297-05:00 2017-08-07T21:33:53.187-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937 APPLE APPLE-SA-2010-03-29-1 CONFIRM http://support.apple.com/kb/HT4077 MANDRIVA MDVSA-2009:047 MLIST [debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd MLIST [oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) BID 33447 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=481565 XF vim-pysyssetargv-privilege-escalation(48275) CONFIRM https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045 Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. cpe:/a:gnome:nautilus-python CVE-2009-0317 2009-01-28T06:30:00.327-05:00 2009-02-05T01:53:34.717-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MLIST [oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) BID 33442 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=481570 Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). cpe:/a:gnome:gnumeric CVE-2009-0318 2009-01-28T06:30:00.343-05:00 2009-04-16T01:37:06.640-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://bugzilla.gnome.org/show_bug.cgi?id=569648 GENTOO GLSA-200904-03 MANDRIVA MDVSA-2009:043 MLIST [oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) BID 33438 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=481572 FEDORA FEDORA-2009-1295 Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). cpe:/o:sun:opensolaris:snv_01::sparc cpe:/o:sun:opensolaris:snv_01::x86 cpe:/o:sun:opensolaris:snv_02::sparc cpe:/o:sun:opensolaris:snv_02::x86 cpe:/o:sun:opensolaris:snv_03::sparc cpe:/o:sun:opensolaris:snv_03::x86 cpe:/o:sun:opensolaris:snv_04::sparc cpe:/o:sun:opensolaris:snv_04::x86 cpe:/o:sun:opensolaris:snv_05::sparc cpe:/o:sun:opensolaris:snv_05::x86 cpe:/o:sun:opensolaris:snv_06::sparc cpe:/o:sun:opensolaris:snv_06::x86 cpe:/o:sun:opensolaris:snv_07::sparc cpe:/o:sun:opensolaris:snv_07::x86 cpe:/o:sun:opensolaris:snv_08::sparc cpe:/o:sun:opensolaris:snv_08::x86 cpe:/o:sun:opensolaris:snv_09::sparc cpe:/o:sun:opensolaris:snv_09::x86 cpe:/o:sun:opensolaris:snv_10::sparc cpe:/o:sun:opensolaris:snv_10::x86 cpe:/o:sun:opensolaris:snv_11::sparc cpe:/o:sun:opensolaris:snv_12::sparc cpe:/o:sun:opensolaris:snv_13::sparc cpe:/o:sun:opensolaris:snv_14::sparc cpe:/o:sun:opensolaris:snv_15::sparc cpe:/o:sun:opensolaris:snv_16::sparc cpe:/o:sun:opensolaris:snv_17::sparc cpe:/o:sun:opensolaris:snv_18::sparc cpe:/o:sun:opensolaris:snv_19::sparc cpe:/o:sun:opensolaris:snv_20::sparc cpe:/o:sun:opensolaris:snv_21::sparc cpe:/o:sun:opensolaris:snv_21::x86 cpe:/o:sun:opensolaris:snv_22::sparc cpe:/o:sun:opensolaris:snv_22::x86 cpe:/o:sun:opensolaris:snv_23::sparc cpe:/o:sun:opensolaris:snv_23::x86 cpe:/o:sun:opensolaris:snv_24::sparc cpe:/o:sun:opensolaris:snv_24::x86 cpe:/o:sun:opensolaris:snv_25::sparc cpe:/o:sun:opensolaris:snv_25::x86 cpe:/o:sun:opensolaris:snv_26::sparc cpe:/o:sun:opensolaris:snv_26::x86 cpe:/o:sun:opensolaris:snv_27::sparc cpe:/o:sun:opensolaris:snv_27::x86 cpe:/o:sun:opensolaris:snv_28::sparc cpe:/o:sun:opensolaris:snv_28::x86 cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_102::sparc cpe:/o:sun:opensolaris:snv_102::x86 cpe:/o:sun:opensolaris:snv_103::sparc cpe:/o:sun:opensolaris:snv_103::x86 cpe:/o:sun:opensolaris:snv_104::sparc cpe:/o:sun:opensolaris:snv_104::x86 cpe:/o:sun:opensolaris:snv_105::sparc cpe:/o:sun:opensolaris:snv_105::x86 cpe:/o:sun:opensolaris:snv_106::sparc cpe:/o:sun:opensolaris:snv_106::x86 cpe:/o:sun:opensolaris:snv_107::sparc cpe:/o:sun:opensolaris:snv_107::x86 cpe:/o:sun:solaris:8::sparc cpe:/o:sun:solaris:8::x86 cpe:/o:sun:solaris:9::sparc cpe:/o:sun:solaris:9::x86 cpe:/o:sun:solaris:10::sparc cpe:/o:sun:solaris:10::x86 CVE-2009-0319 2009-01-28T13:30:00.203-05:00 2017-09-28T21:33:44.417-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-128624-09-1 SUNALERT 249966 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-041.htm BID 33459 SECTRACK 1021644 VUPEN ADV-2009-0256 VUPEN ADV-2009-0363 XF solaris-autofs-code-execution(48234) Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems." cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_xp CVE-2009-0320 2009-01-28T13:30:00.217-05:00 2018-10-11T17:01:13.443-04:00 4.0 LOCAL HIGH NONE COMPLETE NONE NONE http://nvd.nist.gov BUGTRAQ 20090124 Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200 BID 33440 Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." cpe:/a:apple:safari:3.2.1 CVE-2009-0321 2009-01-28T13:30:00.250-05:00 2017-09-28T21:33:44.497-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov MISC http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html BID 33481 XF safari-httpuri-dos(48284) Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. cpe:/o:canonical:ubuntu_linux:7.10 cpe:/o:canonical:ubuntu_linux:8.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:8.10 cpe:/o:debian:debian_linux:4.0 cpe:/o:debian:debian_linux:5.0 cpe:/o:linux:linux_kernel:- cpe:/o:linux:linux_kernel:1.2.0 cpe:/o:linux:linux_kernel:1.3.0 cpe:/o:linux:linux_kernel:2.0.0 cpe:/o:linux:linux_kernel:2.0.1 cpe:/o:linux:linux_kernel:2.0.2 cpe:/o:linux:linux_kernel:2.0.3 cpe:/o:linux:linux_kernel:2.0.4 cpe:/o:linux:linux_kernel:2.0.5 cpe:/o:linux:linux_kernel:2.0.6 cpe:/o:linux:linux_kernel:2.0.7 cpe:/o:linux:linux_kernel:2.0.8 cpe:/o:linux:linux_kernel:2.0.9 cpe:/o:linux:linux_kernel:2.0.10 cpe:/o:linux:linux_kernel:2.0.11 cpe:/o:linux:linux_kernel:2.0.12 cpe:/o:linux:linux_kernel:2.0.13 cpe:/o:linux:linux_kernel:2.0.14 cpe:/o:linux:linux_kernel:2.0.15 cpe:/o:linux:linux_kernel:2.0.16 cpe:/o:linux:linux_kernel:2.0.17 cpe:/o:linux:linux_kernel:2.0.18 cpe:/o:linux:linux_kernel:2.0.19 cpe:/o:linux:linux_kernel:2.0.20 cpe:/o:linux:linux_kernel:2.0.21 cpe:/o:linux:linux_kernel:2.0.22 cpe:/o:linux:linux_kernel:2.0.23 cpe:/o:linux:linux_kernel:2.0.24 cpe:/o:linux:linux_kernel:2.0.25 cpe:/o:linux:linux_kernel:2.0.26 cpe:/o:linux:linux_kernel:2.0.27 cpe:/o:linux:linux_kernel:2.0.28 cpe:/o:linux:linux_kernel:2.0.29 cpe:/o:linux:linux_kernel:2.0.30 cpe:/o:linux:linux_kernel:2.0.31 cpe:/o:linux:linux_kernel:2.0.32 cpe:/o:linux:linux_kernel:2.0.33 cpe:/o:linux:linux_kernel:2.0.34 cpe:/o:linux:linux_kernel:2.0.35 cpe:/o:linux:linux_kernel:2.0.36 cpe:/o:linux:linux_kernel:2.0.37 cpe:/o:linux:linux_kernel:2.0.38 cpe:/o:linux:linux_kernel:2.0.39 cpe:/o:linux:linux_kernel:2.1.0 cpe:/o:linux:linux_kernel:2.1.1 cpe:/o:linux:linux_kernel:2.1.2 cpe:/o:linux:linux_kernel:2.1.3 cpe:/o:linux:linux_kernel:2.1.4 cpe:/o:linux:linux_kernel:2.1.5 cpe:/o:linux:linux_kernel:2.1.6 cpe:/o:linux:linux_kernel:2.1.7 cpe:/o:linux:linux_kernel:2.1.8 cpe:/o:linux:linux_kernel:2.1.9 cpe:/o:linux:linux_kernel:2.1.10 cpe:/o:linux:linux_kernel:2.1.11 cpe:/o:linux:linux_kernel:2.1.12 cpe:/o:linux:linux_kernel:2.1.13 cpe:/o:linux:linux_kernel:2.1.14 cpe:/o:linux:linux_kernel:2.1.15 cpe:/o:linux:linux_kernel:2.1.16 cpe:/o:linux:linux_kernel:2.1.17 cpe:/o:linux:linux_kernel:2.1.18 cpe:/o:linux:linux_kernel:2.1.19 cpe:/o:linux:linux_kernel:2.1.20 cpe:/o:linux:linux_kernel:2.1.21 cpe:/o:linux:linux_kernel:2.1.22 cpe:/o:linux:linux_kernel:2.1.23 cpe:/o:linux:linux_kernel:2.1.24 cpe:/o:linux:linux_kernel:2.1.25 cpe:/o:linux:linux_kernel:2.1.26 cpe:/o:linux:linux_kernel:2.1.27 cpe:/o:linux:linux_kernel:2.1.28 cpe:/o:linux:linux_kernel:2.1.29 cpe:/o:linux:linux_kernel:2.1.30 cpe:/o:linux:linux_kernel:2.1.31 cpe:/o:linux:linux_kernel:2.1.32 cpe:/o:linux:linux_kernel:2.1.33 cpe:/o:linux:linux_kernel:2.1.34 cpe:/o:linux:linux_kernel:2.1.35 cpe:/o:linux:linux_kernel:2.1.36 cpe:/o:linux:linux_kernel:2.1.37 cpe:/o:linux:linux_kernel:2.1.38 cpe:/o:linux:linux_kernel:2.1.39 cpe:/o:linux:linux_kernel:2.1.40 cpe:/o:linux:linux_kernel:2.1.41 cpe:/o:linux:linux_kernel:2.1.42 cpe:/o:linux:linux_kernel:2.1.43 cpe:/o:linux:linux_kernel:2.1.44 cpe:/o:linux:linux_kernel:2.1.45 cpe:/o:linux:linux_kernel:2.1.46 cpe:/o:linux:linux_kernel:2.1.47 cpe:/o:linux:linux_kernel:2.1.48 cpe:/o:linux:linux_kernel:2.1.49 cpe:/o:linux:linux_kernel:2.1.50 cpe:/o:linux:linux_kernel:2.1.51 cpe:/o:linux:linux_kernel:2.1.52 cpe:/o:linux:linux_kernel:2.1.53 cpe:/o:linux:linux_kernel:2.1.54 cpe:/o:linux:linux_kernel:2.1.55 cpe:/o:linux:linux_kernel:2.1.56 cpe:/o:linux:linux_kernel:2.1.57 cpe:/o:linux:linux_kernel:2.1.58 cpe:/o:linux:linux_kernel:2.1.59 cpe:/o:linux:linux_kernel:2.1.60 cpe:/o:linux:linux_kernel:2.1.61 cpe:/o:linux:linux_kernel:2.1.62 cpe:/o:linux:linux_kernel:2.1.63 cpe:/o:linux:linux_kernel:2.1.64 cpe:/o:linux:linux_kernel:2.1.65 cpe:/o:linux:linux_kernel:2.1.66 cpe:/o:linux:linux_kernel:2.1.67 cpe:/o:linux:linux_kernel:2.1.68 cpe:/o:linux:linux_kernel:2.1.69 cpe:/o:linux:linux_kernel:2.1.70 cpe:/o:linux:linux_kernel:2.1.71 cpe:/o:linux:linux_kernel:2.1.72 cpe:/o:linux:linux_kernel:2.1.73 cpe:/o:linux:linux_kernel:2.1.74 cpe:/o:linux:linux_kernel:2.1.75 cpe:/o:linux:linux_kernel:2.1.76 cpe:/o:linux:linux_kernel:2.1.77 cpe:/o:linux:linux_kernel:2.1.78 cpe:/o:linux:linux_kernel:2.1.79 cpe:/o:linux:linux_kernel:2.1.80 cpe:/o:linux:linux_kernel:2.1.81 cpe:/o:linux:linux_kernel:2.1.82 cpe:/o:linux:linux_kernel:2.1.83 cpe:/o:linux:linux_kernel:2.1.84 cpe:/o:linux:linux_kernel:2.1.85 cpe:/o:linux:linux_kernel:2.1.86 cpe:/o:linux:linux_kernel:2.1.87 cpe:/o:linux:linux_kernel:2.1.88 cpe:/o:linux:linux_kernel:2.1.89 cpe:/o:linux:linux_kernel:2.1.90 cpe:/o:linux:linux_kernel:2.1.91 cpe:/o:linux:linux_kernel:2.1.92 cpe:/o:linux:linux_kernel:2.1.93 cpe:/o:linux:linux_kernel:2.1.94 cpe:/o:linux:linux_kernel:2.1.95 cpe:/o:linux:linux_kernel:2.1.96 cpe:/o:linux:linux_kernel:2.1.97 cpe:/o:linux:linux_kernel:2.1.98 cpe:/o:linux:linux_kernel:2.1.99 cpe:/o:linux:linux_kernel:2.1.100 cpe:/o:linux:linux_kernel:2.1.101 cpe:/o:linux:linux_kernel:2.1.102 cpe:/o:linux:linux_kernel:2.1.103 cpe:/o:linux:linux_kernel:2.1.104 cpe:/o:linux:linux_kernel:2.1.105 cpe:/o:linux:linux_kernel:2.1.106 cpe:/o:linux:linux_kernel:2.1.107 cpe:/o:linux:linux_kernel:2.1.108 cpe:/o:linux:linux_kernel:2.1.109 cpe:/o:linux:linux_kernel:2.1.110 cpe:/o:linux:linux_kernel:2.1.111 cpe:/o:linux:linux_kernel:2.1.112 cpe:/o:linux:linux_kernel:2.1.113 cpe:/o:linux:linux_kernel:2.1.114 cpe:/o:linux:linux_kernel:2.1.115 cpe:/o:linux:linux_kernel:2.1.116 cpe:/o:linux:linux_kernel:2.1.117 cpe:/o:linux:linux_kernel:2.1.118 cpe:/o:linux:linux_kernel:2.1.119 cpe:/o:linux:linux_kernel:2.1.120 cpe:/o:linux:linux_kernel:2.1.121 cpe:/o:linux:linux_kernel:2.1.122 cpe:/o:linux:linux_kernel:2.1.123 cpe:/o:linux:linux_kernel:2.1.124 cpe:/o:linux:linux_kernel:2.1.125 cpe:/o:linux:linux_kernel:2.1.126 cpe:/o:linux:linux_kernel:2.1.127 cpe:/o:linux:linux_kernel:2.1.128 cpe:/o:linux:linux_kernel:2.1.129 cpe:/o:linux:linux_kernel:2.1.130 cpe:/o:linux:linux_kernel:2.1.131 cpe:/o:linux:linux_kernel:2.1.132 cpe:/o:linux:linux_kernel:2.2.0 cpe:/o:linux:linux_kernel:2.2.1 cpe:/o:linux:linux_kernel:2.2.2 cpe:/o:linux:linux_kernel:2.2.3 cpe:/o:linux:linux_kernel:2.2.4 cpe:/o:linux:linux_kernel:2.2.4:rc1 cpe:/o:linux:linux_kernel:2.2.5 cpe:/o:linux:linux_kernel:2.2.6 cpe:/o:linux:linux_kernel:2.2.7 cpe:/o:linux:linux_kernel:2.2.8 cpe:/o:linux:linux_kernel:2.2.9 cpe:/o:linux:linux_kernel:2.2.10 cpe:/o:linux:linux_kernel:2.2.11 cpe:/o:linux:linux_kernel:2.2.12 cpe:/o:linux:linux_kernel:2.2.13 cpe:/o:linux:linux_kernel:2.2.13:pre15 cpe:/o:linux:linux_kernel:2.2.14 cpe:/o:linux:linux_kernel:2.2.15 cpe:/o:linux:linux_kernel:2.2.15:pre16 cpe:/o:linux:linux_kernel:2.2.16 cpe:/o:linux:linux_kernel:2.2.16:pre5 cpe:/o:linux:linux_kernel:2.2.16:pre6 cpe:/o:linux:linux_kernel:2.2.17 cpe:/o:linux:linux_kernel:2.2.17:pre14 cpe:/o:linux:linux_kernel:2.2.18 cpe:/o:linux:linux_kernel:2.2.19 cpe:/o:linux:linux_kernel:2.2.20 cpe:/o:linux:linux_kernel:2.2.21 cpe:/o:linux:linux_kernel:2.2.21:pre1 cpe:/o:linux:linux_kernel:2.2.21:pre2 cpe:/o:linux:linux_kernel:2.2.21:pre3 cpe:/o:linux:linux_kernel:2.2.21:pre4 cpe:/o:linux:linux_kernel:2.2.21:rc1 cpe:/o:linux:linux_kernel:2.2.21:rc2 cpe:/o:linux:linux_kernel:2.2.21:rc3 cpe:/o:linux:linux_kernel:2.2.21:rc4 cpe:/o:linux:linux_kernel:2.2.22 cpe:/o:linux:linux_kernel:2.2.22:rc1 cpe:/o:linux:linux_kernel:2.2.22:rc2 cpe:/o:linux:linux_kernel:2.2.22:rc3 cpe:/o:linux:linux_kernel:2.2.23 cpe:/o:linux:linux_kernel:2.2.23:rc1 cpe:/o:linux:linux_kernel:2.2.23:rc2 cpe:/o:linux:linux_kernel:2.2.24 cpe:/o:linux:linux_kernel:2.2.24:rc2 cpe:/o:linux:linux_kernel:2.2.24:rc3 cpe:/o:linux:linux_kernel:2.2.24:rc4 cpe:/o:linux:linux_kernel:2.2.24:rc5 cpe:/o:linux:linux_kernel:2.2.25 cpe:/o:linux:linux_kernel:2.2.26 cpe:/o:linux:linux_kernel:2.2.27:pre1 cpe:/o:linux:linux_kernel:2.2.27:pre2 cpe:/o:linux:linux_kernel:2.2.27:rc1 cpe:/o:linux:linux_kernel:2.2.27:rc2 cpe:/o:linux:linux_kernel:2.3.0 cpe:/o:linux:linux_kernel:2.3.1 cpe:/o:linux:linux_kernel:2.3.2 cpe:/o:linux:linux_kernel:2.3.3 cpe:/o:linux:linux_kernel:2.3.4 cpe:/o:linux:linux_kernel:2.3.5 cpe:/o:linux:linux_kernel:2.3.6 cpe:/o:linux:linux_kernel:2.3.7 cpe:/o:linux:linux_kernel:2.3.8 cpe:/o:linux:linux_kernel:2.3.9 cpe:/o:linux:linux_kernel:2.3.10 cpe:/o:linux:linux_kernel:2.3.11 cpe:/o:linux:linux_kernel:2.3.12 cpe:/o:linux:linux_kernel:2.3.13 cpe:/o:linux:linux_kernel:2.3.14 cpe:/o:linux:linux_kernel:2.3.15 cpe:/o:linux:linux_kernel:2.3.16 cpe:/o:linux:linux_kernel:2.3.17 cpe:/o:linux:linux_kernel:2.3.18 cpe:/o:linux:linux_kernel:2.3.19 cpe:/o:linux:linux_kernel:2.3.20 cpe:/o:linux:linux_kernel:2.3.21 cpe:/o:linux:linux_kernel:2.3.22 cpe:/o:linux:linux_kernel:2.3.23 cpe:/o:linux:linux_kernel:2.3.24 cpe:/o:linux:linux_kernel:2.3.25 cpe:/o:linux:linux_kernel:2.3.26 cpe:/o:linux:linux_kernel:2.3.27 cpe:/o:linux:linux_kernel:2.3.28 cpe:/o:linux:linux_kernel:2.3.29 cpe:/o:linux:linux_kernel:2.3.30 cpe:/o:linux:linux_kernel:2.3.31 cpe:/o:linux:linux_kernel:2.3.32 cpe:/o:linux:linux_kernel:2.3.33 cpe:/o:linux:linux_kernel:2.3.34 cpe:/o:linux:linux_kernel:2.3.35 cpe:/o:linux:linux_kernel:2.3.36 cpe:/o:linux:linux_kernel:2.3.37 cpe:/o:linux:linux_kernel:2.3.38 cpe:/o:linux:linux_kernel:2.3.39 cpe:/o:linux:linux_kernel:2.3.40 cpe:/o:linux:linux_kernel:2.3.41 cpe:/o:linux:linux_kernel:2.3.42 cpe:/o:linux:linux_kernel:2.3.43 cpe:/o:linux:linux_kernel:2.3.44 cpe:/o:linux:linux_kernel:2.3.45 cpe:/o:linux:linux_kernel:2.3.46 cpe:/o:linux:linux_kernel:2.3.47 cpe:/o:linux:linux_kernel:2.3.48 cpe:/o:linux:linux_kernel:2.3.49 cpe:/o:linux:linux_kernel:2.3.50 cpe:/o:linux:linux_kernel:2.3.51 cpe:/o:linux:linux_kernel:2.3.99 cpe:/o:linux:linux_kernel:2.3.99:pre1 cpe:/o:linux:linux_kernel:2.3.99:pre2 cpe:/o:linux:linux_kernel:2.3.99:pre3 cpe:/o:linux:linux_kernel:2.3.99:pre4 cpe:/o:linux:linux_kernel:2.3.99:pre5 cpe:/o:linux:linux_kernel:2.3.99:pre6 cpe:/o:linux:linux_kernel:2.3.99:pre7 cpe:/o:linux:linux_kernel:2.3.99:pre8 cpe:/o:linux:linux_kernel:2.3.99:pre9 cpe:/o:linux:linux_kernel:2.4.0 cpe:/o:linux:linux_kernel:2.4.0:test1 cpe:/o:linux:linux_kernel:2.4.0:test10 cpe:/o:linux:linux_kernel:2.4.0:test11 cpe:/o:linux:linux_kernel:2.4.0:test12 cpe:/o:linux:linux_kernel:2.4.0:test2 cpe:/o:linux:linux_kernel:2.4.0:test3 cpe:/o:linux:linux_kernel:2.4.0:test4 cpe:/o:linux:linux_kernel:2.4.0:test5 cpe:/o:linux:linux_kernel:2.4.0:test6 cpe:/o:linux:linux_kernel:2.4.0:test7 cpe:/o:linux:linux_kernel:2.4.0:test8 cpe:/o:linux:linux_kernel:2.4.0:test9 cpe:/o:linux:linux_kernel:2.4.1 cpe:/o:linux:linux_kernel:2.4.2 cpe:/o:linux:linux_kernel:2.4.3 cpe:/o:linux:linux_kernel:2.4.3:pre3 cpe:/o:linux:linux_kernel:2.4.4 cpe:/o:linux:linux_kernel:2.4.5 cpe:/o:linux:linux_kernel:2.4.6 cpe:/o:linux:linux_kernel:2.4.7 cpe:/o:linux:linux_kernel:2.4.8 cpe:/o:linux:linux_kernel:2.4.9 cpe:/o:linux:linux_kernel:2.4.10 cpe:/o:linux:linux_kernel:2.4.11 cpe:/o:linux:linux_kernel:2.4.11:pre3 cpe:/o:linux:linux_kernel:2.4.12 cpe:/o:linux:linux_kernel:2.4.13 cpe:/o:linux:linux_kernel:2.4.14 cpe:/o:linux:linux_kernel:2.4.15 cpe:/o:linux:linux_kernel:2.4.16 cpe:/o:linux:linux_kernel:2.4.17 cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4.18:pre1 cpe:/o:linux:linux_kernel:2.4.18:pre2 cpe:/o:linux:linux_kernel:2.4.18:pre3 cpe:/o:linux:linux_kernel:2.4.18:pre4 cpe:/o:linux:linux_kernel:2.4.18:pre5 cpe:/o:linux:linux_kernel:2.4.18:pre6 cpe:/o:linux:linux_kernel:2.4.18:pre7 cpe:/o:linux:linux_kernel:2.4.18:pre8 cpe:/o:linux:linux_kernel:2.4.18:pre9 cpe:/o:linux:linux_kernel:2.4.19 cpe:/o:linux:linux_kernel:2.4.19:pre1 cpe:/o:linux:linux_kernel:2.4.19:pre2 cpe:/o:linux:linux_kernel:2.4.19:pre3 cpe:/o:linux:linux_kernel:2.4.19:pre4 cpe:/o:linux:linux_kernel:2.4.19:pre5 cpe:/o:linux:linux_kernel:2.4.19:pre6 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.4.21:pre1 cpe:/o:linux:linux_kernel:2.4.21:pre4 cpe:/o:linux:linux_kernel:2.4.21:pre7 cpe:/o:linux:linux_kernel:2.4.22 cpe:/o:linux:linux_kernel:2.4.22:pre10 cpe:/o:linux:linux_kernel:2.4.23 cpe:/o:linux:linux_kernel:2.4.23:pre9 cpe:/o:linux:linux_kernel:2.4.24 cpe:/o:linux:linux_kernel:2.4.25 cpe:/o:linux:linux_kernel:2.4.26 cpe:/o:linux:linux_kernel:2.4.27 cpe:/o:linux:linux_kernel:2.4.27:pre1 cpe:/o:linux:linux_kernel:2.4.27:pre2 cpe:/o:linux:linux_kernel:2.4.27:pre3 cpe:/o:linux:linux_kernel:2.4.27:pre4 cpe:/o:linux:linux_kernel:2.4.27:pre5 cpe:/o:linux:linux_kernel:2.4.28 cpe:/o:linux:linux_kernel:2.4.29 cpe:/o:linux:linux_kernel:2.4.29:rc1 cpe:/o:linux:linux_kernel:2.4.29:rc2 cpe:/o:linux:linux_kernel:2.4.30 cpe:/o:linux:linux_kernel:2.4.30:rc2 cpe:/o:linux:linux_kernel:2.4.30:rc3 cpe:/o:linux:linux_kernel:2.4.31 cpe:/o:linux:linux_kernel:2.4.31:pre1 cpe:/o:linux:linux_kernel:2.4.32 cpe:/o:linux:linux_kernel:2.4.32:pre1 cpe:/o:linux:linux_kernel:2.4.32:pre2 cpe:/o:linux:linux_kernel:2.4.33 cpe:/o:linux:linux_kernel:2.4.33:pre1 cpe:/o:linux:linux_kernel:2.4.33.1 cpe:/o:linux:linux_kernel:2.4.33.2 cpe:/o:linux:linux_kernel:2.4.33.3 cpe:/o:linux:linux_kernel:2.4.33.4 cpe:/o:linux:linux_kernel:2.4.33.5 cpe:/o:linux:linux_kernel:2.4.34 cpe:/o:linux:linux_kernel:2.4.34:rc3 cpe:/o:linux:linux_kernel:2.4.34.1 cpe:/o:linux:linux_kernel:2.4.34.2 cpe:/o:linux:linux_kernel:2.4.35 cpe:/o:linux:linux_kernel:2.4.35.2 cpe:/o:linux:linux_kernel:2.5.0 cpe:/o:linux:linux_kernel:2.5.1 cpe:/o:linux:linux_kernel:2.5.2 cpe:/o:linux:linux_kernel:2.5.3 cpe:/o:linux:linux_kernel:2.5.4 cpe:/o:linux:linux_kernel:2.5.5 cpe:/o:linux:linux_kernel:2.5.6 cpe:/o:linux:linux_kernel:2.5.7 cpe:/o:linux:linux_kernel:2.5.8 cpe:/o:linux:linux_kernel:2.5.9 cpe:/o:linux:linux_kernel:2.5.10 cpe:/o:linux:linux_kernel:2.5.11 cpe:/o:linux:linux_kernel:2.5.12 cpe:/o:linux:linux_kernel:2.5.13 cpe:/o:linux:linux_kernel:2.5.14 cpe:/o:linux:linux_kernel:2.5.15 cpe:/o:linux:linux_kernel:2.5.16 cpe:/o:linux:linux_kernel:2.5.17 cpe:/o:linux:linux_kernel:2.5.18 cpe:/o:linux:linux_kernel:2.5.19 cpe:/o:linux:linux_kernel:2.5.20 cpe:/o:linux:linux_kernel:2.5.21 cpe:/o:linux:linux_kernel:2.5.22 cpe:/o:linux:linux_kernel:2.5.23 cpe:/o:linux:linux_kernel:2.5.24 cpe:/o:linux:linux_kernel:2.5.25 cpe:/o:linux:linux_kernel:2.5.26 cpe:/o:linux:linux_kernel:2.5.27 cpe:/o:linux:linux_kernel:2.5.28 cpe:/o:linux:linux_kernel:2.5.29 cpe:/o:linux:linux_kernel:2.5.30 cpe:/o:linux:linux_kernel:2.5.31 cpe:/o:linux:linux_kernel:2.5.32 cpe:/o:linux:linux_kernel:2.5.33 cpe:/o:linux:linux_kernel:2.5.34 cpe:/o:linux:linux_kernel:2.5.35 cpe:/o:linux:linux_kernel:2.5.36 cpe:/o:linux:linux_kernel:2.5.37 cpe:/o:linux:linux_kernel:2.5.38 cpe:/o:linux:linux_kernel:2.5.39 cpe:/o:linux:linux_kernel:2.5.40 cpe:/o:linux:linux_kernel:2.5.41 cpe:/o:linux:linux_kernel:2.5.42 cpe:/o:linux:linux_kernel:2.5.43 cpe:/o:linux:linux_kernel:2.5.44 cpe:/o:linux:linux_kernel:2.5.45 cpe:/o:linux:linux_kernel:2.5.46 cpe:/o:linux:linux_kernel:2.5.47 cpe:/o:linux:linux_kernel:2.5.48 cpe:/o:linux:linux_kernel:2.5.49 cpe:/o:linux:linux_kernel:2.5.50 cpe:/o:linux:linux_kernel:2.5.51 cpe:/o:linux:linux_kernel:2.5.52 cpe:/o:linux:linux_kernel:2.5.53 cpe:/o:linux:linux_kernel:2.5.54 cpe:/o:linux:linux_kernel:2.5.55 cpe:/o:linux:linux_kernel:2.5.56 cpe:/o:linux:linux_kernel:2.5.57 cpe:/o:linux:linux_kernel:2.5.58 cpe:/o:linux:linux_kernel:2.5.59 cpe:/o:linux:linux_kernel:2.5.60 cpe:/o:linux:linux_kernel:2.5.61 cpe:/o:linux:linux_kernel:2.5.62 cpe:/o:linux:linux_kernel:2.5.63 cpe:/o:linux:linux_kernel:2.5.64 cpe:/o:linux:linux_kernel:2.5.65 cpe:/o:linux:linux_kernel:2.5.66 cpe:/o:linux:linux_kernel:2.5.67 cpe:/o:linux:linux_kernel:2.5.68 cpe:/o:linux:linux_kernel:2.5.69 cpe:/o:linux:linux_kernel:2.5.75 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.0:test1 cpe:/o:linux:linux_kernel:2.6.0:test10 cpe:/o:linux:linux_kernel:2.6.0:test11 cpe:/o:linux:linux_kernel:2.6.0:test2 cpe:/o:linux:linux_kernel:2.6.0:test3 cpe:/o:linux:linux_kernel:2.6.0:test4 cpe:/o:linux:linux_kernel:2.6.0:test5 cpe:/o:linux:linux_kernel:2.6.0:test6 cpe:/o:linux:linux_kernel:2.6.0:test7 cpe:/o:linux:linux_kernel:2.6.0:test8 cpe:/o:linux:linux_kernel:2.6.0:test9 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.1:rc1 cpe:/o:linux:linux_kernel:2.6.1:rc2 cpe:/o:linux:linux_kernel:2.6.1:rc3 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.2:rc1 cpe:/o:linux:linux_kernel:2.6.2:rc2 cpe:/o:linux:linux_kernel:2.6.2:rc3 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.3:rc1 cpe:/o:linux:linux_kernel:2.6.3:rc2 cpe:/o:linux:linux_kernel:2.6.3:rc3 cpe:/o:linux:linux_kernel:2.6.3:rc4 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.4:rc1 cpe:/o:linux:linux_kernel:2.6.4:rc2 cpe:/o:linux:linux_kernel:2.6.4:rc3 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.5:rc1 cpe:/o:linux:linux_kernel:2.6.5:rc2 cpe:/o:linux:linux_kernel:2.6.5:rc3 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.6:rc1 cpe:/o:linux:linux_kernel:2.6.6:rc2 cpe:/o:linux:linux_kernel:2.6.6:rc3 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.7:rc1 cpe:/o:linux:linux_kernel:2.6.7:rc2 cpe:/o:linux:linux_kernel:2.6.7:rc3 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.8:rc1 cpe:/o:linux:linux_kernel:2.6.8:rc2 cpe:/o:linux:linux_kernel:2.6.8:rc3 cpe:/o:linux:linux_kernel:2.6.8:rc4 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.9 cpe:/o:linux:linux_kernel:2.6.9:final cpe:/o:linux:linux_kernel:2.6.9:rc1 cpe:/o:linux:linux_kernel:2.6.9:rc2 cpe:/o:linux:linux_kernel:2.6.9:rc3 cpe:/o:linux:linux_kernel:2.6.9:rc4 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.10:rc1 cpe:/o:linux:linux_kernel:2.6.10:rc2 cpe:/o:linux:linux_kernel:2.6.10:rc3 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11:rc1 cpe:/o:linux:linux_kernel:2.6.11:rc2 cpe:/o:linux:linux_kernel:2.6.11:rc3 cpe:/o:linux:linux_kernel:2.6.11:rc4 cpe:/o:linux:linux_kernel:2.6.11:rc5 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12:rc1 cpe:/o:linux:linux_kernel:2.6.12:rc2 cpe:/o:linux:linux_kernel:2.6.12:rc3 cpe:/o:linux:linux_kernel:2.6.12:rc4 cpe:/o:linux:linux_kernel:2.6.12:rc5 cpe:/o:linux:linux_kernel:2.6.12:rc6 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13:rc1 cpe:/o:linux:linux_kernel:2.6.13:rc2 cpe:/o:linux:linux_kernel:2.6.13:rc3 cpe:/o:linux:linux_kernel:2.6.13:rc4 cpe:/o:linux:linux_kernel:2.6.13:rc5 cpe:/o:linux:linux_kernel:2.6.13:rc6 cpe:/o:linux:linux_kernel:2.6.13:rc7 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.6.14:rc5 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.6.15:rc2 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.6.15:rc4 cpe:/o:linux:linux_kernel:2.6.15:rc5 cpe:/o:linux:linux_kernel:2.6.15:rc6 cpe:/o:linux:linux_kernel:2.6.15:rc7 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.15.8 cpe:/o:linux:linux_kernel:2.6.15.9 cpe:/o:linux:linux_kernel:2.6.15.10 cpe:/o:linux:linux_kernel:2.6.15.11 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16:rc1 cpe:/o:linux:linux_kernel:2.6.16:rc2 cpe:/o:linux:linux_kernel:2.6.16:rc3 cpe:/o:linux:linux_kernel:2.6.16:rc4 cpe:/o:linux:linux_kernel:2.6.16:rc5 cpe:/o:linux:linux_kernel:2.6.16:rc6 cpe:/o:linux:linux_kernel:2.6.16:rc7 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17:rc1 cpe:/o:linux:linux_kernel:2.6.17:rc2 cpe:/o:linux:linux_kernel:2.6.17:rc3 cpe:/o:linux:linux_kernel:2.6.17:rc4 cpe:/o:linux:linux_kernel:2.6.17:rc5 cpe:/o:linux:linux_kernel:2.6.17:rc6 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19:rc1 cpe:/o:linux:linux_kernel:2.6.19:rc2 cpe:/o:linux:linux_kernel:2.6.19:rc3 cpe:/o:linux:linux_kernel:2.6.19:rc4 cpe:/o:linux:linux_kernel:2.6.19:rc5 cpe:/o:linux:linux_kernel:2.6.19:rc6 cpe:/o:linux:linux_kernel:2.6.19.0 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.20:rc1 cpe:/o:linux:linux_kernel:2.6.20:rc2 cpe:/o:linux:linux_kernel:2.6.20:rc3 cpe:/o:linux:linux_kernel:2.6.20:rc4 cpe:/o:linux:linux_kernel:2.6.20:rc5 cpe:/o:linux:linux_kernel:2.6.20:rc6 cpe:/o:linux:linux_kernel:2.6.20:rc7 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.12 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.21:git1 cpe:/o:linux:linux_kernel:2.6.21:git2 cpe:/o:linux:linux_kernel:2.6.21:git3 cpe:/o:linux:linux_kernel:2.6.21:git4 cpe:/o:linux:linux_kernel:2.6.21:git5 cpe:/o:linux:linux_kernel:2.6.21:git6 cpe:/o:linux:linux_kernel:2.6.21:git7 cpe:/o:linux:linux_kernel:2.6.21:rc1 cpe:/o:linux:linux_kernel:2.6.21:rc2 cpe:/o:linux:linux_kernel:2.6.21:rc3 cpe:/o:linux:linux_kernel:2.6.21:rc4 cpe:/o:linux:linux_kernel:2.6.21:rc5 cpe:/o:linux:linux_kernel:2.6.21:rc6 cpe:/o:linux:linux_kernel:2.6.21:rc7 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22:rc1 cpe:/o:linux:linux_kernel:2.6.22:rc2 cpe:/o:linux:linux_kernel:2.6.22:rc3 cpe:/o:linux:linux_kernel:2.6.22:rc4 cpe:/o:linux:linux_kernel:2.6.22:rc5 cpe:/o:linux:linux_kernel:2.6.22:rc6 cpe:/o:linux:linux_kernel:2.6.22:rc7 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.23:rc3 cpe:/o:linux:linux_kernel:2.6.23:rc4 cpe:/o:linux:linux_kernel:2.6.23:rc5 cpe:/o:linux:linux_kernel:2.6.23:rc6 cpe:/o:linux:linux_kernel:2.6.23:rc7 cpe:/o:linux:linux_kernel:2.6.23:rc8 cpe:/o:linux:linux_kernel:2.6.23:rc9 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24:rc1 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.24:rc4 cpe:/o:linux:linux_kernel:2.6.24:rc5 cpe:/o:linux:linux_kernel:2.6.24:rc6 cpe:/o:linux:linux_kernel:2.6.24:rc7 cpe:/o:linux:linux_kernel:2.6.24:rc8 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25:rc1 cpe:/o:linux:linux_kernel:2.6.25:rc2 cpe:/o:linux:linux_kernel:2.6.25:rc3 cpe:/o:linux:linux_kernel:2.6.25:rc4 cpe:/o:linux:linux_kernel:2.6.25:rc5 cpe:/o:linux:linux_kernel:2.6.25:rc6 cpe:/o:linux:linux_kernel:2.6.25:rc7 cpe:/o:linux:linux_kernel:2.6.25:rc8 cpe:/o:linux:linux_kernel:2.6.25:rc9 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.25.18 cpe:/o:linux:linux_kernel:2.6.25.19 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.26:rc1 cpe:/o:linux:linux_kernel:2.6.26:rc2 cpe:/o:linux:linux_kernel:2.6.26:rc3 cpe:/o:linux:linux_kernel:2.6.26:rc4 cpe:/o:linux:linux_kernel:2.6.26:rc5 cpe:/o:linux:linux_kernel:2.6.26:rc6 cpe:/o:linux:linux_kernel:2.6.26:rc7 cpe:/o:linux:linux_kernel:2.6.26:rc8 cpe:/o:linux:linux_kernel:2.6.26:rc9 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.26.6 cpe:/o:linux:linux_kernel:2.6.26.7 cpe:/o:linux:linux_kernel:2.6.26.8 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27:rc1 cpe:/o:linux:linux_kernel:2.6.27:rc2 cpe:/o:linux:linux_kernel:2.6.27:rc3 cpe:/o:linux:linux_kernel:2.6.27:rc4 cpe:/o:linux:linux_kernel:2.6.27:rc5 cpe:/o:linux:linux_kernel:2.6.27:rc6 cpe:/o:linux:linux_kernel:2.6.27:rc7 cpe:/o:linux:linux_kernel:2.6.27:rc8 cpe:/o:linux:linux_kernel:2.6.27:rc9 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28:rc1 cpe:/o:linux:linux_kernel:2.6.28:rc2 cpe:/o:linux:linux_kernel:2.6.28:rc3 cpe:/o:linux:linux_kernel:2.6.28:rc4 cpe:/o:linux:linux_kernel:2.6.28:rc5 cpe:/o:linux:linux_kernel:2.6.28:rc6 cpe:/o:linux:linux_kernel:2.6.28:rc7 cpe:/o:linux:linux_kernel:2.6.28:rc8 cpe:/o:linux:linux_kernel:2.6.28:rc9 cpe:/o:linux:linux_kernel:2.6.28.1 CVE-2009-0322 2009-01-28T13:30:00.267-05:00 2018-11-08T15:20:26.613-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2018-11-07T10:04:41.093-05:00 CONFIRM http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=81156928f8fe31621e467490b9d441c0285998c3 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.13 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.2 SUSE SUSE-SA:2009:010 SUSE SUSE-SA:2009:030 SUSE SUSE-SA:2009:031 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm DEBIAN DSA-1749 DEBIAN DSA-1787 DEBIAN DSA-1794 REDHAT RHSA-2009:0326 REDHAT RHSA-2009:0331 REDHAT RHSA-2009:0360 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 33428 UBUNTU USN-751-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-3316 drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. cpe:/a:w3:amaya:0.9 cpe:/a:w3:amaya:0.95b cpe:/a:w3:amaya:1.0 cpe:/a:w3:amaya:1.0a cpe:/a:w3:amaya:1.1 cpe:/a:w3:amaya:1.1a cpe:/a:w3:amaya:1.1c cpe:/a:w3:amaya:1.2 cpe:/a:w3:amaya:1.2a cpe:/a:w3:amaya:1.3 cpe:/a:w3:amaya:1.3a cpe:/a:w3:amaya:1.3b cpe:/a:w3:amaya:1.4 cpe:/a:w3:amaya:1.4a cpe:/a:w3:amaya:2.0 cpe:/a:w3:amaya:2.1 cpe:/a:w3:amaya:2.2 cpe:/a:w3:amaya:2.3 cpe:/a:w3:amaya:2.4 cpe:/a:w3:amaya:3.0 cpe:/a:w3:amaya:3.1 cpe:/a:w3:amaya:3.2 cpe:/a:w3:amaya:3.2.1 cpe:/a:w3:amaya:4.0 cpe:/a:w3:amaya:4.1 cpe:/a:w3:amaya:4.2 cpe:/a:w3:amaya:4.2.1 cpe:/a:w3:amaya:4.3 cpe:/a:w3:amaya:4.3.1 cpe:/a:w3:amaya:4.3.2 cpe:/a:w3:amaya:5.0 cpe:/a:w3:amaya:5.1 cpe:/a:w3:amaya:5.2 cpe:/a:w3:amaya:5.3 cpe:/a:w3:amaya:6.0 cpe:/a:w3:amaya:6.1 cpe:/a:w3:amaya:6.2 cpe:/a:w3:amaya:6.3 cpe:/a:w3:amaya:6.4 cpe:/a:w3:amaya:7.0 cpe:/a:w3:amaya:7.1 cpe:/a:w3:amaya:7.2 cpe:/a:w3:amaya:8.0 cpe:/a:w3:amaya:8.1 cpe:/a:w3:amaya:8.1a cpe:/a:w3:amaya:8.1b cpe:/a:w3:amaya:8.2 cpe:/a:w3:amaya:8.3 cpe:/a:w3:amaya:8.4 cpe:/a:w3:amaya:8.5 cpe:/a:w3:amaya:8.6 cpe:/a:w3:amaya:8.7 cpe:/a:w3:amaya:8.7.1 cpe:/a:w3:amaya:8.7.2 cpe:/a:w3:amaya:8.8.1 cpe:/a:w3:amaya:8.8.3 cpe:/a:w3:amaya:8.8.4 cpe:/a:w3:amaya:8.8.5 cpe:/a:w3:amaya:8.52 cpe:/a:w3:amaya:9.0 cpe:/a:w3:amaya:9.1 cpe:/a:w3:amaya:9.2.1 cpe:/a:w3:amaya:9.3 cpe:/a:w3:amaya:9.4 cpe:/a:w3:amaya:9.5 cpe:/a:w3:amaya:9.52 cpe:/a:w3:amaya:9.53 cpe:/a:w3:amaya:9.54 cpe:/a:w3:amaya:9.55 cpe:/a:w3:amaya:10.0 cpe:/a:w3:amaya:11.0 CVE-2009-0323 2009-01-28T15:30:03.920-05:00 2018-10-11T17:01:21.350-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://www.coresecurity.com/content/amaya-buffer-overflows BUGTRAQ 20090128 CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities XF amaya-html-tags-bo(48325) EXPLOIT-DB 7902 Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005. cpe:/a:bibciter:bibciter:1.4 CVE-2009-0324 2009-01-29T13:30:00.203-05:00 2017-09-28T21:33:44.763-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://bibciter.sourceforge.net/?p=35 BID 33329 XF bibciter-projects-sql-injection(48080) EXPLOIT-DB 7814 Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php. cpe:/a:ninjadesigns:ninja_blog:4.8 CVE-2009-0325 2009-01-29T13:30:02.420-05:00 2017-09-28T21:33:44.827-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://www.push55.co.uk/index.php?s=ad&id=6 BID 33351 EXPLOIT-DB 7831 MISC https://www.push55.co.uk/poclibrary/ninjadesignscouk-1.txt Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter. cpe:/a:dark_age_cms:dark_age_cms:0.2c:beta CVE-2009-0326 2009-01-29T13:30:02.437-05:00 2017-08-07T21:33:53.533-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33271 XF darkagecms-login-sql-injection(48095) SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:seraphimtech:free_bible_search_php_script:1.0 CVE-2009-0327 2009-01-29T13:30:02.467-05:00 2017-09-28T21:33:44.887-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov MISC http://freshmeat.net/projects/freebiblesearch/?branch_id=77256&release_id=292446 BID 33301 CONFIRM http://www.seraphimtech.net/repository/Changes.txt EXPLOIT-DB 7798 SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter. cpe:/a:robs-projects:digital_sales_ipn:_nil_ CVE-2009-0328 2009-01-29T13:30:02.483-05:00 2017-09-28T21:33:44.933-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov XF digitalsales-sales-information-disclosure(48082) EXPLOIT-DB 7816 ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb. cpe:/a:joomla:com_pccookbook CVE-2009-0329 2009-01-29T13:30:02.500-05:00 2017-09-28T21:33:44.997-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33346 XF pccookbook-recipeid-sql-injection(48088) EXPLOIT-DB 7824 SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844. cpe:/a:wss-pro:scms:1 CVE-2009-0330 2009-01-29T13:30:02.517-05:00 2017-09-28T21:33:45.060-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33330 XF scms-index-file-include(48081) EXPLOIT-DB 7818 Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. cpe:/a:quirm:espg:1.72 CVE-2009-0331 2009-01-29T13:30:02.547-05:00 2017-09-28T21:33:45.107-04:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov BID 33335 XF espg-comment-directory-traversal(48087) EXPLOIT-DB 7819 Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG. cpe:/a:avbooklibrary:avbooklibrary:1.0.0 cpe:/a:avbooklibrary:avbooklibrary:1.0.1 cpe:/a:avbooklibrary:avbooklibrary:1.0.2 CVE-2009-0332 2009-01-29T13:30:02.563-05:00 2017-08-07T21:33:53.783-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://sourceforge.net/project/shownotes.php?release_id=654214 CONFIRM http://sourceforge.net/tracker/index.php?func=detail&aid=2219743&group_id=209711&atid=1010816 XF avbook-edit-sql-injection(48084) Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components. cpe:/a:joomla:com_waticketsystem CVE-2009-0333 2009-01-29T13:30:02.577-05:00 2017-10-18T21:30:17.223-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33353 EXPLOIT-DB 7833 SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. cpe:/a:katywhitton:blogit%21:_nil_ CVE-2009-0334 2009-01-29T13:30:02.593-05:00 2017-09-28T21:33:45.167-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33325 XF blogit-index-sql-injection(48074) EXPLOIT-DB 7806 SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action. cpe:/a:katywhitton:blogit%21:_nil_ CVE-2009-0335 2009-01-29T13:30:02.627-05:00 2017-09-28T21:33:45.217-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33325 XF blogit-index-xss(48073) EXPLOIT-DB 7806 Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter. cpe:/a:katywhitton:blogit%21:_nil_ CVE-2009-0336 2009-01-29T13:30:02.640-05:00 2017-09-28T21:33:45.277-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov XF blogit-blog-information-disclosure(48075) EXPLOIT-DB 7806 Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information. cpe:/a:katywhitton:blogit%21:_nil_ CVE-2009-0337 2009-01-29T13:30:02.657-05:00 2017-09-28T21:33:45.340-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS EXPLOIT-DB 7806 SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:dmxready:blog_manager:_nil CVE-2009-0338 2009-01-29T13:30:02.670-05:00 2018-10-11T17:01:21.883-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov MISC http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12 BUGTRAQ 20090116 DMXReady Blog Manager (SQL/XSS) BID 33314 XF blogmanager-incwebblogmanager-xss(48053) Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action. cpe:/a:dmxready:blog_manager:_nil_ CVE-2009-0339 2009-01-29T13:30:02.703-05:00 2018-10-11T17:01:22.320-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12 BUGTRAQ 20090116 DMXReady Blog Manager (SQL/XSS) BID 33314 XF blogmanager-incwebblogmanager-sql-injection(48054) SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action. cpe:/a:quirm:simple_php_newsletter:1.5 CVE-2009-0340 2009-01-29T13:30:02.717-05:00 2017-09-28T21:33:45.387-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33327 XF simplephpnewsletter-mail-file-include(48089) EXPLOIT-DB 7813 Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php. cpe:/a:microsoft:internet_explorer:7 CVE-2009-0341 2009-01-29T14:30:00.250-05:00 2018-10-11T17:01:23.197-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090128 Internet explorer 7.0 stack overflow BID 33494 The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. cpe:/a:provos:systrace:1.1 cpe:/a:provos:systrace:1.2 cpe:/a:provos:systrace:1.3 cpe:/a:provos:systrace:1.4 cpe:/a:provos:systrace:1.5 cpe:/a:provos:systrace:1.6 cpe:/a:provos:systrace:1.6a cpe:/a:provos:systrace:1.6b cpe:/a:provos:systrace:1.6c cpe:/a:provos:systrace:1.6d cpe:/a:provos:systrace:1.6e CVE-2009-0342 2009-01-29T14:30:00.280-05:00 2018-10-11T17:01:23.413-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://scary.beasts.org/security/CESA-2009-001.html MISC http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html CONFIRM http://www.citi.umich.edu/u/provos/systrace/ BUGTRAQ 20090123 Problems with syscall filtering technologies on Linux BID 33417 Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall. cpe:/a:niels_provos:systrace:1.1 cpe:/a:niels_provos:systrace:1.2 cpe:/a:niels_provos:systrace:1.3 cpe:/a:niels_provos:systrace:1.4 cpe:/a:niels_provos:systrace:1.5 cpe:/a:niels_provos:systrace:1.6 cpe:/a:niels_provos:systrace:1.6a cpe:/a:niels_provos:systrace:1.6b cpe:/a:niels_provos:systrace:1.6c cpe:/a:niels_provos:systrace:1.6d cpe:/a:niels_provos:systrace:1.6e CVE-2009-0343 2009-01-29T14:30:00.313-05:00 2018-10-11T17:01:23.850-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://scary.beasts.org/security/CESA-2009-001.html MISC http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html MISC http://www.citi.umich.edu/u/provos/systrace/ BUGTRAQ 20090123 Problems with syscall filtering technologies on Linux BID 33417 Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes. cpe:/h:sun:fire_x2100_m2:3.19:-:x86 cpe:/h:sun:fire_x2200_m2:2.19:-:x86 CVE-2009-0344 2009-01-29T14:30:00.327-05:00 2018-10-30T12:25:49.950-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUNALERT 239886 BID 33506 SECTRACK 1021646 VUPEN ADV-2009-0281 XF sunfire-elom-unauth-access(48329) Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717. cpe:/h:sun:fire_x2100_m2:3.19:-:x86 cpe:/h:sun:fire_x2200_m2:2.19:-:x86 CVE-2009-0345 2009-01-29T14:30:00.343-05:00 2018-10-30T12:25:49.950-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUNALERT 239886 BID 33506 SECTRACK 1021646 VUPEN ADV-2009-0281 XF sunfire-elom-unauth-access(48329) Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717. cpe:/o:sun:opensolaris:snv_01::sparc cpe:/o:sun:opensolaris:snv_01::x86 cpe:/o:sun:opensolaris:snv_02::sparc cpe:/o:sun:opensolaris:snv_02::x86 cpe:/o:sun:opensolaris:snv_03::sparc cpe:/o:sun:opensolaris:snv_03::x86 cpe:/o:sun:opensolaris:snv_04::sparc cpe:/o:sun:opensolaris:snv_04::x86 cpe:/o:sun:opensolaris:snv_05::sparc cpe:/o:sun:opensolaris:snv_05::x86 cpe:/o:sun:opensolaris:snv_06::sparc cpe:/o:sun:opensolaris:snv_06::x86 cpe:/o:sun:opensolaris:snv_07::sparc cpe:/o:sun:opensolaris:snv_07::x86 cpe:/o:sun:opensolaris:snv_08::sparc cpe:/o:sun:opensolaris:snv_08::x86 cpe:/o:sun:opensolaris:snv_09::sparc cpe:/o:sun:opensolaris:snv_09::x86 cpe:/o:sun:opensolaris:snv_10::sparc cpe:/o:sun:opensolaris:snv_10::x86 cpe:/o:sun:opensolaris:snv_11::sparc cpe:/o:sun:opensolaris:snv_11::x86 cpe:/o:sun:opensolaris:snv_12::sparc cpe:/o:sun:opensolaris:snv_12::x86 cpe:/o:sun:opensolaris:snv_13::sparc cpe:/o:sun:opensolaris:snv_13::x86 cpe:/o:sun:opensolaris:snv_14::sparc cpe:/o:sun:opensolaris:snv_14::x86 cpe:/o:sun:opensolaris:snv_15::sparc cpe:/o:sun:opensolaris:snv_15::x86 cpe:/o:sun:opensolaris:snv_16::sparc cpe:/o:sun:opensolaris:snv_16::x86 cpe:/o:sun:opensolaris:snv_17::sparc cpe:/o:sun:opensolaris:snv_17::x86 cpe:/o:sun:opensolaris:snv_18::sparc cpe:/o:sun:opensolaris:snv_18::x86 cpe:/o:sun:opensolaris:snv_19::sparc cpe:/o:sun:opensolaris:snv_19::x86 cpe:/o:sun:opensolaris:snv_20::sparc cpe:/o:sun:opensolaris:snv_20::x86 cpe:/o:sun:opensolaris:snv_21::sparc cpe:/o:sun:opensolaris:snv_21::x86 cpe:/o:sun:opensolaris:snv_22::sparc cpe:/o:sun:opensolaris:snv_22::x86 cpe:/o:sun:opensolaris:snv_23::sparc cpe:/o:sun:opensolaris:snv_23::x86 cpe:/o:sun:opensolaris:snv_24::sparc cpe:/o:sun:opensolaris:snv_24::x86 cpe:/o:sun:opensolaris:snv_25::sparc cpe:/o:sun:opensolaris:snv_25::x86 cpe:/o:sun:opensolaris:snv_26::sparc cpe:/o:sun:opensolaris:snv_26::x86 cpe:/o:sun:opensolaris:snv_27::sparc cpe:/o:sun:opensolaris:snv_27::x86 cpe:/o:sun:opensolaris:snv_28::sparc cpe:/o:sun:opensolaris:snv_28::x86 cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_102::sparc cpe:/o:sun:opensolaris:snv_102::x86 cpe:/o:sun:opensolaris:snv_103::sparc cpe:/o:sun:opensolaris:snv_103::x86 cpe:/o:sun:opensolaris:snv_104::sparc cpe:/o:sun:opensolaris:snv_104::x86 cpe:/o:sun:opensolaris:snv_105::sparc cpe:/o:sun:opensolaris:snv_105::x86 cpe:/o:sun:opensolaris:snv_106::sparc cpe:/o:sun:opensolaris:snv_106::x86 cpe:/o:sun:opensolaris:snv_107::sparc cpe:/o:sun:opensolaris:snv_107::x86 cpe:/o:sun:solaris:9::sparc cpe:/o:sun:solaris:9::x86 cpe:/o:sun:solaris:10::sparc cpe:/o:sun:solaris:10::x86 CVE-2009-0346 2009-01-29T14:30:00.360-05:00 2017-09-28T21:33:45.467-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-114344-38-1 SUNALERT 240086 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-043.htm BID 33504 VUPEN ADV-2009-0365 XF solaris-ipinip-dos(48328) The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection. cpe:/a:autonomy:ultraseek:_nil_ CVE-2009-0347 2009-01-29T14:30:00.377-05:00 2017-08-07T21:33:54.330-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov MISC http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html CERT-VN VU#202753 BID 33500 MISC http://www.ultraseek.com/forums/thread.jspa?messageID=9818 XF ultraseek-cs-phishing(48336) Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_10_linux cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_10_sparc cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_10_windows cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_10_x86 cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_8_linux cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_8_sparc cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_8_windows cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_8_x86 cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_9_linux cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_9_sparc cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_9_windows cpe:/a:sun:java_system_access_manager:6.3_2005q1::solaris_9_x86 cpe:/a:sun:java_system_access_manager:7.1::solaris_10_linux cpe:/a:sun:java_system_access_manager:7.1::solaris_10_sparc cpe:/a:sun:java_system_access_manager:7.1::solaris_10_windows cpe:/a:sun:java_system_access_manager:7.1::solaris_10_x86 cpe:/a:sun:java_system_access_manager:7.1::solaris_8_linux cpe:/a:sun:java_system_access_manager:7.1::solaris_8_sparc cpe:/a:sun:java_system_access_manager:7.1::solaris_8_windows cpe:/a:sun:java_system_access_manager:7.1::solaris_8_x86 cpe:/a:sun:java_system_access_manager:7.1::solaris_9_linux cpe:/a:sun:java_system_access_manager:7.1::solaris_9_sparc cpe:/a:sun:java_system_access_manager:7.1::solaris_9_windows cpe:/a:sun:java_system_access_manager:7.1::solaris_9_x86 cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_10_linux cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_10_sparc cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_10_windows cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_10_x86 cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_8_linux cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_8_sparc cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_8_windows cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_8_x86 cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_9_linux cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_9_sparc cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_9_windows cpe:/a:sun:java_system_access_manager:7_2005q4::solaris_9_x86 CVE-2009-0348 2009-01-29T14:30:00.407-05:00 2017-08-07T21:33:54.390-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1 SUNALERT 242026 BID 33489 VUPEN ADV-2009-0269 XF sun-jsam-username-info-disclosure(48283) The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. cpe:/a:ftpshell:ftpshell_server:4.3 CVE-2009-0349 2009-01-29T14:30:00.420-05:00 2017-09-28T21:33:45.543-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov EXPLOIT-DB 7852 Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file. cpe:/a:merak:media_player:3.2 CVE-2009-0350 2009-01-29T14:30:00.437-05:00 2017-09-28T21:33:45.607-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS EXPLOIT-DB 7857 Stack-based buffer overflow in Merak Media Player 3.2 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file, related to the status bar icon's tooltip. NOTE: some of these details are obtained from third party information. cpe:/a:wftpserver:winftp_ftp_server:2.3.0 CVE-2009-0351 2009-01-29T14:30:00.517-05:00 2017-09-28T21:33:45.667-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33454 VUPEN ADV-2009-0254 XF winftp-list-bo(48263) EXPLOIT-DB 7875 Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remote authenticated users to execute arbitrary code via a long LIST argument beginning with an * (asterisk) character. cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.5:beta cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 CVE-2009-0352 2009-02-04T14:30:00.377-05:00 2018-10-03T17:58:16.050-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SA:2009:009 SUSE SUSE-SA:2009:023 REDHAT RHSA-2009:0256 SLACKWARE SSA:2009-083-02 SLACKWARE SSA:2009-083-03 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm DEBIAN DSA-1830 MANDRIVA MDVSA-2009:044 MANDRIVA MDVSA-2009:083 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-01.html REDHAT RHSA-2009:0257 REDHAT RHSA-2009:0258 BID 33598 SECTRACK 1021663 UBUNTU USN-717-1 VUPEN ADV-2009-0313 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=331088 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=401042 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=416461 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=420697 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=421839 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=422283 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=422301 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=431705 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=437142 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=449006 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=461027 UBUNTU USN-741-1 FEDORA FEDORA-2009-1399 FEDORA FEDORA-2009-2882 FEDORA FEDORA-2009-2884 FEDORA FEDORA-2009-3101 Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function. cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.5:beta cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 CVE-2009-0353 2009-02-04T14:30:00.407-05:00 2017-09-28T21:33:45.857-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SA:2009:009 SUSE SUSE-SA:2009:023 REDHAT RHSA-2009:0256 SLACKWARE SSA:2009-083-02 SLACKWARE SSA:2009-083-03 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm DEBIAN DSA-1830 MANDRIVA MDVSA-2009:044 MANDRIVA MDVSA-2009:083 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-01.html REDHAT RHSA-2009:0257 REDHAT RHSA-2009:0258 BID 33598 SECTRACK 1021663 UBUNTU USN-717-1 VUPEN ADV-2009-0313 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=452913 FEDORA FEDORA-2009-1399 FEDORA FEDORA-2009-2882 FEDORA FEDORA-2009-2884 FEDORA FEDORA-2009-3101 Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine. cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 CVE-2009-0354 2009-02-04T14:30:00.420-05:00 2017-09-28T21:33:45.917-04:00 2.6 NETWORK HIGH NONE NONE PARTIAL NONE http://nvd.nist.gov SUSE SUSE-SA:2009:009 REDHAT RHSA-2009:0256 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm MANDRIVA MDVSA-2009:044 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-02.html BID 33598 SECTRACK 1021664 UBUNTU USN-717-1 VUPEN ADV-2009-0313 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=468581 FEDORA FEDORA-2009-1399 Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function. cpe:/a:mozilla:firefox:0.1 cpe:/a:mozilla:firefox:0.2 cpe:/a:mozilla:firefox:0.3 cpe:/a:mozilla:firefox:0.4 cpe:/a:mozilla:firefox:0.5 cpe:/a:mozilla:firefox:0.6 cpe:/a:mozilla:firefox:0.6.1 cpe:/a:mozilla:firefox:0.7 cpe:/a:mozilla:firefox:0.7.1 cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:0.9:rc cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:0.9_rc cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:1.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0:beta1 cpe:/a:mozilla:firefox:2.0:beta_1 cpe:/a:mozilla:firefox:2.0:rc2 cpe:/a:mozilla:firefox:2.0:rc3 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0_.1 cpe:/a:mozilla:firefox:2.0_.4 cpe:/a:mozilla:firefox:2.0_.5 cpe:/a:mozilla:firefox:2.0_.6 cpe:/a:mozilla:firefox:2.0_.7 cpe:/a:mozilla:firefox:2.0_.9 cpe:/a:mozilla:firefox:2.0_.10 cpe:/a:mozilla:firefox:2.0_8 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 CVE-2009-0355 2009-02-04T14:30:00.437-05:00 2017-09-28T21:33:46.013-04:00 5.4 NETWORK HIGH NONE COMPLETE NONE NONE http://nvd.nist.gov SUSE SUSE-SA:2009:009 REDHAT RHSA-2009:0256 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm MANDRIVA MDVSA-2009:044 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-03.html REDHAT RHSA-2009:0257 REDHAT RHSA-2009:0258 BID 33598 SECTRACK 1021665 UBUNTU USN-717-1 UBUNTU USN-717-2 VUPEN ADV-2009-0313 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=466937 FEDORA FEDORA-2009-1399 FEDORA FEDORA-2009-2882 FEDORA FEDORA-2009-2884 components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element. cpe:/a:mozilla:firefox:0.1 cpe:/a:mozilla:firefox:0.2 cpe:/a:mozilla:firefox:0.3 cpe:/a:mozilla:firefox:0.4 cpe:/a:mozilla:firefox:0.5 cpe:/a:mozilla:firefox:0.6 cpe:/a:mozilla:firefox:0.6.1 cpe:/a:mozilla:firefox:0.7 cpe:/a:mozilla:firefox:0.7.1 cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:0.9:rc cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:0.9_rc cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:1.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0:beta1 cpe:/a:mozilla:firefox:2.0:beta_1 cpe:/a:mozilla:firefox:2.0:rc2 cpe:/a:mozilla:firefox:2.0:rc3 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0_.1 cpe:/a:mozilla:firefox:2.0_.4 cpe:/a:mozilla:firefox:2.0_.5 cpe:/a:mozilla:firefox:2.0_.6 cpe:/a:mozilla:firefox:2.0_.7 cpe:/a:mozilla:firefox:2.0_.9 cpe:/a:mozilla:firefox:2.0_.10 cpe:/a:mozilla:firefox:2.0_8 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 CVE-2009-0356 2009-02-04T14:30:00.467-05:00 2017-09-28T21:33:46.107-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SUSE SUSE-SA:2009:009 REDHAT RHSA-2009:0256 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm MANDRIVA MDVSA-2009:044 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-04.html BID 33598 SECTRACK 1021666 VUPEN ADV-2009-0313 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=460425 FEDORA FEDORA-2009-1399 Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582. cpe:/a:mozilla:firefox:0.1 cpe:/a:mozilla:firefox:0.2 cpe:/a:mozilla:firefox:0.3 cpe:/a:mozilla:firefox:0.4 cpe:/a:mozilla:firefox:0.5 cpe:/a:mozilla:firefox:0.6 cpe:/a:mozilla:firefox:0.6.1 cpe:/a:mozilla:firefox:0.7 cpe:/a:mozilla:firefox:0.7.1 cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0:beta1 cpe:/a:mozilla:firefox:2.0:rc2 cpe:/a:mozilla:firefox:2.0:rc3 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 CVE-2009-0357 2009-02-04T14:30:00.483-05:00 2017-09-28T21:33:46.183-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://ha.ckers.org/blog/20070511/bluehat-errata/ SUSE SUSE-SA:2009:009 REDHAT RHSA-2009:0256 SLACKWARE SSA:2009-083-02 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm MANDRIVA MDVSA-2009:044 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-05.html REDHAT RHSA-2009:0257 BID 33598 SECTRACK 1021668 UBUNTU USN-717-1 UBUNTU USN-717-2 VUPEN ADV-2009-0313 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=380418 FEDORA FEDORA-2009-1399 FEDORA FEDORA-2009-3101 Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 CVE-2009-0358 2009-02-04T14:30:00.517-05:00 2017-09-28T21:33:46.263-04:00 3.3 ADJACENT_NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx SUSE SUSE-SA:2009:009 REDHAT RHSA-2009:0256 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm MANDRIVA MDVSA-2009:044 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-06.html BID 33598 SECTRACK 1021667 UBUNTU USN-717-1 VUPEN ADV-2009-0313 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=441751 FEDORA FEDORA-2009-1399 Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. cpe:/a:nongnu:samizdat:0.6.1 CVE-2009-0359 2009-02-17T12:30:05.877-05:00 2018-10-11T17:01:24.290-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch MLIST [debian-testing-security-announce] 20090211 Security update for Debian Testing - 2009-02-12 CONFIRM http://www.nongnu.org/samizdat/release-notes/samizdat-0.6.2.html BUGTRAQ 20090213 Cross-site scripting in Samizdat 0.6.1 BID 33768 Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name. cpe:/a:eyrie:pam-krb5:2.0 cpe:/a:eyrie:pam-krb5:2.1 cpe:/a:eyrie:pam-krb5:2.2 cpe:/a:eyrie:pam-krb5:2.3 cpe:/a:eyrie:pam-krb5:2.4 cpe:/a:eyrie:pam-krb5:2.5 cpe:/a:eyrie:pam-krb5:2.6 cpe:/a:eyrie:pam-krb5:3.0 cpe:/a:eyrie:pam-krb5:3.1 cpe:/a:eyrie:pam-krb5:3.2 cpe:/a:eyrie:pam-krb5:3.3 cpe:/a:eyrie:pam-krb5:3.4 cpe:/a:eyrie:pam-krb5:3.5 cpe:/a:eyrie:pam-krb5:3.6 cpe:/a:eyrie:pam-krb5:3.7 cpe:/a:eyrie:pam-krb5:3.8 cpe:/a:eyrie:pam-krb5:3.9 cpe:/a:eyrie:pam-krb5:3.10 cpe:/a:eyrie:pam-krb5:3.11 cpe:/a:eyrie:pam-krb5:3.12 CVE-2009-0360 2009-02-13T12:30:00.640-05:00 2018-10-11T17:01:24.757-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS GENTOO GLSA-200903-39 SECTRACK 1021711 SUNALERT 252767 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm DEBIAN DSA-1721 MISC http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html BUGTRAQ 20090211 pam-krb5 security advisory (3.12 and earlier) BID 33740 UBUNTU USN-719-1 VUPEN ADV-2009-0410 VUPEN ADV-2009-0426 VUPEN ADV-2009-0979 Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. cpe:/a:eyrie:pam-krb5:3.0 cpe:/a:eyrie:pam-krb5:3.1 cpe:/a:eyrie:pam-krb5:3.2 cpe:/a:eyrie:pam-krb5:3.3 cpe:/a:eyrie:pam-krb5:3.4 cpe:/a:eyrie:pam-krb5:3.5 cpe:/a:eyrie:pam-krb5:3.6 cpe:/a:eyrie:pam-krb5:3.7 cpe:/a:eyrie:pam-krb5:3.8 cpe:/a:eyrie:pam-krb5:3.9 cpe:/a:eyrie:pam-krb5:3.10 cpe:/a:eyrie:pam-krb5:3.11 cpe:/a:eyrie:pam-krb5:3.12 CVE-2009-0361 2009-02-13T12:30:00.687-05:00 2018-10-11T17:01:26.663-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS GENTOO GLSA-200903-39 SECTRACK 1021711 SUNALERT 252767 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm DEBIAN DSA-1721 DEBIAN DSA-1722 MISC http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html BUGTRAQ 20090211 pam-krb5 security advisory (3.12 and earlier) BID 33741 UBUNTU USN-719-1 VUPEN ADV-2009-0410 VUPEN ADV-2009-0426 VUPEN ADV-2009-0979 Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations. cpe:/a:fail2ban:fail2ban:0.8.3 CVE-2009-0362 2009-02-12T20:30:00.360-05:00 2009-02-13T00:00:00.000-05:00 4.0 NETWORK LOW SINGLE_INSTANCE NONE NONE PARTIAL http://nvd.nist.gov 2009-02-13T12:23:00.000-05:00 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514163 BID 33734 filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321. cpe:/a:barnowl:barnowl:1.0.0 cpe:/a:barnowl:barnowl:1.0.1 cpe:/a:barnowl:barnowl:1.0.2 cpe:/a:barnowl:barnowl:1.0.2.1 cpe:/a:barnowl:barnowl:1.0.3 cpe:/a:barnowl:barnowl:1.0.4 cpe:/a:barnowl:barnowl:1.0.4.1 cpe:/a:ktools:owl:2.1.11 CVE-2009-0363 2009-02-17T12:30:05.890-05:00 2017-08-07T21:33:54.500-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_USER_ACCESS CONFIRM http://barnowl.mit.edu/browser/ChangeLog CONFIRM http://barnowl.mit.edu/wiki/barnowl-1.0.5-announce CONFIRM http://bugs.debian.org/515118 MLIST [debian-testing-security-announce] 20090213 Security update for Debian Testing - 2009-02-14 CONFIRM https://bugs.launchpad.net/ubuntu/+source/owl/+bug/329165 XF barnowl-owl-zcrypt-bo(48824) Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products. cpe:/a:citadel:webcit:7.02 cpe:/a:citadel:webcit:7.10 cpe:/a:citadel:webcit:7.11 cpe:/a:citadel:webcit:7.12 cpe:/a:citadel:webcit:7.22 cpe:/a:citadel:webcit:7.37 cpe:/a:citadel:webcit:7.38 CVE-2009-0364 2009-03-26T01:50:27.517-04:00 2009-04-02T01:44:23.877-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://www.citadel.org/doku.php/news:webcit.security.advisory.-.2009-march-23 DEBIAN DSA-1752 BID 34206 Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors. cpe:/o:ubuntu:ubuntu_linux:6.06:-:lts cpe:/o:ubuntu:ubuntu_linux:7.10 cpe:/o:ubuntu:ubuntu_linux:8.04:-:lts cpe:/o:ubuntu:ubuntu_linux:8.10 CVE-2009-0365 2009-03-04T21:30:00.313-05:00 2017-09-28T21:33:46.497-04:00 4.6 LOCAL LOW SINGLE_INSTANCE COMPLETE NONE NONE http://nvd.nist.gov SUSE SUSE-SA:2009:013 SUSE SUSE-SR:2009:009 SECTRACK 1021910 SECTRACK 1021911 CONFIRM http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&r2=1207&pathrev=1207 CONFIRM http://svn.gnome.org/viewvc/network-manager-applet?view=revision&revision=1207 DEBIAN DSA-1955 REDHAT RHSA-2009:0361 REDHAT RHSA-2009:0362 BID 33966 SECTRACK 1021908 UBUNTU USN-727-1 UBUNTU USN-727-2 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487722 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487752 XF networkmanager-dbus-info-disclosure(49062) nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. cpe:/a:wesnoth:wesnoth:1.0:rc cpe:/a:wesnoth:wesnoth:1.1 cpe:/a:wesnoth:wesnoth:1.1.1 cpe:/a:wesnoth:wesnoth:1.1.2 cpe:/a:wesnoth:wesnoth:1.1.3 cpe:/a:wesnoth:wesnoth:1.1.4 cpe:/a:wesnoth:wesnoth:1.1.5 cpe:/a:wesnoth:wesnoth:1.1.6 cpe:/a:wesnoth:wesnoth:1.1.7 cpe:/a:wesnoth:wesnoth:1.1.8 cpe:/a:wesnoth:wesnoth:1.1.9 cpe:/a:wesnoth:wesnoth:1.1.10 cpe:/a:wesnoth:wesnoth:1.1.11 cpe:/a:wesnoth:wesnoth:1.1.12 cpe:/a:wesnoth:wesnoth:1.1.13 cpe:/a:wesnoth:wesnoth:1.1.14 cpe:/a:wesnoth:wesnoth:1.2 cpe:/a:wesnoth:wesnoth:1.2.1 cpe:/a:wesnoth:wesnoth:1.2.2 cpe:/a:wesnoth:wesnoth:1.2.3 cpe:/a:wesnoth:wesnoth:1.2.4 cpe:/a:wesnoth:wesnoth:1.2.5 cpe:/a:wesnoth:wesnoth:1.2.6 cpe:/a:wesnoth:wesnoth:1.2.7 cpe:/a:wesnoth:wesnoth:1.2.8 cpe:/a:wesnoth:wesnoth:1.3.8 cpe:/a:wesnoth:wesnoth:1.3.9 cpe:/a:wesnoth:wesnoth:1.3.10 cpe:/a:wesnoth:wesnoth:1.3.11 cpe:/a:wesnoth:wesnoth:1.3.12 cpe:/a:wesnoth:wesnoth:1.3.13 cpe:/a:wesnoth:wesnoth:1.3.14 cpe:/a:wesnoth:wesnoth:1.3.15 cpe:/a:wesnoth:wesnoth:1.3.16 cpe:/a:wesnoth:wesnoth:1.3.17 cpe:/a:wesnoth:wesnoth:1.3.18 cpe:/a:wesnoth:wesnoth:1.3.19 cpe:/a:wesnoth:wesnoth:1.4 cpe:/a:wesnoth:wesnoth:1.4.1 cpe:/a:wesnoth:wesnoth:1.4.2 cpe:/a:wesnoth:wesnoth:1.4.3 cpe:/a:wesnoth:wesnoth:1.4.4 cpe:/a:wesnoth:wesnoth:1.4.5 cpe:/a:wesnoth:wesnoth:1.4.6 cpe:/a:wesnoth:wesnoth:1.4.7 cpe:/a:wesnoth:wesnoth:1.5.0 cpe:/a:wesnoth:wesnoth:1.5.1 cpe:/a:wesnoth:wesnoth:1.5.2 cpe:/a:wesnoth:wesnoth:1.5.3 cpe:/a:wesnoth:wesnoth:1.5.4 cpe:/a:wesnoth:wesnoth:1.5.5 cpe:/a:wesnoth:wesnoth:1.5.6 cpe:/a:wesnoth:wesnoth:1.5.7 cpe:/a:wesnoth:wesnoth:1.5.8 cpe:/a:wesnoth:wesnoth:1.5.9 cpe:/a:wesnoth:wesnoth:1.5.10 cpe:/a:wesnoth:wesnoth:1.5.11 CVE-2009-0366 2009-03-12T11:20:49.717-04:00 2009-03-21T01:54:15.517-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://launchpad.net/bugs/335089 CONFIRM http://launchpad.net/bugs/336396 CONFIRM http://launchpad.net/bugs/cve/2009-0366 CONFIRM http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog CONFIRM http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog CONFIRM http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069&r1=32990&r2=33069 CONFIRM http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069&view=log DEBIAN DSA-1737 BID 34085 CONFIRM https://gna.org/bugs/index.php?13037 The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document. cpe:/a:wesnoth:wesnoth:1.4 cpe:/a:wesnoth:wesnoth:1.4.1 cpe:/a:wesnoth:wesnoth:1.4.2 cpe:/a:wesnoth:wesnoth:1.4.3 cpe:/a:wesnoth:wesnoth:1.4.4 cpe:/a:wesnoth:wesnoth:1.4.5 cpe:/a:wesnoth:wesnoth:1.4.6 cpe:/a:wesnoth:wesnoth:1.4.7 cpe:/a:wesnoth:wesnoth:1.5.0 cpe:/a:wesnoth:wesnoth:1.5.1 cpe:/a:wesnoth:wesnoth:1.5.2 cpe:/a:wesnoth:wesnoth:1.5.3 cpe:/a:wesnoth:wesnoth:1.5.4 cpe:/a:wesnoth:wesnoth:1.5.5 cpe:/a:wesnoth:wesnoth:1.5.6 cpe:/a:wesnoth:wesnoth:1.5.7 cpe:/a:wesnoth:wesnoth:1.5.8 cpe:/a:wesnoth:wesnoth:1.5.9 cpe:/a:wesnoth:wesnoth:1.5.10 CVE-2009-0367 2009-03-04T21:30:00.327-05:00 2017-08-07T21:33:54.673-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://launchpad.net/bugs/335089 CONFIRM http://launchpad.net/bugs/336396 CONFIRM http://launchpad.net/bugs/cve/2009-0367 CONFIRM http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog CONFIRM http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog DEBIAN DSA-1737 VUPEN ADV-2009-0595 CONFIRM http://www.wesnoth.org/forum/viewtopic.php?t=24247 CONFIRM http://www.wesnoth.org/forum/viewtopic.php?t=24340 XF wesnoth-pythonai-code-execution(49058) CONFIRM https://gna.org/bugs/index.php?13048 The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module. cpe:/a:opensc-project:opensc:0.3.2 cpe:/a:opensc-project:opensc:0.3.5 cpe:/a:opensc-project:opensc:0.4.0 cpe:/a:opensc-project:opensc:0.5.0 cpe:/a:opensc-project:opensc:0.6.0 cpe:/a:opensc-project:opensc:0.6.1 cpe:/a:opensc-project:opensc:0.7.0 cpe:/a:opensc-project:opensc:0.8 cpe:/a:opensc-project:opensc:0.8.0 cpe:/a:opensc-project:opensc:0.8.0.0 cpe:/a:opensc-project:opensc:0.8.1 cpe:/a:opensc-project:opensc:0.9 cpe:/a:opensc-project:opensc:0.9.2 cpe:/a:opensc-project:opensc:0.9.3 cpe:/a:opensc-project:opensc:0.9.4 cpe:/a:opensc-project:opensc:0.9.5 cpe:/a:opensc-project:opensc:0.9.6 cpe:/a:opensc-project:opensc:0.9.7 cpe:/a:opensc-project:opensc:0.9.7:b cpe:/a:opensc-project:opensc:0.9.7:d cpe:/a:opensc-project:opensc:0.9.8 cpe:/a:opensc-project:opensc:0.10.0 cpe:/a:opensc-project:opensc:0.10.1 cpe:/a:opensc-project:opensc:0.11.0 cpe:/a:opensc-project:opensc:0.11.1 cpe:/a:opensc-project:opensc:0.11.2 cpe:/a:opensc-project:opensc:0.11.3 cpe:/a:opensc-project:opensc:0.11.3:pre3 cpe:/a:opensc-project:opensc:0.11.4 cpe:/a:opensc-project:opensc:0.11.5 cpe:/a:opensc-project:opensc:0.11.6 CVE-2009-0368 2009-03-02T17:30:00.187-05:00 2017-08-07T21:33:54.750-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov SUSE SUSE-SR:2009:010 MLIST [oss-security] 20090226 OpenSC Security Advisory GENTOO GLSA-200908-01 DEBIAN DSA-1734 MLIST [opensc-announce] 20090226 OpenSC Security Advisory BID 33922 XF opensc-pkcs-unauth-access(48958) FEDORA FEDORA-2009-2266 FEDORA FEDORA-2009-2267 OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. cpe:/a:microsoft:internet_explorer:7 CVE-2009-0369 2009-01-30T14:30:00.327-05:00 2017-09-28T21:33:46.560-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov XF ie-onclickaction-click-hijacking(48542) EXPLOIT-DB 7912 Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. cpe:/o:ibm:aix:5.2 cpe:/o:ibm:aix:5.2.2 cpe:/o:ibm:aix:5.2_l cpe:/o:ibm:aix:5.3 cpe:/o:ibm:aix:5.3.7 cpe:/o:ibm:aix:5.3.8 cpe:/o:ibm:aix:5.3.9 cpe:/o:ibm:aix:5.3_l cpe:/o:ibm:aix:6.1 cpe:/o:ibm:aix:6.1.1 cpe:/o:ibm:aix:6.1.2 CVE-2009-0370 2009-01-30T14:30:00.343-05:00 2017-09-28T21:33:46.637-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory.asc AIXAPAR IZ40386 AIXAPAR IZ41510 AIXAPAR IZ41593 AIXAPAR IZ41599 AIXAPAR IZ42785 AIXAPAR IZ42786 AIXAPAR IZ42787 AIXAPAR IZ42788 BID 33522 Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files." cpe:/a:sitexs_cms:sitexs_cms:0.1:pre-alpha cpe:/a:sitexs_cms:sitexs_cms:0.1.1:pre-alpha CVE-2009-0371 2009-01-30T14:30:00.360-05:00 2017-09-28T21:33:46.873-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33457 VUPEN ADV-2009-0247 XF sitexs-type-file-include(48236) EXPLOIT-DB 7879 Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter. cpe:/a:memht:memht_portal:1.0:final cpe:/a:memht:memht_portal:1.5:full cpe:/a:memht:memht_portal:1.5:update cpe:/a:memht:memht_portal:2.0:full cpe:/a:memht:memht_portal:2.0:update cpe:/a:memht:memht_portal:2.5:full cpe:/a:memht:memht_portal:2.5:update cpe:/a:memht:memht_portal:2.9:full cpe:/a:memht:memht_portal:2.9:update cpe:/a:memht:memht_portal:3.0:full cpe:/a:memht:memht_portal:3.0:update cpe:/a:memht:memht_portal:3.1 cpe:/a:memht:memht_portal:3.1:full cpe:/a:memht:memht_portal:3.1:update cpe:/a:memht:memht_portal:3.2:update cpe:/a:memht:memht_portal:3.3:full cpe:/a:memht:memht_portal:3.3:update cpe:/a:memht:memht_portal:3.4 cpe:/a:memht:memht_portal:3.4:full cpe:/a:memht:memht_portal:3.4:update cpe:/a:memht:memht_portal:3.4.5 cpe:/a:memht:memht_portal:3.4.5:full cpe:/a:memht:memht_portal:3.4.5:update cpe:/a:memht:memht_portal:3.5.0:full cpe:/a:memht:memht_portal:3.6.0 cpe:/a:memht:memht_portal:3.6.5 cpe:/a:memht:memht_portal:3.7.0 cpe:/a:memht:memht_portal:3.7.5 cpe:/a:memht:memht_portal:3.8.0 cpe:/a:memht:memht_portal:3.8.1 cpe:/a:memht:memht_portal:3.8.5 cpe:/a:memht:memht_portal:3.9.0 cpe:/a:memht:memht_portal:4.0.1 CVE-2009-0372 2009-01-30T14:30:00.390-05:00 2017-09-28T21:33:46.933-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33424 XF memht-avatar-file-upload(48199) EXPLOIT-DB 7859 Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then accessing this file via a direct request to the file in images/avatar/uploaded/. cpe:/a:elearningforce:flash_magazine_deluxe:_nil_ CVE-2009-0373 2009-01-30T14:30:00.407-05:00 2017-09-28T21:33:46.997-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33455 VUPEN ADV-2009-0249 XF flashmagazine-index-sql-injection(48226) EXPLOIT-DB 7881 SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php. cpe:/a:google:chrome:1.0.154.43 CVE-2009-0374 2009-01-30T16:30:00.217-05:00 2018-10-11T17:01:29.040-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov MISC http://www.secniche.org/gcr_clkj/ BUGTRAQ 20090128 Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability. BUGTRAQ 20090128 Re: Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability. EXPLOIT-DB 7903 ** DISPUTED ** Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue." cpe:/a:realnetworks:realplayer:11 CVE-2009-0375 2009-02-08T16:30:09.797-05:00 2018-10-11T17:01:29.540-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://service.real.com/realplayer/security/01192010_player/en/ MISC http://www.fortiguardcenter.com/advisory/FGA-2009-04.html BUGTRAQ 20090206 RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities BID 33652 VUPEN ADV-2010-0178 XF realplayer-ivr-bo(48567) Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin. cpe:/a:realnetworks:realplayer:11 CVE-2009-0376 2009-02-08T16:30:09.813-05:00 2018-10-11T17:01:30.227-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://service.real.com/realplayer/security/01192010_player/en/ MISC http://www.fortiguardcenter.com/advisory/FGA-2009-04.html BUGTRAQ 20090206 RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities BUGTRAQ 20100121 ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability BID 33652 VUPEN ADV-2010-0178 MISC http://www.zerodayinitiative.com/advisories/ZDI-10-009/ XF realplayer-ivr-code-execution(48568) Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin. cpe:/a:joomla:com_beamospetition:1.0.12 CVE-2009-0377 2009-02-02T14:00:00.187-05:00 2018-10-11T17:01:31.150-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BUGTRAQ 20090121 Joomla component beamospetition 1.0.12 Sql Injection BID 33391 EXPLOIT-DB 7847 SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132. cpe:/a:joomla:com_beamospetition:1.0.12 CVE-2009-0378 2009-02-02T14:00:00.250-05:00 2018-10-11T17:01:31.570-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090121 Joomla component beamospetition 1.0.12 Sql Injection BID 33391 EXPLOIT-DB 7847 Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action. cpe:/a:joomla:com_pcchess CVE-2009-0379 2009-02-02T14:00:00.280-05:00 2017-09-28T21:33:47.230-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33394 XF joomla-pcchess-gameid-sql-injection(48144) EXPLOIT-DB 7846 SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761. cpe:/a:sigsiu.net:sobi2:2.8.2:rc CVE-2009-0380 2009-02-02T14:00:00.297-05:00 2017-09-28T21:33:47.293-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS VIM 20090130 SOBI2 showbiz SQL injection - false, or site-specific BID 33378 XF sobi2-bid-sql-injection(48131) EXPLOIT-DB 7841 ** DISPUTED ** SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2. cpe:/a:bazaarbuilder:ecommerce_shopping_cart:5.0 CVE-2009-0381 2009-02-02T14:00:00.327-05:00 2017-09-28T21:33:47.340-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33380 XF bazaarbuilder-index-sql-injection(48141) EXPLOIT-DB 7840 SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php. cpe:/a:drupal:internationalization:5.x-1.1 cpe:/a:drupal:internationalization:5.x-2.3 CVE-2009-0382 2009-02-02T14:30:00.203-05:00 2009-02-02T14:30:00.203-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-02-02T14:46:00.000-05:00 CONFIRM http://drupal.org/node/358958 BID 33283 Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. cpe:/a:mzbservices:max.blog:1.0.6 CVE-2009-0383 2009-02-02T14:30:00.267-05:00 2017-09-28T21:33:47.403-04:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://www.mzbservices.com/show_post.php?id=72 BID 33368 XF maxblog-delete-security-bypass(48125) EXPLOIT-DB 7835 delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request. cpe:/a:adam_tomecek:ownrs:1.2 CVE-2009-0384 2009-02-02T14:30:00.313-05:00 2017-09-28T21:33:47.450-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS EXPLOIT-DB 7849 SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:ffmpeg:ffmpeg CVE-2009-0385 2009-02-02T14:30:00.327-05:00 2018-10-11T17:01:32.540-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 GENTOO GLSA-200903-33 CONFIRM http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846 CONFIRM http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846 DEBIAN DSA-1781 DEBIAN DSA-1782 MANDRIVA MDVSA-2009:297 BUGTRAQ 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability BID 33502 MISC http://www.trapkit.de/advisories/TKADV2009-004.txt UBUNTU USN-734-1 VUPEN ADV-2009-0277 XF ffmpeg-fourxmreadheader-code-execution(48330) FEDORA FEDORA-2009-3428 FEDORA FEDORA-2009-3433 Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. cpe:/a:gstreamer:good_plug-ins:0.10.9 cpe:/a:gstreamer:good_plug-ins:0.10.10 cpe:/a:gstreamer:good_plug-ins:0.10.11 CVE-2009-0386 2009-02-02T14:30:00.343-05:00 2018-10-11T17:01:34.760-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 CONFIRM http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html SUSE SUSE-SR:2009:005 GENTOO GLSA-200907-11 MISC http://trapkit.de/advisories/TKADV2009-003.txt MANDRIVA MDVSA-2009:035 MLIST [oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) REDHAT RHSA-2009:0271 BUGTRAQ 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities BID 33405 UBUNTU USN-736-1 VUPEN ADV-2009-0225 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=481267 Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file. cpe:/a:gstreamer:good_plug-ins:0.10.9 cpe:/a:gstreamer:good_plug-ins:0.10.10 cpe:/a:gstreamer:good_plug-ins:0.10.11 cpe:/a:gstreamer:plug-ins:0.8.5 CVE-2009-0387 2009-02-02T14:30:00.377-05:00 2018-10-11T17:01:36.477-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 CONFIRM http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html SUSE SUSE-SR:2009:005 GENTOO GLSA-200907-11 MISC http://trapkit.de/advisories/TKADV2009-003.txt MANDRIVA MDVSA-2009:035 MLIST [oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) REDHAT RHSA-2009:0271 BUGTRAQ 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities BID 33405 UBUNTU USN-736-1 VUPEN ADV-2009-0225 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=481267 Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes." cpe:/a:tightvnc:tightvnc:1.3.9 cpe:/a:ultravnc:ultravnc:1.0.2 cpe:/a:ultravnc:ultravnc:1.0.5 CVE-2009-0388 2009-02-04T14:30:00.530-05:00 2018-10-11T17:01:38.790-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://forum.ultravnc.info/viewtopic.php?t=14654 CONFIRM http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564 MISC http://www.coresecurity.com/content/vnc-integer-overflows BUGTRAQ 20090203 CORE-2008-1009 - VNC Multiple Integer Overflows BID 33568 VUPEN ADV-2009-0321 VUPEN ADV-2009-0322 EXPLOIT-DB 7990 EXPLOIT-DB 8024 Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp. cpe:/a:eztools-software:web_on_windows_activex:2 CVE-2009-0389 2009-02-02T17:00:00.377-05:00 2017-09-28T21:33:47.717-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33515 XF wow-writeinifilestring-code-execution(48337) EXPLOIT-DB 7910 Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code. cpe:/a:enomaly:elastic_computing_platform:2.1 cpe:/a:enomaly:elastic_computing_platform:2.1:beta_2 CVE-2009-0390 2009-02-02T17:30:00.280-05:00 2018-10-11T17:01:39.777-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090130 CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program. cpe:/a:ibm:websphere_application_server:6.0.1 CVE-2009-0391 2009-02-02T17:30:00.313-05:00 2011-03-07T22:18:25.673-05:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov BID 33533 SECTRACK 1021658 VUPEN ADV-2009-0423 AIXAPAR PK79232 Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. cpe:/h:motorola:cpei300 CVE-2009-0392 2009-02-02T20:30:00.297-05:00 2018-10-11T17:01:39.900-04:00 6.8 NETWORK LOW SINGLE_INSTANCE COMPLETE NONE NONE http://nvd.nist.gov BUGTRAQ 20090129 Motorola Wimax Modem CPEi300 Multiple Vulnerabilities BID 33519 EXPLOIT-DB 7915 Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter. cpe:/h:motorola:cpei300 CVE-2009-0393 2009-02-02T20:30:00.313-05:00 2018-10-11T17:01:40.213-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090129 Motorola Wimax Modem CPEi300 Multiple Vulnerabilities BID 33519 EXPLOIT-DB 7915 Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter. cpe:/a:ple_cms:ple_cms:1.0:beta_4.2 CVE-2009-0394 2009-02-02T20:30:00.343-05:00 2017-09-28T21:33:47.917-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33524 EXPLOIT-DB 7917 SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter. cpe:/a:netartmedia:car_portal:1.0 CVE-2009-0395 2009-02-02T20:30:00.360-05:00 2017-09-28T21:33:47.967-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33521 EXPLOIT-DB 7916 SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. cpe:/h:sony_ericsson:k530i cpe:/h:sony_ericsson:k610i cpe:/h:sony_ericsson:k618i cpe:/h:sony_ericsson:k660i cpe:/h:sony_ericsson:k810i cpe:/h:sony_ericsson:w660i cpe:/h:sony_ericsson:w880i cpe:/h:sony_ericsson:w910i cpe:/h:sony_ericsson:z610i CVE-2009-0396 2009-02-02T20:30:00.377-05:00 2018-10-11T17:01:40.527-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov MISC http://www.mseclab.com/index.php?page_id=123 BUGTRAQ 20090126 SonyEricsson WAP Push Denial of Service BID 33433 SECTRACK 1021634 The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed WAP Push packet to (1) SMS or (2) UDP port 2948. cpe:/a:gstreamer:good_plug-ins:0.10.9 cpe:/a:gstreamer:good_plug-ins:0.10.10 cpe:/a:gstreamer:good_plug-ins:0.10.11 cpe:/a:gstreamer:plug-ins:0.8.5 CVE-2009-0397 2009-02-03T06:30:00.780-05:00 2018-10-11T17:01:40.947-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 CONFIRM http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html SUSE SUSE-SR:2009:005 GENTOO GLSA-200907-11 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-052.htm MISC http://trapkit.de/advisories/TKADV2009-003.txt MANDRIVA MDVSA-2009:035 MLIST [oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) REDHAT RHSA-2009:0270 REDHAT RHSA-2009:0271 BUGTRAQ 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities BID 33405 UBUNTU USN-736-1 VUPEN ADV-2009-0225 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=481267 XF gstreamer-qtdemuxparse-bo(48555) Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file. cpe:/a:gstreamer:plug-ins:0.6.0 CVE-2009-0398 2009-02-03T06:30:00.797-05:00 2017-09-28T21:33:48.090-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MLIST [oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) REDHAT RHSA-2009:0269 Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file. cpe:/a:chipmunk_scripts:chipmunk_blogger CVE-2009-0399 2009-02-03T14:30:00.360-05:00 2017-09-28T21:33:48.137-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS EXPLOIT-DB 7894 Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions. cpe:/a:socialengine:socialengine:3.06::trial CVE-2009-0400 2009-02-03T14:30:00.377-05:00 2017-09-28T21:33:48.200-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33495 XF socialengine-blog-sql-injection(48316) EXPLOIT-DB 7900 SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter. cpe:/a:ephpscripts:e-php_cms CVE-2009-0401 2009-02-03T14:30:00.390-05:00 2017-08-07T21:33:55.627-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://packetstormsecurity.org/0901-exploits/ephpcmscid-sql.txt BID 33470 XF ephpcms-browsecats-sql-injection(48297) SQL injection vulnerability in browsecats.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. cpe:/a:gplhost:domain_technologie_control:0.26.7 cpe:/a:gplhost:domain_technologie_control:0.26.8 cpe:/a:gplhost:domain_technologie_control:0.26.9 cpe:/a:gplhost:domain_technologie_control:0.27.3 cpe:/a:gplhost:domain_technologie_control:0.28.2 cpe:/a:gplhost:domain_technologie_control:0.28.3 cpe:/a:gplhost:domain_technologie_control:0.28.10 cpe:/a:gplhost:domain_technologie_control:0.29.1 cpe:/a:gplhost:domain_technologie_control:0.29.8 CVE-2009-0402 2009-02-03T14:30:00.420-05:00 2017-08-07T21:33:55.687-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973 CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=056e1d1849ff3aa183a410e2aab1c1c3e969247d BID 33496 XF domaintechnologie-newaccount-sql-injection(48292) SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters. cpe:/a:chipmunk_scripts:chipmunk_blogger CVE-2009-0403 2009-02-03T14:30:00.437-05:00 2017-09-28T21:33:48.247-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS VUPEN ADV-2009-0267 XF chipmunkblog-authenticate-sql-injection(48313) EXPLOIT-DB 7894 SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. cpe:/a:bioinformatics:htmlawed:1.0 cpe:/a:bioinformatics:htmlawed:1.0.1 cpe:/a:bioinformatics:htmlawed:1.0.2 cpe:/a:bioinformatics:htmlawed:1.0.3 cpe:/a:bioinformatics:htmlawed:1.0.4 cpe:/a:bioinformatics:htmlawed:1.0.5 cpe:/a:bioinformatics:htmlawed:1.0.6 cpe:/a:bioinformatics:htmlawed:1.0.7 cpe:/a:bioinformatics:htmlawed:1.0.8 cpe:/a:bioinformatics:htmlawed:1.0.9 cpe:/a:bioinformatics:htmlawed:1.1 cpe:/a:bioinformatics:htmlawed:1.1.1 cpe:/a:bioinformatics:htmlawed:1.1.2 cpe:/a:bioinformatics:htmlawed:1.1.3 CVE-2009-0404 2009-02-03T14:30:00.453-05:00 2017-08-07T21:33:55.797-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://freshmeat.net/projects/htmlawed/?branch_id=74760&release_id=293026 CONFIRM http://freshmeat.net/projects/htmlawed/?branch_id=74760&release_id=293090 CONFIRM http://www.bioinformatics.org/phplabware/forum/viewtopic.php?id=85 CONFIRM http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s4.3 BID 33507 XF htmlawed-unspecified-xss(48333) Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics htmLawed 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) expressions in the style attribute, which is processed by Internet Explorer 7. cpe:/a:smartsitecms:smartsitecms:1.0 CVE-2009-0405 2009-02-03T14:30:00.467-05:00 2017-09-28T21:33:48.327-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33497 XF smartsitecms-articles-sql-injection(48321) EXPLOIT-DB 7901 SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter. cpe:/a:community_cms:community_cms:0.1 cpe:/a:community_cms:community_cms:0.1.1 cpe:/a:community_cms:community_cms:0.2 cpe:/a:community_cms:community_cms:0.3 cpe:/a:community_cms:community_cms:0.4 CVE-2009-0406 2009-02-03T14:30:00.500-05:00 2017-09-28T21:33:48.370-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33484 VUPEN ADV-2009-0265 XF communitycms-index-sql-injection(48304) EXPLOIT-DB 7892 SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:humayun_shabbir:php-cms_project:1 CVE-2009-0407 2009-02-03T14:30:00.517-05:00 2017-09-28T21:33:48.433-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33473 VUPEN ADV-2009-0244 XF phpcms-login-sql-injection(48267) EXPLOIT-DB 7876 SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter. cpe:/a:oscommerce:oscommerce:2.2:rc_2a CVE-2009-0408 2009-02-03T14:30:00.530-05:00 2017-08-07T21:33:56.000-04:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS XF oscommerce-unspecified-csrf(48289) Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators. cpe:/a:mzbservices:max.blog:1.0.6 CVE-2009-0409 2009-02-03T14:30:00.547-05:00 2018-10-11T17:01:44.120-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BUGTRAQ 20090127 Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass BID 33493 EXPLOIT-DB 7899 SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. cpe:/a:novell:groupwise:6.5 cpe:/a:novell:groupwise:7.0 cpe:/a:novell:groupwise:7.01 cpe:/a:novell:groupwise:7.02x cpe:/a:novell:groupwise:7.03 cpe:/a:novell:groupwise:7.03:hp1a cpe:/a:novell:groupwise:8.0 CVE-2009-0410 2009-02-03T14:30:00.577-05:00 2018-10-11T17:01:44.573-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://download.novell.com/Download?buildid=GjZRRdqCFW0 CONFIRM http://www.novell.com/support/viewContent.do?externalId=7002502 BUGTRAQ 20090202 ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability BID 33560 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-010/ Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow. cpe:/a:google:chrome:0.2.152.1 cpe:/a:google:chrome:0.2.153.1 cpe:/a:google:chrome:0.3.154.0 cpe:/a:google:chrome:0.3.154.3 cpe:/a:google:chrome:0.4.154.18 cpe:/a:google:chrome:0.4.154.22 cpe:/a:google:chrome:0.4.154.31 cpe:/a:google:chrome:0.4.154.33 cpe:/a:google:chrome:1.0.154.36 cpe:/a:google:chrome:1.0.154.39 cpe:/a:google:chrome:1.0.154.42 cpe:/a:google:chrome:1.0.154.43 CVE-2009-0411 2009-02-03T14:30:00.627-05:00 2017-08-07T21:33:56.047-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://codereview.chromium.org/11264 CONFIRM http://codereview.chromium.org/18533 CONFIRM http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes CONFIRM http://src.chromium.org/viewvc/chrome?view=rev&revision=8529 XF googlechrome-xmlhttprequest-info-disclosure(48554) Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. cpe:/a:interspire:shopping_cart:4.0.1 CVE-2009-0412 2009-02-03T15:30:00.297-05:00 2018-10-11T17:01:45.040-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BUGTRAQ 20090112 [BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below BID 33212 SECTRACK 1021557 XF interspire-classauth-security-bypass(47899) The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt. cpe:/a:roundcube:webmail:0.2 CVE-2009-0413 2009-02-03T18:30:00.967-05:00 2017-08-07T21:33:56.157-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://trac.roundcube.net/changeset/2245 BID 33372 VUPEN ADV-2009-0192 XF roundcube-html-xss(48129) FEDORA FEDORA-2009-1256 Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message. cpe:/a:tor:tor cpe:/a:tor:tor:0.0.2 cpe:/a:tor:tor:0.0.2_pre13 cpe:/a:tor:tor:0.0.2_pre14 cpe:/a:tor:tor:0.0.2_pre15 cpe:/a:tor:tor:0.0.2_pre16 cpe:/a:tor:tor:0.0.2_pre17 cpe:/a:tor:tor:0.0.2_pre18 cpe:/a:tor:tor:0.0.2_pre19 cpe:/a:tor:tor:0.0.2_pre20 cpe:/a:tor:tor:0.0.2_pre21 cpe:/a:tor:tor:0.0.2_pre22 cpe:/a:tor:tor:0.0.2_pre23 cpe:/a:tor:tor:0.0.2_pre24 cpe:/a:tor:tor:0.0.2_pre25 cpe:/a:tor:tor:0.0.2_pre26 cpe:/a:tor:tor:0.0.2_pre27 cpe:/a:tor:tor:0.0.3 cpe:/a:tor:tor:0.0.4 cpe:/a:tor:tor:0.0.5 cpe:/a:tor:tor:0.0.6 cpe:/a:tor:tor:0.0.6.1 cpe:/a:tor:tor:0.0.6.2 cpe:/a:tor:tor:0.0.7 cpe:/a:tor:tor:0.0.7.1 cpe:/a:tor:tor:0.0.7.2 cpe:/a:tor:tor:0.0.7.3 cpe:/a:tor:tor:0.0.8 cpe:/a:tor:tor:0.0.8.1 cpe:/a:tor:tor:0.0.9 cpe:/a:tor:tor:0.0.9.1 cpe:/a:tor:tor:0.0.9.2 cpe:/a:tor:tor:0.0.9.3 cpe:/a:tor:tor:0.0.9.4 cpe:/a:tor:tor:0.0.9.5 cpe:/a:tor:tor:0.0.9.6 cpe:/a:tor:tor:0.0.9.7 cpe:/a:tor:tor:0.0.9.8 cpe:/a:tor:tor:0.0.9.9 cpe:/a:tor:tor:0.0.9.10 cpe:/a:tor:tor:0.1.0.1 cpe:/a:tor:tor:0.1.0.2 cpe:/a:tor:tor:0.1.0.3 cpe:/a:tor:tor:0.1.0.4 cpe:/a:tor:tor:0.1.0.5 cpe:/a:tor:tor:0.1.0.6 cpe:/a:tor:tor:0.1.0.7 cpe:/a:tor:tor:0.1.0.8 cpe:/a:tor:tor:0.1.0.9 cpe:/a:tor:tor:0.1.0.10 cpe:/a:tor:tor:0.1.0.11 cpe:/a:tor:tor:0.1.0.12 cpe:/a:tor:tor:0.1.0.13 cpe:/a:tor:tor:0.1.0.14 cpe:/a:tor:tor:0.1.0.15 cpe:/a:tor:tor:0.1.0.16 cpe:/a:tor:tor:0.1.0.17 cpe:/a:tor:tor:0.1.0.18 cpe:/a:tor:tor:0.1.0.19 cpe:/a:tor:tor:0.1.1 cpe:/a:tor:tor:0.1.1.1 cpe:/a:tor:tor:0.1.1.1_alpha cpe:/a:tor:tor:0.1.1.2 cpe:/a:tor:tor:0.1.1.2_alpha cpe:/a:tor:tor:0.1.1.3 cpe:/a:tor:tor:0.1.1.3_alpha cpe:/a:tor:tor:0.1.1.4 cpe:/a:tor:tor:0.1.1.4_alpha cpe:/a:tor:tor:0.1.1.5 cpe:/a:tor:tor:0.1.1.5_alpha cpe:/a:tor:tor:0.1.1.6 cpe:/a:tor:tor:0.1.1.6_alpha cpe:/a:tor:tor:0.1.1.7 cpe:/a:tor:tor:0.1.1.7_alpha cpe:/a:tor:tor:0.1.1.8 cpe:/a:tor:tor:0.1.1.8_alpha cpe:/a:tor:tor:0.1.1.9 cpe:/a:tor:tor:0.1.1.9_alpha cpe:/a:tor:tor:0.1.1.10 cpe:/a:tor:tor:0.1.1.10_alpha cpe:/a:tor:tor:0.1.1.11 cpe:/a:tor:tor:0.1.1.12 cpe:/a:tor:tor:0.1.1.13 cpe:/a:tor:tor:0.1.1.14 cpe:/a:tor:tor:0.1.1.15 cpe:/a:tor:tor:0.1.1.16 cpe:/a:tor:tor:0.1.1.17 cpe:/a:tor:tor:0.1.1.18 cpe:/a:tor:tor:0.1.1.19 cpe:/a:tor:tor:0.1.1.20 cpe:/a:tor:tor:0.1.1.21 cpe:/a:tor:tor:0.1.1.22 cpe:/a:tor:tor:0.1.1.23 cpe:/a:tor:tor:0.1.1.25 cpe:/a:tor:tor:0.1.1.26 cpe:/a:tor:tor:0.1.2.1_alpha-cvs cpe:/a:tor:tor:0.1.2.3:alpha cpe:/a:tor:tor:0.1.2.4 cpe:/a:tor:tor:0.1.2.5 cpe:/a:tor:tor:0.1.2.5:alpha cpe:/a:tor:tor:0.1.2.6:alpha cpe:/a:tor:tor:0.1.2.7:alpha cpe:/a:tor:tor:0.1.2.8:beta cpe:/a:tor:tor:0.1.2.9 cpe:/a:tor:tor:0.1.2.10 cpe:/a:tor:tor:0.1.2.11 cpe:/a:tor:tor:0.1.2.12 cpe:/a:tor:tor:0.1.2.13 cpe:/a:tor:tor:0.1.2.14 cpe:/a:tor:tor:0.1.2.15 cpe:/a:tor:tor:0.1.2.16 cpe:/a:tor:tor:0.1.2.17 cpe:/a:tor:tor:0.1.2.18 cpe:/a:tor:tor:0.1.2.19 cpe:/a:tor:tor:0.1.2.30 cpe:/a:tor:tor:0.1.2.31 cpe:/a:tor:tor:0.2.0.1:alpha cpe:/a:tor:tor:0.2.0.2:alpha cpe:/a:tor:tor:0.2.0.3:alpha cpe:/a:tor:tor:0.2.0.4:alpha cpe:/a:tor:tor:0.2.0.5:alpha cpe:/a:tor:tor:0.2.0.6:alpha cpe:/a:tor:tor:0.2.0.7:alpha cpe:/a:tor:tor:0.2.0.8:alpha cpe:/a:tor:tor:0.2.0.9:alpha cpe:/a:tor:tor:0.2.0.10:alpha cpe:/a:tor:tor:0.2.0.11:alpha cpe:/a:tor:tor:0.2.0.12:alpha cpe:/a:tor:tor:0.2.0.13:alpha cpe:/a:tor:tor:0.2.0.14:alpha cpe:/a:tor:tor:0.2.0.15:alpha cpe:/a:tor:tor:0.2.0.16:alpha cpe:/a:tor:tor:0.2.0.17:alpha cpe:/a:tor:tor:0.2.0.18:alpha cpe:/a:tor:tor:0.2.0.19:alpha cpe:/a:tor:tor:0.2.0.20:alpha cpe:/a:tor:tor:0.2.0.21:alpha cpe:/a:tor:tor:0.2.0.22:alpha cpe:/a:tor:tor:0.2.0.23:alpha cpe:/a:tor:tor:0.2.0.24:alpha cpe:/a:tor:tor:0.2.0.25:alpha cpe:/a:tor:tor:0.2.0.26:alpha cpe:/a:tor:tor:0.2.0.27:alpha cpe:/a:tor:tor:0.2.0.28:alpha cpe:/a:tor:tor:0.2.0.29:alpha cpe:/a:tor:tor:0.2.0.30:alpha cpe:/a:tor:tor:0.2.0.31:alpha cpe:/a:tor:tor:0.2.0.32:alpha cpe:/a:tor:tor:0.2.1.1.1:alpha cpe:/a:tor:tor:0.2.1.1.2:alpha cpe:/a:tor:tor:0.2.1.1.3:alpha cpe:/a:tor:tor:0.2.1.1.4:alpha cpe:/a:tor:tor:0.2.1.1.5:alpha cpe:/a:tor:tor:0.2.1.1.6:alpha cpe:/a:tor:tor:0.2.1.1.7:alpha cpe:/a:tor:tor:0.2.1.1.8:alpha cpe:/a:tor:tor:0.2.1.1.9:alpha cpe:/a:tor:tor:0.2.1.1.10:alpha cpe:/a:tor:tor:0.2.1.1.11:alpha cpe:/a:tor:tor:0.2.1.1.12:alpha CVE-2009-0414 2009-02-03T18:30:01.000-05:00 2011-03-07T22:18:27.813-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MLIST [or-announce] 20090122 Tor 0.2.0.33 is released CONFIRM http://blog.torproject.org/blog/tor-0.2.0.33-stable-released GENTOO GLSA-200904-11 BID 33399 SECTRACK 1021633 VUPEN ADV-2009-0210 FEDORA FEDORA-2009-0897 Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption. cpe:/a:monkey:trickle:1.07 CVE-2009-0415 2009-02-03T18:30:01.030-05:00 2009-02-04T00:00:00.000-05:00 3.7 LOCAL HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-04T10:46:00.000-05:00 ALLOWS_OTHER_ACCESS MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456 MLIST [oss-security] 20090129 CVE Request (trickle) BID 33516 Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path. cpe:/a:standards_based_linux_instrumentation:sblim-sfcb:1.3.2 CVE-2009-0416 2009-02-03T18:30:01.047-05:00 2009-02-20T01:47:30.703-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUSE SUSE-SR:2009:004 MLIST [oss-security] 20090203 CVE Request: sblim-sfcb genSslCert.sh temp race MISC http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784 BID 33583 The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files. cpe:/a:agavi:agavi:0.11.0 cpe:/a:agavi:agavi:0.11.0:rc1 cpe:/a:agavi:agavi:0.11.0:rc2 cpe:/a:agavi:agavi:0.11.0:rc3 cpe:/a:agavi:agavi:0.11.0:rc4 cpe:/a:agavi:agavi:0.11.0:rc5 cpe:/a:agavi:agavi:0.11.0:rc6 cpe:/a:agavi:agavi:0.11.0:rc7 cpe:/a:agavi:agavi:0.11.1 cpe:/a:agavi:agavi:0.11.1:rc1 cpe:/a:agavi:agavi:0.11.1:rc2 cpe:/a:agavi:agavi:0.11.1:rc3 cpe:/a:agavi:agavi:0.11.2 cpe:/a:agavi:agavi:0.11.2:rc1 cpe:/a:agavi:agavi:0.11.2:rc2 cpe:/a:agavi:agavi:0.11.3 cpe:/a:agavi:agavi:0.11.3:rc1 cpe:/a:agavi:agavi:0.11.3:rc2 cpe:/a:agavi:agavi:0.11.4 cpe:/a:agavi:agavi:0.11.4:rc1 cpe:/a:agavi:agavi:0.11.5 cpe:/a:agavi:agavi:0.11.5:rc1 cpe:/a:agavi:agavi:0.11.6 cpe:/a:agavi:agavi:0.11.6:rc1 cpe:/a:agavi:agavi:0.11.6:rc2 cpe:/a:agavi:agavi:1.0.0:beta1 cpe:/a:agavi:agavi:1.0.0:beta2 cpe:/a:agavi:agavi:1.0.0:beta3 cpe:/a:agavi:agavi:1.0.0:beta4 cpe:/a:agavi:agavi:1.0.0:beta5 cpe:/a:agavi:agavi:1.0.0:beta6 cpe:/a:agavi:agavi:1.0.0:beta7 CVE-2009-0417 2009-02-10T02:00:20.327-05:00 2009-03-13T01:46:54.280-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://blog.agavi.org/post/75829956/agavi-0-11-6-released-fixes-vulnerability CONFIRM http://blog.agavi.org/post/75830918/agavi-1-0-0-beta-8-released-fixes-vulnerability CONFIRM http://trac.agavi.org/ticket/1019 BID 33826 Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not properly handled by web browsers that do not strictly follow RFC 3986, such as Internet Explorer 6 and 7. cpe:/o:hp:hp-ux:b.11.11 cpe:/o:hp:hp-ux:b.11.23 cpe:/o:hp:hp-ux:b.11.31 CVE-2009-0418 2009-02-04T14:30:00.547-05:00 2017-09-28T21:33:48.527-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SECTRACK 1021660 VUPEN ADV-2009-0312 The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. cpe:/a:microsoft:xml_core_services CVE-2009-0419 2009-02-04T14:30:00.563-05:00 2017-08-07T21:33:56.237-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC https://bugzilla.mozilla.org/show_bug.cgi?id=380418 XF msxml-httponly-cookie-information-disclosure(48815) Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. cpe:/a:rd-media:rd-autos:1.5.5 CVE-2009-0420 2009-02-04T19:30:00.343-05:00 2017-09-28T21:33:48.590-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33297 EXPLOIT-DB 7795 SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. cpe:/a:joomla:com_eventing:1.6 cpe:/a:joomla:com_eventing:1.6.1 cpe:/a:joomla:com_eventing:1.6.2 cpe:/a:joomla:com_eventing:1.6.3 cpe:/a:joomla:com_eventing:1.6.4 cpe:/a:joomla:com_eventing:1.6.5 CVE-2009-0421 2009-02-04T19:30:00.360-05:00 2017-09-28T21:33:48.653-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33296 XF eventing-index-sql-injection(48016) EXPLOIT-DB 7793 SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. cpe:/a:tincan:phplist:1.0 cpe:/a:tincan:phplist:1.0.1 cpe:/a:tincan:phplist:1.1.2b cpe:/a:tincan:phplist:1.1.3b cpe:/a:tincan:phplist:1.1.4b cpe:/a:tincan:phplist:1.1.5 cpe:/a:tincan:phplist:1.1.5b cpe:/a:tincan:phplist:1.1.6 cpe:/a:tincan:phplist:1.1.7 cpe:/a:tincan:phplist:1.3.5 cpe:/a:tincan:phplist:1.3.7 cpe:/a:tincan:phplist:1.4.1 cpe:/a:tincan:phplist:1.5.0 cpe:/a:tincan:phplist:1.5.1 cpe:/a:tincan:phplist:1.6.0 cpe:/a:tincan:phplist:1.6.1 cpe:/a:tincan:phplist:1.6.3 cpe:/a:tincan:phplist:1.6.4 cpe:/a:tincan:phplist:1.7.0 cpe:/a:tincan:phplist:1.7.1 cpe:/a:tincan:phplist:1.8.0 cpe:/a:tincan:phplist:1.9.0 cpe:/a:tincan:phplist:1.9.1 cpe:/a:tincan:phplist:1.9.2 cpe:/a:tincan:phplist:1.9.3 cpe:/a:tincan:phplist:2.1.0 cpe:/a:tincan:phplist:2.1.1 cpe:/a:tincan:phplist:2.1.3 cpe:/a:tincan:phplist:2.1.4 cpe:/a:tincan:phplist:2.2.0 cpe:/a:tincan:phplist:2.2.1 cpe:/a:tincan:phplist:2.3.0 cpe:/a:tincan:phplist:2.3.1 cpe:/a:tincan:phplist:2.3.2 cpe:/a:tincan:phplist:2.3.3 cpe:/a:tincan:phplist:2.3.4 cpe:/a:tincan:phplist:2.4.0 cpe:/a:tincan:phplist:2.4.7 cpe:/a:tincan:phplist:2.5.0 cpe:/a:tincan:phplist:2.5.1 cpe:/a:tincan:phplist:2.5.2 cpe:/a:tincan:phplist:2.5.3 cpe:/a:tincan:phplist:2.5.4 cpe:/a:tincan:phplist:2.5.5 cpe:/a:tincan:phplist:2.5.6 cpe:/a:tincan:phplist:2.5.7 cpe:/a:tincan:phplist:2.5.8 cpe:/a:tincan:phplist:2.6 cpe:/a:tincan:phplist:2.6.0 cpe:/a:tincan:phplist:2.6.1 cpe:/a:tincan:phplist:2.6.2 cpe:/a:tincan:phplist:2.6.3 cpe:/a:tincan:phplist:2.6.4 cpe:/a:tincan:phplist:2.6.5 cpe:/a:tincan:phplist:2.7.1 cpe:/a:tincan:phplist:2.7.2 cpe:/a:tincan:phplist:2.8.2 cpe:/a:tincan:phplist:2.8.7 cpe:/a:tincan:phplist:2.8.12 cpe:/a:tincan:phplist:2.9.3 cpe:/a:tincan:phplist:2.9.4 cpe:/a:tincan:phplist:2.9.5 cpe:/a:tincan:phplist:2.10.1 cpe:/a:tincan:phplist:2.10.2 cpe:/a:tincan:phplist:2.10.3 cpe:/a:tincan:phplist:2.10.4 cpe:/a:tincan:phplist:2.10.5 cpe:/a:tincan:phplist:2.10.6 cpe:/a:tincan:phplist:2.10.7 cpe:/a:tincan:phplist:2.10.8 CVE-2009-0422 2009-02-04T19:30:00.377-05:00 2018-10-11T17:01:45.493-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://www.bugreport.ir/index_60.htm BUGTRAQ 20090114 phpList <= 2.10.8 Local File inclusion XF phplist-indexphp-file-include(47945) EXPLOIT-DB 7778 Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php. cpe:/a:kevin_walker:php_photo_album:0.8:beta CVE-2009-0423 2009-02-04T19:30:00.407-05:00 2017-09-28T21:33:48.763-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33277 XF phpphotoalbum-index-file-include(48017) EXPLOIT-DB 7786 Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter. cpe:/a:an_guestbook:an_guestbook:0.3.1 cpe:/a:an_guestbook:an_guestbook:0.3.2 cpe:/a:an_guestbook:an_guestbook:0.3.3 cpe:/a:an_guestbook:an_guestbook:0.3.4 cpe:/a:an_guestbook:an_guestbook:0.3.5 cpe:/a:an_guestbook:an_guestbook:0.4 cpe:/a:an_guestbook:an_guestbook:0.4.1 cpe:/a:an_guestbook:an_guestbook:0.4.5 cpe:/a:an_guestbook:an_guestbook:0.5 cpe:/a:an_guestbook:an_guestbook:0.6 cpe:/a:an_guestbook:an_guestbook:0.7 cpe:/a:an_guestbook:an_guestbook:0.7.1 cpe:/a:an_guestbook:an_guestbook:0.7.5 cpe:/a:an_guestbook:an_guestbook:0.7.6 cpe:/a:an_guestbook:an_guestbook:1.0 cpe:/a:an_guestbook:an_guestbook:1.1 cpe:/a:an_guestbook:an_guestbook:1.2 cpe:/a:an_guestbook:an_guestbook:1.5 cpe:/a:an_guestbook:an_guestbook:2.0 cpe:/a:an_guestbook:an_guestbook:2.1 cpe:/a:an_guestbook:an_guestbook:2.2 cpe:/a:an_guestbook:an_guestbook:2.2a cpe:/a:an_guestbook:an_guestbook:3.0 CVE-2009-0424 2009-02-04T19:30:00.420-05:00 2017-08-07T21:33:56.470-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://sourceforge.net/forum/forum.php?forum_id=907703 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=653720 BID 33292 XF anguestbook-sign1-xss(48018) Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) administrator/trash.php. NOTE: some of these details are obtained from third party information. cpe:/a:blue_eye_cms:blue_eye_cms:1.0.0 CVE-2009-0425 2009-02-04T19:30:00.437-05:00 2017-09-28T21:33:48.810-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33303 EXPLOIT-DB 7797 SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the clanek parameter. cpe:/a:dmxready:classified_listings_manager:1.1 CVE-2009-0426 2009-02-04T19:30:00.453-05:00 2017-10-18T21:30:17.287-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33253 XF classifieds-uploadimage-sql-injection(47959) EXPLOIT-DB 7767 SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. cpe:/a:dmxready:member_directory_manager:1.1 CVE-2009-0427 2009-02-04T19:30:00.467-05:00 2017-10-18T21:30:17.333-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://dmxready.helpserve.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=93 CONFIRM http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12 BID 33253 XF memberdirectory-uploadimage-sql-injection(47960) EXPLOIT-DB 7773 SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. cpe:/a:dmxready:secure_document_library:1.0 cpe:/a:dmxready:secure_document_library:1.1 CVE-2009-0428 2009-02-04T19:30:00.500-05:00 2017-10-18T21:30:17.440-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://dmxready.helpserve.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=93 CONFIRM http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12 BID 33253 XF securedocumentlibrary-uploadimage-sql-inj(48013) EXPLOIT-DB 7787 SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. cpe:/a:activewebsoftwares:active_bids CVE-2009-0429 2009-02-04T19:30:00.517-05:00 2018-10-11T17:01:46.137-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BUGTRAQ 20090116 Active Bids BID 33306 Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php. cpe:/a:activewebsoftwares:active_bids CVE-2009-0430 2009-02-04T19:30:00.530-05:00 2018-10-11T17:01:46.323-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090116 Active Bids BID 33306 Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp. cpe:/a:codefixer:linkspro:_nil_:_nil_:standard CVE-2009-0431 2009-02-04T19:30:00.547-05:00 2009-02-05T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-05T13:34:00.000-05:00 ALLOWS_OTHER_ACCESS MISC http://packetstormsecurity.org/0901-exploits/linkspro-sql.txt BID 33305 SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter. cpe:/a:ibm:websphere_application_server:6.1.0.1 cpe:/a:ibm:websphere_application_server:6.1.0.2 cpe:/a:ibm:websphere_application_server:6.1.0.3 cpe:/a:ibm:websphere_application_server:6.1.0.5 cpe:/a:ibm:websphere_application_server:6.1.0.7 cpe:/a:ibm:websphere_application_server:6.1.0.9 cpe:/a:ibm:websphere_application_server:6.1.0.11 cpe:/a:ibm:websphere_application_server:6.1.0.13 cpe:/a:ibm:websphere_application_server:6.1.0.15 cpe:/a:ibm:websphere_application_server:6.1.0.17 CVE-2009-0432 2009-02-10T17:30:00.407-05:00 2017-08-07T21:33:56.673-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov BID 33700 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27007951 XF websphere-file-transfer-info-disclosure(48522) The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors. cpe:/a:ibm:websphere_application_server:5.1.0 cpe:/a:ibm:websphere_application_server:5.1.0.2 cpe:/a:ibm:websphere_application_server:5.1.0.3 cpe:/a:ibm:websphere_application_server:5.1.0.4 cpe:/a:ibm:websphere_application_server:5.1.0.5 cpe:/a:ibm:websphere_application_server:5.1.1 cpe:/a:ibm:websphere_application_server:5.1.1.1 cpe:/a:ibm:websphere_application_server:5.1.1.10 cpe:/a:ibm:websphere_application_server:5.1.1.11 cpe:/a:ibm:websphere_application_server:5.1.1.12 cpe:/a:ibm:websphere_application_server:5.1.1.13 cpe:/a:ibm:websphere_application_server:5.1.1.14 cpe:/a:ibm:websphere_application_server:5.1.1.15 cpe:/a:ibm:websphere_application_server:5.1.1.16 cpe:/a:ibm:websphere_application_server:5.1.1.17 cpe:/a:ibm:websphere_application_server:5.1.1.18 cpe:/a:ibm:websphere_application_server:5.1.1.19 cpe:/a:ibm:websphere_application_server:6.0 cpe:/a:ibm:websphere_application_server:6.0.0.1 cpe:/a:ibm:websphere_application_server:6.0.0.2 cpe:/a:ibm:websphere_application_server:6.0.0.3 cpe:/a:ibm:websphere_application_server:6.0.1 cpe:/a:ibm:websphere_application_server:6.0.1.1 cpe:/a:ibm:websphere_application_server:6.0.1.2 cpe:/a:ibm:websphere_application_server:6.0.1.3 cpe:/a:ibm:websphere_application_server:6.0.1.5 cpe:/a:ibm:websphere_application_server:6.0.1.7 cpe:/a:ibm:websphere_application_server:6.0.1.9 cpe:/a:ibm:websphere_application_server:6.0.1.11 cpe:/a:ibm:websphere_application_server:6.0.1.13 cpe:/a:ibm:websphere_application_server:6.0.1.15 cpe:/a:ibm:websphere_application_server:6.0.1.17 cpe:/a:ibm:websphere_application_server:6.0.2 cpe:/a:ibm:websphere_application_server:6.0.2.1 cpe:/a:ibm:websphere_application_server:6.0.2.2 cpe:/a:ibm:websphere_application_server:6.0.2.3 cpe:/a:ibm:websphere_application_server:6.0.2.4 cpe:/a:ibm:websphere_application_server:6.0.2.5 cpe:/a:ibm:websphere_application_server:6.0.2.6 cpe:/a:ibm:websphere_application_server:6.0.2.7 cpe:/a:ibm:websphere_application_server:6.0.2.9 cpe:/a:ibm:websphere_application_server:6.0.2.11 cpe:/a:ibm:websphere_application_server:6.0.2.13 cpe:/a:ibm:websphere_application_server:6.0.2.15 cpe:/a:ibm:websphere_application_server:6.0.2.17 cpe:/a:ibm:websphere_application_server:6.0.2.19 cpe:/a:ibm:websphere_application_server:6.0.2.22 cpe:/a:ibm:websphere_application_server:6.0.2.23 cpe:/a:ibm:websphere_application_server:6.0.2.24 cpe:/a:ibm:websphere_application_server:6.0.2.25 cpe:/a:ibm:websphere_application_server:6.0.2.27 cpe:/a:ibm:websphere_application_server:6.0.2.28 cpe:/a:ibm:websphere_application_server:6.1 cpe:/a:ibm:websphere_application_server:6.1.0 cpe:/a:ibm:websphere_application_server:6.1.0.0 cpe:/a:ibm:websphere_application_server:6.1.0.1 cpe:/a:ibm:websphere_application_server:6.1.0.2 cpe:/a:ibm:websphere_application_server:6.1.0.3 cpe:/a:ibm:websphere_application_server:6.1.0.4 cpe:/a:ibm:websphere_application_server:6.1.0.5 cpe:/a:ibm:websphere_application_server:6.1.0.6 cpe:/a:ibm:websphere_application_server:6.1.0.7 cpe:/a:ibm:websphere_application_server:6.1.0.8 cpe:/a:ibm:websphere_application_server:6.1.0.9 cpe:/a:ibm:websphere_application_server:6.1.0.10 cpe:/a:ibm:websphere_application_server:6.1.0.11 cpe:/a:ibm:websphere_application_server:6.1.0.12 cpe:/a:ibm:websphere_application_server:6.1.0.13 cpe:/a:ibm:websphere_application_server:6.1.0.14 cpe:/a:ibm:websphere_application_server:6.1.0.15 cpe:/a:ibm:websphere_application_server:6.1.0.16 cpe:/a:ibm:websphere_application_server:6.1.0.17 cpe:/a:ibm:websphere_application_server:6.1.0.18 CVE-2009-0433 2009-02-10T17:30:00.437-05:00 2017-08-07T21:33:56.750-04:00 2.6 NETWORK HIGH NONE NONE NONE PARTIAL http://nvd.nist.gov BID 33700 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27006879 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27007033 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27007951 AIXAPAR PK63499 XF websphere-server-plugin-dos(48523) Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down. cpe:/a:ibm:websphere_application_server:6.0 cpe:/a:ibm:websphere_application_server:6.0.0.1 cpe:/a:ibm:websphere_application_server:6.0.0.2 cpe:/a:ibm:websphere_application_server:6.0.0.3 cpe:/a:ibm:websphere_application_server:6.0.1 cpe:/a:ibm:websphere_application_server:6.0.1.1 cpe:/a:ibm:websphere_application_server:6.0.1.2 cpe:/a:ibm:websphere_application_server:6.0.1.3 cpe:/a:ibm:websphere_application_server:6.0.1.5 cpe:/a:ibm:websphere_application_server:6.0.1.7 cpe:/a:ibm:websphere_application_server:6.0.1.9 cpe:/a:ibm:websphere_application_server:6.0.1.11 cpe:/a:ibm:websphere_application_server:6.0.1.13 cpe:/a:ibm:websphere_application_server:6.0.1.15 cpe:/a:ibm:websphere_application_server:6.0.1.17 cpe:/a:ibm:websphere_application_server:6.0.2 cpe:/a:ibm:websphere_application_server:6.0.2.1 cpe:/a:ibm:websphere_application_server:6.0.2.2 cpe:/a:ibm:websphere_application_server:6.0.2.3 cpe:/a:ibm:websphere_application_server:6.0.2.4 cpe:/a:ibm:websphere_application_server:6.0.2.5 cpe:/a:ibm:websphere_application_server:6.0.2.6 cpe:/a:ibm:websphere_application_server:6.0.2.7 cpe:/a:ibm:websphere_application_server:6.0.2.9 cpe:/a:ibm:websphere_application_server:6.0.2.11 cpe:/a:ibm:websphere_application_server:6.0.2.13 cpe:/a:ibm:websphere_application_server:6.0.2.15 cpe:/a:ibm:websphere_application_server:6.0.2.17 cpe:/a:ibm:websphere_application_server:6.0.2.19 cpe:/a:ibm:websphere_application_server:6.0.2.22 cpe:/a:ibm:websphere_application_server:6.0.2.23 cpe:/a:ibm:websphere_application_server:6.0.2.24 cpe:/a:ibm:websphere_application_server:6.0.2.25 cpe:/a:ibm:websphere_application_server:6.0.2.27 cpe:/a:ibm:websphere_application_server:6.0.2.28 cpe:/a:ibm:websphere_application_server:6.0.2.29 cpe:/a:ibm:websphere_application_server:6.0.2.30 cpe:/a:ibm:websphere_application_server:6.0.2.31 cpe:/a:ibm:websphere_application_server:6.1 cpe:/a:ibm:websphere_application_server:6.1.0 cpe:/a:ibm:websphere_application_server:6.1.0.0 cpe:/a:ibm:websphere_application_server:6.1.0.1 cpe:/a:ibm:websphere_application_server:6.1.0.2 cpe:/a:ibm:websphere_application_server:6.1.0.10 cpe:/a:ibm:websphere_application_server:6.1.0.11 cpe:/a:ibm:websphere_application_server:6.1.0.12 cpe:/a:ibm:websphere_application_server:6.1.0.13 cpe:/a:ibm:websphere_application_server:6.1.0.14 cpe:/a:ibm:websphere_application_server:6.1.0.15 cpe:/a:ibm:websphere_application_server:6.1.0.16 cpe:/a:ibm:websphere_application_server:6.1.0.17 cpe:/a:ibm:websphere_application_server:6.1.0.18 cpe:/a:ibm:websphere_application_server:6.1.0.19 cpe:/a:ibm:websphere_application_server:6.1.0.20 cpe:/a:ibm:websphere_application_server:6.1.0.21 cpe:/a:ibm:websphere_application_server:7.0 CVE-2009-0434 2009-02-10T17:30:00.453-05:00 2017-08-07T21:33:56.813-04:00 1.9 LOCAL MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov BID 33700 VUPEN ADV-2009-0423 MISC http://www-01.ibm.com/support/docview.wss?uid=swg27006876 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27007951 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27014463 AIXAPAR PK79230 XF websphere-pmi-information-disclosure(48524) PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413. cpe:/a:ibm:websphere_application_server:6.1.0 cpe:/a:ibm:websphere_application_server:6.1.0.0 cpe:/a:ibm:websphere_application_server:6.1.0.1 cpe:/a:ibm:websphere_application_server:6.1.0.2 cpe:/a:ibm:websphere_application_server:6.1.0.3 cpe:/a:ibm:websphere_application_server:6.1.0.4 cpe:/a:ibm:websphere_application_server:6.1.0.5 cpe:/a:ibm:websphere_application_server:6.1.0.6 cpe:/a:ibm:websphere_application_server:6.1.0.7 cpe:/a:ibm:websphere_application_server:6.1.0.8 cpe:/a:ibm:websphere_application_server:6.1.0.9 cpe:/a:ibm:websphere_application_server:6.1.0.10 cpe:/a:ibm:websphere_application_server:6.1.0.11 cpe:/a:ibm:websphere_application_server:6.1.0.12 cpe:/a:ibm:websphere_application_server:6.1.0.13 cpe:/a:ibm:websphere_application_server:6.1.0.14 cpe:/a:ibm:websphere_application_server:6.1.0.15 cpe:/a:ibm:websphere_application_server:6.1.0.16 cpe:/a:ibm:websphere_application_server:6.1.1 cpe:/a:ibm:websphere_application_server:6.1.3 cpe:/a:ibm:websphere_application_server:6.1.5 cpe:/a:ibm:websphere_application_server:6.1.6 cpe:/a:ibm:websphere_application_server:6.1.7 cpe:/a:ibm:websphere_application_server:6.1.13 cpe:/a:ibm:websphere_application_server:6.1.14 CVE-2009-0435 2009-02-10T17:30:00.467-05:00 2017-08-07T21:33:56.877-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov BID 33700 AIXAPAR PK64529 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27007951 XF websphere-libibmaio-dos(48525) Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods. cpe:/a:ibm:websphere_application_server:6.0 cpe:/a:ibm:websphere_application_server:6.0.0.1 cpe:/a:ibm:websphere_application_server:6.0.0.2 cpe:/a:ibm:websphere_application_server:6.0.0.3 cpe:/a:ibm:websphere_application_server:6.0.1 cpe:/a:ibm:websphere_application_server:6.0.1.1 cpe:/a:ibm:websphere_application_server:6.0.1.2 cpe:/a:ibm:websphere_application_server:6.0.1.3 cpe:/a:ibm:websphere_application_server:6.0.1.5 cpe:/a:ibm:websphere_application_server:6.0.1.7 cpe:/a:ibm:websphere_application_server:6.0.1.9 cpe:/a:ibm:websphere_application_server:6.0.1.11 cpe:/a:ibm:websphere_application_server:6.0.1.13 cpe:/a:ibm:websphere_application_server:6.0.1.15 cpe:/a:ibm:websphere_application_server:6.0.1.17 cpe:/a:ibm:websphere_application_server:6.0.2 cpe:/a:ibm:websphere_application_server:6.0.2.1 cpe:/a:ibm:websphere_application_server:6.0.2.2 cpe:/a:ibm:websphere_application_server:6.0.2.3 cpe:/a:ibm:websphere_application_server:6.0.2.4 cpe:/a:ibm:websphere_application_server:6.0.2.5 cpe:/a:ibm:websphere_application_server:6.0.2.6 cpe:/a:ibm:websphere_application_server:6.0.2.7 cpe:/a:ibm:websphere_application_server:6.0.2.9 cpe:/a:ibm:websphere_application_server:6.0.2.11 cpe:/a:ibm:websphere_application_server:6.0.2.13 cpe:/a:ibm:websphere_application_server:6.0.2.15 cpe:/a:ibm:websphere_application_server:6.0.2.17 cpe:/a:ibm:websphere_application_server:6.0.2.19 cpe:/a:ibm:websphere_application_server:6.0.2.22 cpe:/a:ibm:websphere_application_server:6.0.2.23 cpe:/a:ibm:websphere_application_server:6.0.2.24 cpe:/a:ibm:websphere_application_server:6.0.2.25 cpe:/a:ibm:websphere_application_server:6.0.2.27 cpe:/a:ibm:websphere_application_server:6.0.2.28 cpe:/a:ibm:websphere_application_server:6.0.2.29 cpe:/a:ibm:websphere_application_server:6.0.2.30 cpe:/a:ibm:websphere_application_server:6.1 cpe:/a:ibm:websphere_application_server:6.1.0 cpe:/a:ibm:websphere_application_server:6.1.0.0 cpe:/a:ibm:websphere_application_server:6.1.0.1 cpe:/a:ibm:websphere_application_server:6.1.0.2 cpe:/a:ibm:websphere_application_server:6.1.0.3 cpe:/a:ibm:websphere_application_server:6.1.0.4 cpe:/a:ibm:websphere_application_server:6.1.0.5 cpe:/a:ibm:websphere_application_server:6.1.0.6 cpe:/a:ibm:websphere_application_server:6.1.0.7 cpe:/a:ibm:websphere_application_server:6.1.0.8 cpe:/a:ibm:websphere_application_server:6.1.0.9 cpe:/a:ibm:websphere_application_server:6.1.0.10 cpe:/a:ibm:websphere_application_server:6.1.0.11 cpe:/a:ibm:websphere_application_server:6.1.0.12 cpe:/a:ibm:websphere_application_server:6.1.0.13 cpe:/a:ibm:websphere_application_server:6.1.0.14 cpe:/a:ibm:websphere_application_server:6.1.0.15 cpe:/a:ibm:websphere_application_server:6.1.0.16 cpe:/a:ibm:websphere_application_server:6.1.0.17 cpe:/a:ibm:websphere_application_server:6.1.0.18 cpe:/a:ibm:websphere_application_server:6.1.13 CVE-2009-0436 2009-02-10T17:30:00.500-05:00 2017-08-07T21:33:56.937-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33700 MISC http://www-01.ibm.com/support/docview.wss?uid=swg27006876 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27007033 MISC http://www-01.ibm.com/support/docview.wss?uid=swg27007951 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27008517 XF websphere-http-afunix-incorrect-permissions(48526) The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors. cpe:/a:ibm:websphere_application_server:6.0.2 CVE-2009-0437 2009-02-10T17:30:00.517-05:00 2017-08-07T21:33:57.000-04:00 1.9 LOCAL MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov BID 33849 XF websphere-install-log-info-disclosure(48527) The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file. cpe:/a:ibm:websphere_application_server:7.0 CVE-2009-0438 2009-02-10T17:30:00.530-05:00 2017-08-07T21:33:57.080-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov BID 33700 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27014463 XF websphere-jsp-win-information-disclosure(48528) IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. cpe:/a:ibm:websphere_mq:5.3 cpe:/a:ibm:websphere_mq:5.3:-:express cpe:/a:ibm:websphere_mq:5.3.1 cpe:/a:ibm:websphere_mq:6.0.0.0 cpe:/a:ibm:websphere_mq:6.0.1.0 cpe:/a:ibm:websphere_mq:6.0.1.1 cpe:/a:ibm:websphere_mq:6.0.2.0 cpe:/a:ibm:websphere_mq:6.0.2.1 cpe:/a:ibm:websphere_mq:6.0.2.2 cpe:/a:ibm:websphere_mq:6.0.2.3 cpe:/a:ibm:websphere_mq:6.0.2.4 cpe:/a:ibm:websphere_mq:7.0 cpe:/a:ibm:websphere_mq:7.0.0.1 CVE-2009-0439 2009-02-24T12:30:00.420-05:00 2017-08-07T21:33:57.140-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33857 MISC http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037 XF websphere-mq-privilege-escalation(48529) Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. cpe:/a:ibm:websphere_partner_gateway:6.0.0 cpe:/a:ibm:websphere_partner_gateway:6.0.0.1 cpe:/a:ibm:websphere_partner_gateway:6.0.0.2 cpe:/a:ibm:websphere_partner_gateway:6.0.0.3 cpe:/a:ibm:websphere_partner_gateway:6.0.0.4 cpe:/a:ibm:websphere_partner_gateway:6.0.0.5 cpe:/a:ibm:websphere_partner_gateway:6.0.0.6 cpe:/a:ibm:websphere_partner_gateway:6.0.0.7 CVE-2009-0440 2009-02-22T17:30:00.843-05:00 2017-08-07T21:33:57.220-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33839 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21330341 AIXAPAR JR31231 XF websphere-pgateway-rnif-signatures(48530) IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." cpe:/a:technote:technote:7.2 CVE-2009-0441 2009-02-10T02:00:22.780-05:00 2017-09-28T21:33:48.873-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33592 EXPLOIT-DB 7965 PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138. cpe:/a:phpbbbook:phpbbbook:1.3 cpe:/a:phpbbbook:phpbbbook:1.3h CVE-2009-0442 2009-02-10T02:00:22.827-05:00 2017-09-28T21:33:48.917-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33603 VUPEN ADV-2009-0317 EXPLOIT-DB 7980 Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and 1.3h allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter. cpe:/a:elecard:elecard_avc_hd_player:5.5.90116 CVE-2009-0443 2009-02-10T02:00:22.877-05:00 2017-09-28T21:33:48.980-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33089 EXPLOIT-DB 7942 Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL. cpe:/a:sirini:grboard:1.8 CVE-2009-0444 2009-02-10T02:00:22.953-05:00 2017-09-28T21:33:49.043-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33602 EXPLOIT-DB 7979 Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) 179_squarebox_pds_list/view.php, (b) 179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d) 179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k) 179_simplebar_notice/view.php, (l) 179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php, and (n) 179_simplebar_basic/view.php in theme/; the (2) path parameter to (o) latest/sirini_gallery_latest/list.php; and the (3) grboard parameter to (p) include.php and (q) form_mail.php. cpe:/a:dreampics:gallery_builder:- CVE-2009-0445 2009-02-10T02:00:23.077-05:00 2017-09-28T21:33:49.107-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33596 XF dreampics-exhibitionid-sql-injection(48468) EXPLOIT-DB 7968 EXPLOIT-DB 9451 SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action. cpe:/a:web-album:webalbum:2.4b CVE-2009-0446 2009-02-10T02:00:23.170-05:00 2017-09-28T21:33:49.153-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33590 EXPLOIT-DB 7961 SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:aspindir:mydesign_sayac:2.0 CVE-2009-0447 2009-02-10T02:00:23.280-05:00 2017-09-28T21:33:49.217-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33593 EXPLOIT-DB 7963 Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information. cpe:/a:syntax_desktop:syntax_desktop:2.7 CVE-2009-0448 2009-02-10T02:00:23.390-05:00 2017-09-28T21:33:49.263-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33601 VUPEN ADV-2009-0319 XF syntax-desktop-preview-file-include(48496) EXPLOIT-DB 7977 Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the synTarget parameter. cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0::workstations cpe:/a:kaspersky_lab:kaspersky_anti-virus:2008 CVE-2009-0449 2009-02-10T02:00:23.500-05:00 2018-10-11T17:01:46.527-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip MISC http://www.reversemode.com/index.php?option=com_content&task=view&id=60&Itemid=1 BUGTRAQ 20090202 [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation BID 33561 SECTRACK 1021661 MISC http://www.wintercore.com/advisories/advisory_W020209.html Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call. cpe:/a:blazevideo:hdtv_player:2.1 cpe:/a:blazevideo:hdtv_player:3.5 CVE-2009-0450 2009-02-10T02:00:23.610-05:00 2017-09-28T21:33:49.327-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33588 XF blazevideo-hdtv-plf-bo(48498) EXPLOIT-DB 7975 Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file. cpe:/a:skalinks:skalinks:1.5 CVE-2009-0451 2009-02-10T02:00:23.687-05:00 2017-09-28T21:33:49.373-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33546 EXPLOIT-DB 7932 SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote attackers to execute arbitrary SQL commands via the Admin name field to the default URI under admin/. cpe:/a:onlinegrades:online_grades:3.2.4 CVE-2009-0452 2009-02-10T02:00:23.750-05:00 2017-09-28T21:33:49.450-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33576 EXPLOIT-DB 7956 Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter. cpe:/a:onlinegrades:online_grades:3.2.4 CVE-2009-0453 2009-02-10T02:00:23.813-05:00 2017-09-28T21:33:49.497-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov EXPLOIT-DB 7956 Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. cpe:/a:dmxready:online_notebook_manager:1.1 CVE-2009-0454 2009-02-10T02:00:23.860-05:00 2017-09-28T21:33:49.543-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33600 XF onm-login-sql-injection(48503) EXPLOIT-DB 7970 Multiple SQL injection vulnerabilities in DMXReady Online Notebook Manager 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. NOTE: some third parties report inability to verify this issue. cpe:/a:glfusion:glfusion:1.1.0 cpe:/a:glfusion:glfusion:1.1.1 CVE-2009-0455 2009-02-10T19:30:02.860-05:00 2017-08-07T21:33:57.500-04:00 2.6 NETWORK HIGH NONE NONE PARTIAL NONE http://nvd.nist.gov MISC http://www.fortconsult.net/images/pdf/advisories/glFusion-xss-advisory.pdf CONFIRM http://www.glfusion.org/article.php/xsscomments BID 33683 XF glfusion-libcomment-xss(48603) Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php. cpe:/a:sourdough:sourdough:0.3.5 CVE-2009-0456 2009-02-10T02:00:23.907-05:00 2017-09-28T21:33:49.607-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33569 EXPLOIT-DB 7946 PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter. cpe:/a:magtrb:aja_portal:1.2 CVE-2009-0457 2009-02-10T02:00:23.967-05:00 2017-09-28T21:33:49.667-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33565 EXPLOIT-DB 7939 Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module. cpe:/a:wholehogsoftware:ware_support:1.0 CVE-2009-0458 2009-02-10T02:00:24.017-05:00 2017-10-18T21:30:17.537-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33564 EXPLOIT-DB 7940 Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. cpe:/a:wholehogsoftware:password_protect:1.0 CVE-2009-0459 2009-02-10T02:00:24.063-05:00 2017-10-18T21:30:17.833-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33564 EXPLOIT-DB 7941 Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. cpe:/a:wholehogsoftware:ware_support:1.0 CVE-2009-0460 2009-02-10T02:00:24.203-05:00 2017-10-18T21:30:17.940-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33577 EXPLOIT-DB 7951 Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. cpe:/a:wholehogsoftware:password_protect:1.0 CVE-2009-0461 2009-02-10T02:00:24.327-05:00 2017-10-18T21:30:18.130-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33577 EXPLOIT-DB 7952 Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. cpe:/a:clicktech:clickcart:6.0 CVE-2009-0462 2009-02-10T02:00:24.360-05:00 2017-09-28T21:33:49.717-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33575 EXPLOIT-DB 7953 Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information. cpe:/a:groonesworld:glinks:2.1 CVE-2009-0463 2009-02-10T02:00:24.437-05:00 2017-09-28T21:33:49.777-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33578 EXPLOIT-DB 7954 PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. cpe:/a:groonesworld:gbook:2.0 CVE-2009-0464 2009-02-10T02:00:24.483-05:00 2017-09-28T21:33:49.840-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33578 EXPLOIT-DB 7955 PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. cpe:/a:synactis:all_in_the_box.ocx:3 CVE-2009-0465 2009-02-10T02:00:24.530-05:00 2017-09-28T21:33:49.887-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://www.dsecrg.com/pages/vul/show.php?id=62 BID 33535 VUPEN ADV-2009-0298 EXPLOIT-DB 7928 The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument. cpe:/a:vivvo:vivvo:4.0.1 cpe:/a:vivvo:vivvo:4.0.2 cpe:/a:vivvo:vivvo:4.0.3 cpe:/a:vivvo:vivvo:4.0.4 cpe:/a:vivvo:vivvo:4.1.0 CVE-2009-0466 2009-02-10T02:00:24.610-05:00 2009-03-06T01:49:50.377-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33582 CONFIRM http://www.vivvo.net/changelog.php Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response. cpe:/a:armorlogic:profense_web_application_firewall:2.6.2 cpe:/a:armorlogic:profense_web_application_firewall:2.6.3 CVE-2009-0467 2009-02-10T02:00:24.670-05:00 2017-09-28T21:33:49.950-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33523 EXPLOIT-DB 7919 Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action. cpe:/a:armorlogic:profense_web_application_firewall:2.6.2 cpe:/a:armorlogic:profense_web_application_firewall:2.6.3 CVE-2009-0468 2009-02-10T02:00:24.767-05:00 2017-09-28T21:33:50.013-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33523 EXPLOIT-DB 7919 Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string. cpe:/a:futomis_cgi_cafe:fulltext_search_cgi:1.1.2 CVE-2009-0469 2009-02-10T02:00:24.860-05:00 2009-03-13T01:47:00.953-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS JVN JVN#80771386 JVNDB JVNDB-2009-000008 CONFIRM http://www.futomi.com/library/info/2009/20090123.html BID 33409 Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors. cpe:/o:cisco:ios:12.4%2823%29 CVE-2009-0470 2009-02-06T14:30:00.530-05:00 2018-10-11T17:01:47.040-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090204 Cisco IOS XSS/CSRF Vulnerability BID 33625 Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. cpe:/o:cisco:ios:12.4%2823%29 CVE-2009-0471 2009-02-06T14:30:00.547-05:00 2018-10-11T17:01:47.387-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BUGTRAQ 20090204 Cisco IOS XSS/CSRF Vulnerability Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. cpe:/a:rockwellautomation:controllogix_1756-enbt%2fa_ethernet%2f_ip_bridge:- CVE-2009-0472 2009-02-06T14:30:00.563-05:00 2011-03-07T22:18:33.470-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 CERT-VN VU#882619 BID 33638 VUPEN ADV-2009-0347 Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:rockwellautomation:controllogix_1756-enbt%2fa_ethernet%2f_ip_bridge:- CVE-2009-0473 2009-02-06T14:30:00.593-05:00 2011-03-07T22:18:33.563-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 CERT-VN VU#619499 BID 33636 VUPEN ADV-2009-0347 Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. cpe:/a:rockwellautomation:controllogix_1756-enbt%2fa_ethernet%2f_ip_bridge:- CVE-2009-0474 2009-02-06T14:30:00.610-05:00 2011-03-07T22:18:33.673-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 CERT-VN VU#124059 CONFIRM http://www.kb.cert.org/vuls/id/RGII-7MWKZ3 VUPEN ADV-2009-0347 The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603. cpe:/a:android:opencore:2.0 CVE-2009-0475 2009-02-10T19:30:02.920-05:00 2018-10-11T17:01:47.917-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://android.git.kernel.org/?p=platform/external/opencore.git;a=commit;h=7b466cd0ecfdba72c4cbd0f3a8c2001141376b0f CONFIRM http://review.source.android.com/Gerrit#change,8815 MISC http://www.ocert.org/advisories/ocert-2009-002.html BUGTRAQ 20090207 [oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding BID 33673 Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption. cpe:/a:multimediasoft:audio_dj_studio_for_.net:- cpe:/a:multimediasoft:audio_sound_editer_for_.net:- cpe:/a:multimediasoft:audio_sound_recorder_for_.net:- cpe:/a:multimediasoft:audio_sound_studio_for_.net:- cpe:/a:multimediasoft:audio_sound_suite_for_.net:- CVE-2009-0476 2009-02-08T16:30:09.827-05:00 2018-10-11T17:01:48.540-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090203 Euphonics Audio Player v1.0 (.pls) Local BOF POC BID 33589 VUPEN ADV-2009-0316 EXPLOIT-DB 7958 EXPLOIT-DB 7973 EXPLOIT-DB 7974 Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information. cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 CVE-2009-0477 2009-02-08T16:30:09.843-05:00 2011-03-07T22:18:33.987-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUNALERT 244026 MISC http://www.ioactive.com/pdfs/OpenSolarisUPtrDeref.pdf BID 33654 VUPEN ADV-2009-0352 Unspecified vulnerability in the process (aka proc) filesystem in Sun OpenSolaris snv_85 through snv_100 allows local users to gain privileges via vectors related to the contract filesystem. cpe:/a:squid:squid:2.7.stable1 cpe:/a:squid:squid:2.7.stable2 cpe:/a:squid:squid:2.7.stable3 cpe:/a:squid:squid:2.7.stable4 cpe:/a:squid:squid:2.7.stable5 cpe:/a:squid:squid:3.0.stable1 cpe:/a:squid:squid:3.0.stable2 cpe:/a:squid:squid:3.0.stable3 cpe:/a:squid:squid:3.0.stable4 cpe:/a:squid:squid:3.0.stable5 cpe:/a:squid:squid:3.0.stable6 cpe:/a:squid:squid:3.0.stable7 cpe:/a:squid:squid:3.0.stable8 cpe:/a:squid:squid:3.0.stable9 cpe:/a:squid:squid:3.0.stable10 cpe:/a:squid:squid:3.0.stable11 cpe:/a:squid:squid:3.0.stable12 cpe:/a:squid:squid:3.1 cpe:/a:squid:squid:3.1.0.1 cpe:/a:squid:squid:3.1.0.2 cpe:/a:squid:squid:3.1.0.3 cpe:/a:squid:squid:3.1.0.4 CVE-2009-0478 2009-02-08T17:30:00.360-05:00 2018-10-11T17:01:49.527-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov SUSE SUSE-SR:2009:005 GENTOO GLSA-200903-38 MANDRIVA MDVSA-2009:034 BUGTRAQ 20090204 Squid Proxy Cache Denial of Service in request handling BID 33604 SECTRACK 1021684 CONFIRM http://www.squid-cache.org/Advisories/SQUID-2009_1.txt CONFIRM http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=484246 EXPLOIT-DB 8021 Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. cpe:/a:onlinegrades:online_grades:3.2.4 CVE-2009-0479 2009-02-08T20:30:00.203-05:00 2009-02-09T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-09T15:17:00.000-05:00 Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/o:sun:opensolaris:snv_01::sparc cpe:/o:sun:opensolaris:snv_01::x86 cpe:/o:sun:opensolaris:snv_02::sparc cpe:/o:sun:opensolaris:snv_02::x86 cpe:/o:sun:opensolaris:snv_03::sparc cpe:/o:sun:opensolaris:snv_03::x86 cpe:/o:sun:opensolaris:snv_04::sparc cpe:/o:sun:opensolaris:snv_04::x86 cpe:/o:sun:opensolaris:snv_05::sparc cpe:/o:sun:opensolaris:snv_05::x86 cpe:/o:sun:opensolaris:snv_06::sparc cpe:/o:sun:opensolaris:snv_06::x86 cpe:/o:sun:opensolaris:snv_07::sparc cpe:/o:sun:opensolaris:snv_07::x86 cpe:/o:sun:opensolaris:snv_08::sparc cpe:/o:sun:opensolaris:snv_08::x86 cpe:/o:sun:opensolaris:snv_09::sparc cpe:/o:sun:opensolaris:snv_09::x86 cpe:/o:sun:opensolaris:snv_10::sparc cpe:/o:sun:opensolaris:snv_10::x86 cpe:/o:sun:opensolaris:snv_11::sparc cpe:/o:sun:opensolaris:snv_11::x86 cpe:/o:sun:opensolaris:snv_12::sparc cpe:/o:sun:opensolaris:snv_12::x86 cpe:/o:sun:opensolaris:snv_13::sparc cpe:/o:sun:opensolaris:snv_13::x86 cpe:/o:sun:opensolaris:snv_14::sparc cpe:/o:sun:opensolaris:snv_14::x86 cpe:/o:sun:opensolaris:snv_15::sparc cpe:/o:sun:opensolaris:snv_15::x86 cpe:/o:sun:opensolaris:snv_16::sparc cpe:/o:sun:opensolaris:snv_16::x86 cpe:/o:sun:opensolaris:snv_17::sparc cpe:/o:sun:opensolaris:snv_17::x86 cpe:/o:sun:opensolaris:snv_18::sparc cpe:/o:sun:opensolaris:snv_18::x86 cpe:/o:sun:opensolaris:snv_19::sparc cpe:/o:sun:opensolaris:snv_19::x86 cpe:/o:sun:opensolaris:snv_20::sparc cpe:/o:sun:opensolaris:snv_20::x86 cpe:/o:sun:opensolaris:snv_21::sparc cpe:/o:sun:opensolaris:snv_21::x86 cpe:/o:sun:opensolaris:snv_22::sparc cpe:/o:sun:opensolaris:snv_22::x86 cpe:/o:sun:opensolaris:snv_23::sparc cpe:/o:sun:opensolaris:snv_23::x86 cpe:/o:sun:opensolaris:snv_24::sparc cpe:/o:sun:opensolaris:snv_24::x86 cpe:/o:sun:opensolaris:snv_25::sparc cpe:/o:sun:opensolaris:snv_25::x86 cpe:/o:sun:opensolaris:snv_26::sparc cpe:/o:sun:opensolaris:snv_26::x86 cpe:/o:sun:opensolaris:snv_27::sparc cpe:/o:sun:opensolaris:snv_27::x86 cpe:/o:sun:opensolaris:snv_28::sparc cpe:/o:sun:opensolaris:snv_28::x86 cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:solaris:8::sparc cpe:/o:sun:solaris:8::x86 cpe:/o:sun:solaris:9::sparc cpe:/o:sun:solaris:9::x86 cpe:/o:sun:solaris:10::sparc cpe:/o:sun:solaris:10::x86 CVE-2009-0480 2009-02-09T11:30:00.250-05:00 2017-09-28T21:33:50.247-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov SECTRACK 1021653 CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-116965-34-1 SUNALERT 248026 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-042.htm BID 33550 VUPEN ADV-2009-0364 The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets. cpe:/a:mozilla:bugzilla:2.10 cpe:/a:mozilla:bugzilla:2.12 cpe:/a:mozilla:bugzilla:2.14 cpe:/a:mozilla:bugzilla:2.14.1 cpe:/a:mozilla:bugzilla:2.14.2 cpe:/a:mozilla:bugzilla:2.14.3 cpe:/a:mozilla:bugzilla:2.14.4 cpe:/a:mozilla:bugzilla:2.14.5 cpe:/a:mozilla:bugzilla:2.16 cpe:/a:mozilla:bugzilla:2.16:rc1 cpe:/a:mozilla:bugzilla:2.16.1 cpe:/a:mozilla:bugzilla:2.16.2 cpe:/a:mozilla:bugzilla:2.16.3 cpe:/a:mozilla:bugzilla:2.16.4 cpe:/a:mozilla:bugzilla:2.16.5 cpe:/a:mozilla:bugzilla:2.16.6 cpe:/a:mozilla:bugzilla:2.16.7 cpe:/a:mozilla:bugzilla:2.16.8 cpe:/a:mozilla:bugzilla:2.16.9 cpe:/a:mozilla:bugzilla:2.16.10 cpe:/a:mozilla:bugzilla:2.16.11 cpe:/a:mozilla:bugzilla:2.16_rc2 cpe:/a:mozilla:bugzilla:2.17 cpe:/a:mozilla:bugzilla:2.17.1 cpe:/a:mozilla:bugzilla:2.17.2 cpe:/a:mozilla:bugzilla:2.17.3 cpe:/a:mozilla:bugzilla:2.17.4 cpe:/a:mozilla:bugzilla:2.17.5 cpe:/a:mozilla:bugzilla:2.17.6 cpe:/a:mozilla:bugzilla:2.17.7 cpe:/a:mozilla:bugzilla:2.18 cpe:/a:mozilla:bugzilla:2.18:rc1 cpe:/a:mozilla:bugzilla:2.18:rc2 cpe:/a:mozilla:bugzilla:2.18:rc3 cpe:/a:mozilla:bugzilla:2.18.1 cpe:/a:mozilla:bugzilla:2.18.2 cpe:/a:mozilla:bugzilla:2.18.3 cpe:/a:mozilla:bugzilla:2.18.4 cpe:/a:mozilla:bugzilla:2.18.5 cpe:/a:mozilla:bugzilla:2.18.6 cpe:/a:mozilla:bugzilla:2.18.7 cpe:/a:mozilla:bugzilla:2.18.8 cpe:/a:mozilla:bugzilla:2.18.9 cpe:/a:mozilla:bugzilla:2.19 cpe:/a:mozilla:bugzilla:2.19.1 cpe:/a:mozilla:bugzilla:2.19.2 cpe:/a:mozilla:bugzilla:2.19.3 cpe:/a:mozilla:bugzilla:2.20 cpe:/a:mozilla:bugzilla:2.20:rc1 cpe:/a:mozilla:bugzilla:2.20:rc2 cpe:/a:mozilla:bugzilla:2.20.1 cpe:/a:mozilla:bugzilla:2.20.2 cpe:/a:mozilla:bugzilla:2.20.3 cpe:/a:mozilla:bugzilla:2.20.4 cpe:/a:mozilla:bugzilla:2.20.5 cpe:/a:mozilla:bugzilla:2.20.6 cpe:/a:mozilla:bugzilla:2.21 cpe:/a:mozilla:bugzilla:2.21.1 cpe:/a:mozilla:bugzilla:2.21.2 cpe:/a:mozilla:bugzilla:2.22 cpe:/a:mozilla:bugzilla:2.22:rc1 cpe:/a:mozilla:bugzilla:2.22.1 cpe:/a:mozilla:bugzilla:2.22.2 cpe:/a:mozilla:bugzilla:2.22.3 cpe:/a:mozilla:bugzilla:2.22.4 cpe:/a:mozilla:bugzilla:2.22.5 cpe:/a:mozilla:bugzilla:2.22.6 cpe:/a:mozilla:bugzilla:3.0.0 cpe:/a:mozilla:bugzilla:3.0.1 cpe:/a:mozilla:bugzilla:3.0.2 cpe:/a:mozilla:bugzilla:3.0.3 cpe:/a:mozilla:bugzilla:3.0.4 cpe:/a:mozilla:bugzilla:3.0.5 cpe:/a:mozilla:bugzilla:3.0.6 cpe:/a:mozilla:bugzilla:3.2 cpe:/a:mozilla:bugzilla:3.3.1 CVE-2009-0481 2009-02-09T12:30:00.343-05:00 2009-03-25T01:50:24.907-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://www.bugzilla.org/security/2.22.6/ BID 33580 FEDORA FEDORA-2009-2418 FEDORA FEDORA-2009-2417 Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. cpe:/a:mozilla:bugzilla:2.10 cpe:/a:mozilla:bugzilla:2.12 cpe:/a:mozilla:bugzilla:2.14 cpe:/a:mozilla:bugzilla:2.14.1 cpe:/a:mozilla:bugzilla:2.14.2 cpe:/a:mozilla:bugzilla:2.14.3 cpe:/a:mozilla:bugzilla:2.14.4 cpe:/a:mozilla:bugzilla:2.14.5 cpe:/a:mozilla:bugzilla:2.16 cpe:/a:mozilla:bugzilla:2.16:rc1 cpe:/a:mozilla:bugzilla:2.16.1 cpe:/a:mozilla:bugzilla:2.16.2 cpe:/a:mozilla:bugzilla:2.16.3 cpe:/a:mozilla:bugzilla:2.16.4 cpe:/a:mozilla:bugzilla:2.16.5 cpe:/a:mozilla:bugzilla:2.16.6 cpe:/a:mozilla:bugzilla:2.16.7 cpe:/a:mozilla:bugzilla:2.16.8 cpe:/a:mozilla:bugzilla:2.16.9 cpe:/a:mozilla:bugzilla:2.16.10 cpe:/a:mozilla:bugzilla:2.16.11 cpe:/a:mozilla:bugzilla:2.16_rc2 cpe:/a:mozilla:bugzilla:2.17 cpe:/a:mozilla:bugzilla:2.17.1 cpe:/a:mozilla:bugzilla:2.17.2 cpe:/a:mozilla:bugzilla:2.17.3 cpe:/a:mozilla:bugzilla:2.17.4 cpe:/a:mozilla:bugzilla:2.17.5 cpe:/a:mozilla:bugzilla:2.17.6 cpe:/a:mozilla:bugzilla:2.17.7 cpe:/a:mozilla:bugzilla:2.18 cpe:/a:mozilla:bugzilla:2.18:rc1 cpe:/a:mozilla:bugzilla:2.18:rc2 cpe:/a:mozilla:bugzilla:2.18:rc3 cpe:/a:mozilla:bugzilla:2.18.1 cpe:/a:mozilla:bugzilla:2.18.2 cpe:/a:mozilla:bugzilla:2.18.3 cpe:/a:mozilla:bugzilla:2.18.4 cpe:/a:mozilla:bugzilla:2.18.5 cpe:/a:mozilla:bugzilla:2.18.6 cpe:/a:mozilla:bugzilla:2.18.7 cpe:/a:mozilla:bugzilla:2.18.8 cpe:/a:mozilla:bugzilla:2.18.9 cpe:/a:mozilla:bugzilla:2.19 cpe:/a:mozilla:bugzilla:2.19.1 cpe:/a:mozilla:bugzilla:2.19.2 cpe:/a:mozilla:bugzilla:2.19.3 cpe:/a:mozilla:bugzilla:2.20 cpe:/a:mozilla:bugzilla:2.20:rc1 cpe:/a:mozilla:bugzilla:2.20:rc2 cpe:/a:mozilla:bugzilla:2.20.1 cpe:/a:mozilla:bugzilla:2.20.2 cpe:/a:mozilla:bugzilla:2.20.3 cpe:/a:mozilla:bugzilla:2.20.4 cpe:/a:mozilla:bugzilla:2.20.5 cpe:/a:mozilla:bugzilla:2.20.6 cpe:/a:mozilla:bugzilla:2.21 cpe:/a:mozilla:bugzilla:2.21.1 cpe:/a:mozilla:bugzilla:2.21.2 cpe:/a:mozilla:bugzilla:2.22 cpe:/a:mozilla:bugzilla:2.22:rc1 cpe:/a:mozilla:bugzilla:2.22.1 cpe:/a:mozilla:bugzilla:2.22.2 cpe:/a:mozilla:bugzilla:2.22.3 cpe:/a:mozilla:bugzilla:2.22.4 cpe:/a:mozilla:bugzilla:2.22.5 cpe:/a:mozilla:bugzilla:2.22.6 cpe:/a:mozilla:bugzilla:3.0.0 cpe:/a:mozilla:bugzilla:3.0.1 cpe:/a:mozilla:bugzilla:3.0.2 cpe:/a:mozilla:bugzilla:3.0.3 cpe:/a:mozilla:bugzilla:3.0.4 cpe:/a:mozilla:bugzilla:3.0.5 cpe:/a:mozilla:bugzilla:3.0.6 cpe:/a:mozilla:bugzilla:3.2 cpe:/a:mozilla:bugzilla:3.3.1 CVE-2009-0482 2009-02-09T12:30:00.360-05:00 2009-03-25T01:50:25.140-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://www.bugzilla.org/security/2.22.6/ BID 33580 FEDORA FEDORA-2009-2418 FEDORA FEDORA-2009-2417 Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi. cpe:/a:mozilla:bugzilla:2.10 cpe:/a:mozilla:bugzilla:2.12 cpe:/a:mozilla:bugzilla:2.14 cpe:/a:mozilla:bugzilla:2.14.1 cpe:/a:mozilla:bugzilla:2.14.2 cpe:/a:mozilla:bugzilla:2.14.3 cpe:/a:mozilla:bugzilla:2.14.4 cpe:/a:mozilla:bugzilla:2.14.5 cpe:/a:mozilla:bugzilla:2.16 cpe:/a:mozilla:bugzilla:2.16:rc1 cpe:/a:mozilla:bugzilla:2.16.1 cpe:/a:mozilla:bugzilla:2.16.2 cpe:/a:mozilla:bugzilla:2.16.3 cpe:/a:mozilla:bugzilla:2.16.4 cpe:/a:mozilla:bugzilla:2.16.5 cpe:/a:mozilla:bugzilla:2.16.6 cpe:/a:mozilla:bugzilla:2.16.7 cpe:/a:mozilla:bugzilla:2.16.8 cpe:/a:mozilla:bugzilla:2.16.9 cpe:/a:mozilla:bugzilla:2.16.10 cpe:/a:mozilla:bugzilla:2.16.11 cpe:/a:mozilla:bugzilla:2.16_rc2 cpe:/a:mozilla:bugzilla:2.17 cpe:/a:mozilla:bugzilla:2.17.1 cpe:/a:mozilla:bugzilla:2.17.2 cpe:/a:mozilla:bugzilla:2.17.3 cpe:/a:mozilla:bugzilla:2.17.4 cpe:/a:mozilla:bugzilla:2.17.5 cpe:/a:mozilla:bugzilla:2.17.6 cpe:/a:mozilla:bugzilla:2.17.7 cpe:/a:mozilla:bugzilla:2.18 cpe:/a:mozilla:bugzilla:2.18:rc1 cpe:/a:mozilla:bugzilla:2.18:rc2 cpe:/a:mozilla:bugzilla:2.18:rc3 cpe:/a:mozilla:bugzilla:2.18.1 cpe:/a:mozilla:bugzilla:2.18.2 cpe:/a:mozilla:bugzilla:2.18.3 cpe:/a:mozilla:bugzilla:2.18.4 cpe:/a:mozilla:bugzilla:2.18.5 cpe:/a:mozilla:bugzilla:2.18.6 cpe:/a:mozilla:bugzilla:2.18.7 cpe:/a:mozilla:bugzilla:2.18.8 cpe:/a:mozilla:bugzilla:2.18.9 cpe:/a:mozilla:bugzilla:2.19 cpe:/a:mozilla:bugzilla:2.19.1 cpe:/a:mozilla:bugzilla:2.19.2 cpe:/a:mozilla:bugzilla:2.19.3 cpe:/a:mozilla:bugzilla:2.20 cpe:/a:mozilla:bugzilla:2.20:rc1 cpe:/a:mozilla:bugzilla:2.20:rc2 cpe:/a:mozilla:bugzilla:2.20.1 cpe:/a:mozilla:bugzilla:2.20.2 cpe:/a:mozilla:bugzilla:2.20.3 cpe:/a:mozilla:bugzilla:2.20.4 cpe:/a:mozilla:bugzilla:2.20.5 cpe:/a:mozilla:bugzilla:2.20.6 cpe:/a:mozilla:bugzilla:2.21 cpe:/a:mozilla:bugzilla:2.21.1 cpe:/a:mozilla:bugzilla:2.21.2 cpe:/a:mozilla:bugzilla:2.22 cpe:/a:mozilla:bugzilla:2.22:rc1 cpe:/a:mozilla:bugzilla:2.22.1 cpe:/a:mozilla:bugzilla:2.22.2 cpe:/a:mozilla:bugzilla:2.22.3 cpe:/a:mozilla:bugzilla:2.22.4 cpe:/a:mozilla:bugzilla:2.22.5 cpe:/a:mozilla:bugzilla:2.22.6 cpe:/a:mozilla:bugzilla:3.0.0 cpe:/a:mozilla:bugzilla:3.0.1 cpe:/a:mozilla:bugzilla:3.0.2 cpe:/a:mozilla:bugzilla:3.0.3 cpe:/a:mozilla:bugzilla:3.0.4 cpe:/a:mozilla:bugzilla:3.0.5 cpe:/a:mozilla:bugzilla:3.0.6 cpe:/a:mozilla:bugzilla:3.2 cpe:/a:mozilla:bugzilla:3.3.1 CVE-2009-0483 2009-02-09T12:30:00.377-05:00 2009-03-25T01:50:25.280-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://www.bugzilla.org/security/2.22.6/ BID 33580 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=466692 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=472362 FEDORA FEDORA-2009-2418 FEDORA FEDORA-2009-2417 Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi. cpe:/a:mozilla:bugzilla:3.0.0 cpe:/a:mozilla:bugzilla:3.0.1 cpe:/a:mozilla:bugzilla:3.0.2 cpe:/a:mozilla:bugzilla:3.0.3 cpe:/a:mozilla:bugzilla:3.0.4 cpe:/a:mozilla:bugzilla:3.0.5 cpe:/a:mozilla:bugzilla:3.0.6 cpe:/a:mozilla:bugzilla:3.2 cpe:/a:mozilla:bugzilla:3.3.1 CVE-2009-0484 2009-02-09T12:30:00.390-05:00 2009-03-25T01:50:25.407-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://www.bugzilla.org/security/2.22.6/ BID 33580 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=466748 FEDORA FEDORA-2009-2418 FEDORA FEDORA-2009-2417 Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi. cpe:/a:mozilla:bugzilla:2.17 cpe:/a:mozilla:bugzilla:2.17.1 cpe:/a:mozilla:bugzilla:2.17.3 cpe:/a:mozilla:bugzilla:2.17.4 cpe:/a:mozilla:bugzilla:2.17.5 cpe:/a:mozilla:bugzilla:2.17.6 cpe:/a:mozilla:bugzilla:2.17.7 cpe:/a:mozilla:bugzilla:2.18 cpe:/a:mozilla:bugzilla:2.18:rc1 cpe:/a:mozilla:bugzilla:2.18:rc2 cpe:/a:mozilla:bugzilla:2.18:rc3 cpe:/a:mozilla:bugzilla:2.18.1 cpe:/a:mozilla:bugzilla:2.18.2 cpe:/a:mozilla:bugzilla:2.18.3 cpe:/a:mozilla:bugzilla:2.18.4 cpe:/a:mozilla:bugzilla:2.18.5 cpe:/a:mozilla:bugzilla:2.18.6 cpe:/a:mozilla:bugzilla:2.18.6%2b cpe:/a:mozilla:bugzilla:2.19 cpe:/a:mozilla:bugzilla:2.19.1 cpe:/a:mozilla:bugzilla:2.19.2 cpe:/a:mozilla:bugzilla:2.19.3 cpe:/a:mozilla:bugzilla:2.20 cpe:/a:mozilla:bugzilla:2.20:rc1 cpe:/a:mozilla:bugzilla:2.20:rc2 cpe:/a:mozilla:bugzilla:2.20.1 cpe:/a:mozilla:bugzilla:2.20.2 cpe:/a:mozilla:bugzilla:2.20.3 cpe:/a:mozilla:bugzilla:2.20.4 cpe:/a:mozilla:bugzilla:2.20.5 cpe:/a:mozilla:bugzilla:2.20.6 cpe:/a:mozilla:bugzilla:2.20.7 cpe:/a:mozilla:bugzilla:2.21 cpe:/a:mozilla:bugzilla:2.21.1 cpe:/a:mozilla:bugzilla:2.22 cpe:/a:mozilla:bugzilla:2.22:rc1 cpe:/a:mozilla:bugzilla:2.22.1 cpe:/a:mozilla:bugzilla:2.22.2 cpe:/a:mozilla:bugzilla:2.22.3 cpe:/a:mozilla:bugzilla:2.22.4 cpe:/a:mozilla:bugzilla:2.22.5 cpe:/a:mozilla:bugzilla:2.22.6 cpe:/a:mozilla:bugzilla:3.0 cpe:/a:mozilla:bugzilla:3.0:rc1 cpe:/a:mozilla:bugzilla:3.0.1 cpe:/a:mozilla:bugzilla:3.0.2 cpe:/a:mozilla:bugzilla:3.0.3 cpe:/a:mozilla:bugzilla:3.0.4 cpe:/a:mozilla:bugzilla:3.0.5 cpe:/a:mozilla:bugzilla:3.0.6 cpe:/a:mozilla:bugzilla:3.2 cpe:/a:mozilla:bugzilla:3.2:rc1 cpe:/a:mozilla:bugzilla:3.2:rc2 cpe:/a:mozilla:bugzilla:3.3.1 CVE-2009-0485 2009-02-09T12:30:00.407-05:00 2009-03-25T01:50:25.593-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://www.bugzilla.org/security/2.22.6/ BID 33580 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=466692 FEDORA FEDORA-2009-2418 FEDORA FEDORA-2009-2417 Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi. cpe:/a:mozilla:bugzilla:3.0.7 cpe:/a:mozilla:bugzilla:3.2.1 cpe:/a:mozilla:bugzilla:3.3.2 CVE-2009-0486 2009-02-09T12:30:00.437-05:00 2009-03-25T01:50:25.717-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://www.bugzilla.org/security/3.0.7/ BID 33581 FEDORA FEDORA-2009-2418 FEDORA FEDORA-2009-2417 Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users. cpe:/a:mahara:mahara:0.9.0 cpe:/a:mahara:mahara:0.9.1 cpe:/a:mahara:mahara:0.9.2 cpe:/a:mahara:mahara:1.0.0 cpe:/a:mahara:mahara:1.0.1 cpe:/a:mahara:mahara:1.0.2 cpe:/a:mahara:mahara:1.0.3 cpe:/a:mahara:mahara:1.0.4 cpe:/a:mahara:mahara:1.0.5 cpe:/a:mahara:mahara:1.0.6 cpe:/a:mahara:mahara:1.0.7 cpe:/a:mahara:mahara:1.0.8 CVE-2009-0487 2009-02-09T15:30:00.343-05:00 2017-08-07T21:33:57.580-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://mahara.org/interaction/forum/topic.php?id=198 BID 33619 XF mahara-unspecified-xss(48518) Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post. cpe:/a:phorum:phorum:3.0.7 cpe:/a:phorum:phorum:3.1 cpe:/a:phorum:phorum:3.1.1 cpe:/a:phorum:phorum:3.1.1_pre cpe:/a:phorum:phorum:3.1.1_rc2 cpe:/a:phorum:phorum:3.1.1a cpe:/a:phorum:phorum:3.1.2 cpe:/a:phorum:phorum:3.2 cpe:/a:phorum:phorum:3.2.2 cpe:/a:phorum:phorum:3.2.3 cpe:/a:phorum:phorum:3.2.3a cpe:/a:phorum:phorum:3.2.3b cpe:/a:phorum:phorum:3.2.4 cpe:/a:phorum:phorum:3.2.5 cpe:/a:phorum:phorum:3.2.6 cpe:/a:phorum:phorum:3.2.7 cpe:/a:phorum:phorum:3.2.8 cpe:/a:phorum:phorum:3.3.1 cpe:/a:phorum:phorum:3.3.1a cpe:/a:phorum:phorum:3.3.2 cpe:/a:phorum:phorum:3.3.2a cpe:/a:phorum:phorum:3.3.2b3 cpe:/a:phorum:phorum:3.4 cpe:/a:phorum:phorum:3.4.1 cpe:/a:phorum:phorum:3.4.2 cpe:/a:phorum:phorum:3.4.3 cpe:/a:phorum:phorum:3.4.4 cpe:/a:phorum:phorum:3.4.5 cpe:/a:phorum:phorum:3.4.6 cpe:/a:phorum:phorum:3.4.7 cpe:/a:phorum:phorum:3.4.8 cpe:/a:phorum:phorum:3.4.8a cpe:/a:phorum:phorum:4.3.7 cpe:/a:phorum:phorum:5.0.0_alpha cpe:/a:phorum:phorum:5.0.1_alpha cpe:/a:phorum:phorum:5.0.2_alpha cpe:/a:phorum:phorum:5.0.3_beta cpe:/a:phorum:phorum:5.0.4_beta cpe:/a:phorum:phorum:5.0.4a_beta cpe:/a:phorum:phorum:5.0.5_beta cpe:/a:phorum:phorum:5.0.6_beta cpe:/a:phorum:phorum:5.0.7_beta cpe:/a:phorum:phorum:5.0.7a_beta cpe:/a:phorum:phorum:5.0.8_rc cpe:/a:phorum:phorum:5.0.9 cpe:/a:phorum:phorum:5.0.10 cpe:/a:phorum:phorum:5.0.11 cpe:/a:phorum:phorum:5.0.12 cpe:/a:phorum:phorum:5.0.13 cpe:/a:phorum:phorum:5.0.13a cpe:/a:phorum:phorum:5.0.14 cpe:/a:phorum:phorum:5.0.14a cpe:/a:phorum:phorum:5.0.15 cpe:/a:phorum:phorum:5.0.15a cpe:/a:phorum:phorum:5.0.16 cpe:/a:phorum:phorum:5.0.17 cpe:/a:phorum:phorum:5.0.17a cpe:/a:phorum:phorum:5.0.18 cpe:/a:phorum:phorum:5.0.19 cpe:/a:phorum:phorum:5.0.20 cpe:/a:phorum:phorum:5.1.13 cpe:/a:phorum:phorum:5.1.14 cpe:/a:phorum:phorum:5.1.17 cpe:/a:phorum:phorum:5.1.18 cpe:/a:phorum:phorum:5.1.20 cpe:/a:phorum:phorum:5.1.21 cpe:/a:phorum:phorum:5.1.25 cpe:/a:phorum:phorum:5.2 cpe:/a:phorum:phorum:5.2.1 cpe:/a:phorum:phorum:5.2.2:beta cpe:/a:phorum:phorum:5.2.3:rc1 cpe:/a:phorum:phorum:5.2.4:rc2 cpe:/a:phorum:phorum:5.2.5 cpe:/a:phorum:phorum:5.2.8 cpe:/a:phorum:phorum:5.2.9 cpe:/a:phorum:phorum:5.2.10:rc1 CVE-2009-0488 2009-02-09T15:30:02.750-05:00 2009-02-17T01:57:28.110-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://www.phorum.org/phorum5/read.php?64,136129 BID 33657 Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:david_paleino:wicd:1.2.7 cpe:/a:david_paleino:wicd:1.3.1 cpe:/a:david_paleino:wicd:1.4.0 cpe:/a:david_paleino:wicd:1.4.1 cpe:/a:david_paleino:wicd:1.4.2 cpe:/a:david_paleino:wicd:1.5.0 cpe:/a:david_paleino:wicd:1.5.1 cpe:/a:david_paleino:wicd:1.5.2 cpe:/a:david_paleino:wicd:1.5.3 cpe:/a:david_paleino:wicd:1.5.4 cpe:/a:david_paleino:wicd:1.5.5 cpe:/a:david_paleino:wicd:1.5.6 cpe:/a:david_paleino:wicd:1.5.7 cpe:/a:david_paleino:wicd:1.5.8 CVE-2009-0489 2009-02-09T15:30:02.767-05:00 2012-07-02T00:00:00.000-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-02-10T10:31:00.000-05:00 CONFIRM http://bazaar.launchpad.net/~wicd-devel/wicd/trunk/revision/222 GENTOO GLSA-200904-12 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=194573&release_id=659059 MLIST [oss-security] 20090206 CVE Request - Wicd <= 1.5.8 The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials. cpe:/a:audacity:audacity:1.2.6 cpe:/a:audacity:audacity:1.3.0 cpe:/a:audacity:audacity:1.3.1 cpe:/a:audacity:audacity:1.3.3 cpe:/a:audacity:audacity:1.3.4 cpe:/a:audacity:audacity:1.3.5 cpe:/a:audacity:audacity:1.3.6 CVE-2009-0490 2009-02-09T20:30:00.267-05:00 2018-08-13T17:47:32.667-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=253493 SUSE SUSE-SR:2009:004 MLIST [audacity-devel] 20090110 Audacity "String_parse::get_nonspace_quoted()" Buffer Overflow BID 33090 VUPEN ADV-2009-0008 EXPLOIT-DB 7634 Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string. cpe:/a:elecard:elecard_mpeg_player:5.5 CVE-2009-0491 2009-02-09T20:30:00.280-05:00 2017-09-28T21:33:50.387-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS VUPEN ADV-2009-0007 EXPLOIT-DB 7637 Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL. cpe:/a:simpleircbot:simpleircbot:1.0:alpha CVE-2009-0492 2009-02-09T20:30:00.297-05:00 2011-03-07T22:18:35.657-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://sourceforge.net/project/shownotes.php?group_id=249202&release_id=650796 BID 33127 VUPEN ADV-2009-0020 Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability." cpe:/a:martin_unzner:it%21cms:0.21-alpha CVE-2009-0493 2009-02-09T20:30:00.327-05:00 2017-09-28T21:33:50.433-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33139 XF itcms-login-sql-injection(47791) EXPLOIT-DB 7686 SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username. cpe:/a:mivaco:com_portfol:1.2 CVE-2009-0494 2009-02-09T20:30:00.343-05:00 2017-09-28T21:33:50.497-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33218 EXPLOIT-DB 7734 SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php. cpe:/a:it747:realtor_747:4.11 CVE-2009-0495 2009-02-09T20:30:00.360-05:00 2017-09-28T21:33:50.543-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33227 EXPLOIT-DB 7743 PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter. cpe:/a:ignite_realtime:openfire:3.6.2 CVE-2009-0496 2009-02-09T20:30:00.377-05:00 2018-10-11T17:01:50.650-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov MISC http://www.coresecurity.com/content/openfire-multiple-vulnerabilities CONFIRM http://www.igniterealtime.org/issues/browse/JM-1506 BUGTRAQ 20090108 CORE-2008-1128: Openfire multiple vulnerabilities BID 32935 BID 32937 BID 32938 BID 32939 BID 32940 BID 32943 BID 32944 CONFIRM https://bugs.gentoo.org/show_bug.cgi?id=254309 XF openfire-multiple-scripts-xss(47834) XF openfire-serverproperties-xss(47835) XF openfire-mucroomeditform-xss(47845) Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize, (6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e) audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp; and the (10) roomconfig_roomname and (11) roomconfig_roomdesc parameters to (g) muc-room-edit-form.jsp. NOTE: this can be leveraged for arbitrary code execution by using XSS to upload a malicious plugin. cpe:/a:igniterealtime:openfire:3.6.2 CVE-2009-0497 2009-02-09T20:30:00.407-05:00 2018-10-11T17:01:52.247-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp MISC http://www.coresecurity.com/content/openfire-multiple-vulnerabilities BUGTRAQ 20090108 CORE-2008-1128: Openfire multiple vulnerabilities BID 32945 MISC https://bugs.gentoo.org/show_bug.cgi?id=257585 XF openfire-log-directory-traversal(47806) Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter. cpe:/a:minitdesign:virtual_guestbook:2.1 CVE-2009-0498 2009-02-09T20:30:00.420-05:00 2017-09-28T21:33:50.607-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov EXPLOIT-DB 7744 Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb. cpe:/a:moodle:moodle:1.7 cpe:/a:moodle:moodle:1.7.1 cpe:/a:moodle:moodle:1.7.2 cpe:/a:moodle:moodle:1.7.3 cpe:/a:moodle:moodle:1.7.4 cpe:/a:moodle:moodle:1.7.5 cpe:/a:moodle:moodle:1.7.6 cpe:/a:moodle:moodle:1.8 cpe:/a:moodle:moodle:1.8.1 cpe:/a:moodle:moodle:1.8.2 cpe:/a:moodle:moodle:1.8.3 cpe:/a:moodle:moodle:1.8.4 cpe:/a:moodle:moodle:1.8.5 cpe:/a:moodle:moodle:1.8.6 cpe:/a:moodle:moodle:1.8.7 cpe:/a:moodle:moodle:1.9 cpe:/a:moodle:moodle:1.9.1 cpe:/a:moodle:moodle:1.9.2 cpe:/a:moodle:moodle:1.9.3 CVE-2009-0499 2009-02-09T21:30:00.467-05:00 2009-04-01T01:42:34.890-04:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15 SUSE SUSE-SR:2009:007 CONFIRM http://moodle.org/security/ MLIST [oss-security] 20090204 CVS request - Moodle Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php. cpe:/a:moodle:moodle:1.6 cpe:/a:moodle:moodle:1.6.1 cpe:/a:moodle:moodle:1.6.2 cpe:/a:moodle:moodle:1.6.3 cpe:/a:moodle:moodle:1.6.4 cpe:/a:moodle:moodle:1.6.5 cpe:/a:moodle:moodle:1.6.6 cpe:/a:moodle:moodle:1.6.7 cpe:/a:moodle:moodle:1.6.8 cpe:/a:moodle:moodle:1.7 cpe:/a:moodle:moodle:1.7.1 cpe:/a:moodle:moodle:1.7.2 cpe:/a:moodle:moodle:1.7.3 cpe:/a:moodle:moodle:1.7.4 cpe:/a:moodle:moodle:1.7.5 cpe:/a:moodle:moodle:1.7.6 cpe:/a:moodle:moodle:1.8 cpe:/a:moodle:moodle:1.8.1 cpe:/a:moodle:moodle:1.8.2 cpe:/a:moodle:moodle:1.8.3 cpe:/a:moodle:moodle:1.8.4 cpe:/a:moodle:moodle:1.8.5 cpe:/a:moodle:moodle:1.8.6 cpe:/a:moodle:moodle:1.8.7 cpe:/a:moodle:moodle:1.9 cpe:/a:moodle:moodle:1.9.1 cpe:/a:moodle:moodle:1.9.2 cpe:/a:moodle:moodle:1.9.3 CVE-2009-0500 2009-02-09T21:30:00.530-05:00 2011-09-12T23:00:25.127-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SUSE SUSE-SR:2009:007 CONFIRM http://moodle.org/security/ DEBIAN DSA-1724 MLIST [oss-security] 20090204 CVS request - Moodle Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report. cpe:/a:moodle:moodle:1.8 cpe:/a:moodle:moodle:1.8.1 cpe:/a:moodle:moodle:1.8.2 cpe:/a:moodle:moodle:1.8.3 cpe:/a:moodle:moodle:1.8.4 cpe:/a:moodle:moodle:1.8.5 cpe:/a:moodle:moodle:1.8.6 cpe:/a:moodle:moodle:1.8.7 cpe:/a:moodle:moodle:1.9 cpe:/a:moodle:moodle:1.9.1 cpe:/a:moodle:moodle:1.9.2 cpe:/a:moodle:moodle:1.9.3 CVE-2009-0501 2009-02-09T21:30:00.547-05:00 2009-04-01T01:42:35.110-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov SUSE SUSE-SR:2009:007 CONFIRM http://moodle.org/security/ MLIST [oss-security] 20090204 CVS request - Moodle Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors. cpe:/a:moodle:moodle:1.7 cpe:/a:moodle:moodle:1.7.1 cpe:/a:moodle:moodle:1.7.2 cpe:/a:moodle:moodle:1.7.3 cpe:/a:moodle:moodle:1.7.4 cpe:/a:moodle:moodle:1.7.5 cpe:/a:moodle:moodle:1.7.6 cpe:/a:moodle:moodle:1.8 cpe:/a:moodle:moodle:1.8.1 cpe:/a:moodle:moodle:1.8.2 cpe:/a:moodle:moodle:1.8.3 cpe:/a:moodle:moodle:1.8.4 cpe:/a:moodle:moodle:1.8.5 cpe:/a:moodle:moodle:1.8.6 cpe:/a:moodle:moodle:1.8.7 cpe:/a:moodle:moodle:1.9 cpe:/a:moodle:moodle:1.9.1 cpe:/a:moodle:moodle:1.9.2 cpe:/a:moodle:moodle:1.9.3 cpe:/a:snoopy:snoopy:1.2.3 CVE-2009-0502 2009-02-09T21:30:00.563-05:00 2011-09-12T23:00:25.377-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SUSE SUSE-SR:2009:007 CONFIRM http://moodle.org/security/ DEBIAN DSA-1724 MLIST [oss-security] 20090204 CVS request - Moodle Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page. cpe:/a:ibm:websphere_message_broker:6.1 cpe:/a:ibm:websphere_message_broker:6.1.0.1 CVE-2009-0503 2009-02-13T12:30:00.703-05:00 2017-08-07T21:33:57.813-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov BID 33819 SECTRACK 1021735 VUPEN ADV-2009-0460 CONFIRM http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431 AIXAPAR IC55298 XF websphere-msgbroker-info-disclosure(48642) IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. cpe:/a:ibm:websphere_application_server:7.0 CVE-2009-0504 2009-02-17T12:30:05.907-05:00 2017-08-07T21:33:57.860-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27014463 AIXAPAR PK73573 XF websphere-wspolicy-information-disclosure(48700) WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. cpe:/a:ibm:txseries:6.2:-:aix cpe:/a:ibm:txseries:6.2:-:ga cpe:/a:ibm:txseries:6.2:-:hp-ia cpe:/a:ibm:txseries:6.2:-:hp-ux cpe:/a:ibm:txseries:6.2:-:solaris cpe:/a:ibm:txseries:6.2:-:windows CVE-2009-0505 2009-02-25T11:30:00.360-05:00 2017-08-07T21:33:57.907-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33883 VUPEN ADV-2009-0911 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24019725 XF txseries-forcepurge-wait-unspecified(48885) The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for a forcepurge acknowledgement from the CICS Application Server (CICSAS) after an eci response timeout, which might allow remote authenticated users to cause a denial of service (forcepurge handling delay), or have unspecified other impact, via vectors involving slow or nonexistent acknowledgement. cpe:/a:ibm:websphere_application_server:5.1.0 cpe:/a:ibm:websphere_application_server:6.0.2 cpe:/a:ibm:websphere_application_server:6.0.2.4 cpe:/a:ibm:websphere_application_server:6.0.2.6 cpe:/a:ibm:websphere_application_server:6.0.2.8 cpe:/a:ibm:websphere_application_server:6.0.2.10 cpe:/a:ibm:websphere_application_server:6.0.2.12 cpe:/a:ibm:websphere_application_server:6.0.2.14 cpe:/a:ibm:websphere_application_server:6.0.2.16 cpe:/a:ibm:websphere_application_server:6.0.2.18 cpe:/a:ibm:websphere_application_server:6.0.2.20 cpe:/a:ibm:websphere_application_server:6.0.2.22 cpe:/a:ibm:websphere_application_server:6.0.2.24 CVE-2009-0506 2009-02-25T11:30:00.420-05:00 2017-08-07T21:33:57.970-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33884 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27006876 XF websphere-zos-csiv2-unspecified(48886) Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. cpe:/a:ibm:websphere_process_server:6.1.2 cpe:/a:ibm:websphere_process_server:6.1.2.1 cpe:/a:ibm:websphere_process_server:6.1.2.2 cpe:/a:ibm:websphere_process_server:6.2 CVE-2009-0507 2009-02-26T11:17:19.843-05:00 2017-08-07T21:33:58.017-04:00 4.0 NETWORK LOW SINGLE_INSTANCE PARTIAL NONE NONE http://nvd.nist.gov VUPEN ADV-2009-0670 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27015580 AIXAPAR JR30088 XF websphere-process-server-info-disclosure(48892) IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member. cpe:/a:ibm:websphere_application_server:5.1.0 cpe:/a:ibm:websphere_application_server:5.1.1.19 cpe:/a:ibm:websphere_application_server:6.0.2 cpe:/a:ibm:websphere_application_server:6.0.2.1 cpe:/a:ibm:websphere_application_server:6.0.2.3 cpe:/a:ibm:websphere_application_server:6.0.2.5 cpe:/a:ibm:websphere_application_server:6.0.2.7 cpe:/a:ibm:websphere_application_server:6.0.2.9 cpe:/a:ibm:websphere_application_server:6.0.2.11 cpe:/a:ibm:websphere_application_server:6.0.2.15 cpe:/a:ibm:websphere_application_server:6.0.2.17 cpe:/a:ibm:websphere_application_server:6.0.2.19 cpe:/a:ibm:websphere_application_server:6.0.2.21 cpe:/a:ibm:websphere_application_server:6.0.2.23 cpe:/a:ibm:websphere_application_server:6.0.2.25 cpe:/a:ibm:websphere_application_server:6.0.2.27 cpe:/a:ibm:websphere_application_server:6.0.2.29 cpe:/a:ibm:websphere_application_server:6.0.2.31 cpe:/a:ibm:websphere_application_server:6.0.2.33 cpe:/a:ibm:websphere_application_server:6.1 cpe:/a:ibm:websphere_application_server:6.1.0.1 cpe:/a:ibm:websphere_application_server:6.1.0.2 cpe:/a:ibm:websphere_application_server:6.1.0.3 cpe:/a:ibm:websphere_application_server:6.1.0.5 cpe:/a:ibm:websphere_application_server:6.1.0.7 cpe:/a:ibm:websphere_application_server:6.1.0.9 cpe:/a:ibm:websphere_application_server:6.1.0.11 cpe:/a:ibm:websphere_application_server:6.1.0.13 cpe:/a:ibm:websphere_application_server:6.1.0.15 cpe:/a:ibm:websphere_application_server:6.1.0.17 cpe:/a:ibm:websphere_application_server:6.1.0.19 cpe:/a:ibm:websphere_application_server:6.1.0.21 cpe:/a:ibm:websphere_application_server:7.0 cpe:/a:ibm:websphere_application_server:7.0.0.1 CVE-2009-0508 2009-03-16T15:30:00.467-04:00 2017-08-07T21:33:58.080-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 34104 VUPEN ADV-2009-0704 VUPEN ADV-2009-1188 VUPEN ADV-2009-1464 CONFIRM http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21380233 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21380376 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27006876 XF websphere-web-app-information-disclosure(49085) The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. cpe:/a:adobe:acrobat:7.0 cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat:7.0.1 cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat:7.0.2 cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat:7.0.2::standard cpe:/a:adobe:acrobat:7.0.3 cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat:7.0.4 cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat:7.0.5 cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat:7.0.6 cpe:/a:adobe:acrobat:7.0.6::professional cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0.7 cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.8 cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat:7.0.9 cpe:/a:adobe:acrobat:7.0.9::professional cpe:/a:adobe:acrobat:7.1 cpe:/a:adobe:acrobat:7.1::professional cpe:/a:adobe:acrobat:7.1::standard cpe:/a:adobe:acrobat:7.1.0 cpe:/a:adobe:acrobat:7.1.1 cpe:/a:adobe:acrobat:7.1.1::standard cpe:/a:adobe:acrobat:8.0 cpe:/a:adobe:acrobat:8.0::professional cpe:/a:adobe:acrobat:8.0::standard cpe:/a:adobe:acrobat:8.1 cpe:/a:adobe:acrobat:8.1::standard cpe:/a:adobe:acrobat:8.1.1 cpe:/a:adobe:acrobat:8.1.1::professional cpe:/a:adobe:acrobat:8.1.1::standard cpe:/a:adobe:acrobat:8.1.2 cpe:/a:adobe:acrobat:8.1.2::professional cpe:/a:adobe:acrobat:8.1.2::standard cpe:/a:adobe:acrobat:8.1.2:security_update:professional cpe:/a:adobe:acrobat:8.1.3 cpe:/a:adobe:acrobat:8.1.3::professional cpe:/a:adobe:acrobat:8.1.3::standard cpe:/a:adobe:acrobat:8.1.4 cpe:/a:adobe:acrobat:8.1.4::professional cpe:/a:adobe:acrobat:8.1.4::standard cpe:/a:adobe:acrobat:9 cpe:/a:adobe:acrobat:9.0 cpe:/a:adobe:acrobat:9.0::standard cpe:/a:adobe:acrobat:9.0.0 cpe:/a:adobe:acrobat:9.1 cpe:/a:adobe:acrobat:9.1::standard cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat_reader:7.0.9 cpe:/a:adobe:acrobat_reader:7.1 cpe:/a:adobe:acrobat_reader:7.1.1 cpe:/a:adobe:acrobat_reader:8.0 cpe:/a:adobe:acrobat_reader:8.1 cpe:/a:adobe:acrobat_reader:8.1.1 cpe:/a:adobe:acrobat_reader:8.1.2 cpe:/a:adobe:acrobat_reader:8.1.2:security_update cpe:/a:adobe:acrobat_reader:8.1.3 cpe:/a:adobe:acrobat_reader:8.1.4 cpe:/a:adobe:acrobat_reader:8.1.5 cpe:/a:adobe:acrobat_reader:9 cpe:/a:adobe:acrobat_reader:9.1 cpe:/a:adobe:acrobat_reader:9.1.1 CVE-2009-0509 2009-06-11T11:30:00.233-04:00 2017-08-07T21:33:58.157-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SA:2009:035 SUSE SUSE-SR:2009:012 GENTOO GLSA-200907-06 SECTRACK 1022361 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-07.html REDHAT RHSA-2009:1109 BID 35274 CERT TA09-161A VUPEN ADV-2009-1547 XF reader-text-bo(49239) Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption. cpe:/a:adobe:acrobat:7.0 cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat:7.0.1 cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat:7.0.2 cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat:7.0.2::standard cpe:/a:adobe:acrobat:7.0.3 cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat:7.0.4 cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat:7.0.5 cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat:7.0.6 cpe:/a:adobe:acrobat:7.0.6::professional cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0.7 cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.8 cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat:7.0.9 cpe:/a:adobe:acrobat:7.0.9::professional cpe:/a:adobe:acrobat:7.1 cpe:/a:adobe:acrobat:7.1::professional cpe:/a:adobe:acrobat:7.1::standard cpe:/a:adobe:acrobat:7.1.0 cpe:/a:adobe:acrobat:7.1.1 cpe:/a:adobe:acrobat:7.1.1::standard cpe:/a:adobe:acrobat:8.0 cpe:/a:adobe:acrobat:8.0::professional cpe:/a:adobe:acrobat:8.0::standard cpe:/a:adobe:acrobat:8.1 cpe:/a:adobe:acrobat:8.1::standard cpe:/a:adobe:acrobat:8.1.1 cpe:/a:adobe:acrobat:8.1.1::professional cpe:/a:adobe:acrobat:8.1.1::standard cpe:/a:adobe:acrobat:8.1.2 cpe:/a:adobe:acrobat:8.1.2::professional cpe:/a:adobe:acrobat:8.1.2::standard cpe:/a:adobe:acrobat:8.1.2:security_update:professional cpe:/a:adobe:acrobat:8.1.3 cpe:/a:adobe:acrobat:8.1.3::professional cpe:/a:adobe:acrobat:8.1.3::standard cpe:/a:adobe:acrobat:8.1.4 cpe:/a:adobe:acrobat:8.1.4::professional cpe:/a:adobe:acrobat:8.1.4::standard cpe:/a:adobe:acrobat:9 cpe:/a:adobe:acrobat:9.0 cpe:/a:adobe:acrobat:9.0::standard cpe:/a:adobe:acrobat:9.0.0 cpe:/a:adobe:acrobat:9.1 cpe:/a:adobe:acrobat:9.1::standard cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat_reader:7.0.9 cpe:/a:adobe:acrobat_reader:7.1 cpe:/a:adobe:acrobat_reader:7.1.1 cpe:/a:adobe:acrobat_reader:8.0 cpe:/a:adobe:acrobat_reader:8.1 cpe:/a:adobe:acrobat_reader:8.1.1 cpe:/a:adobe:acrobat_reader:8.1.2 cpe:/a:adobe:acrobat_reader:8.1.2:security_update cpe:/a:adobe:acrobat_reader:8.1.3 cpe:/a:adobe:acrobat_reader:8.1.4 cpe:/a:adobe:acrobat_reader:8.1.5 cpe:/a:adobe:acrobat_reader:9 cpe:/a:adobe:acrobat_reader:9.1 cpe:/a:adobe:acrobat_reader:9.1.1 CVE-2009-0510 2009-06-11T11:30:00.250-04:00 2010-05-04T01:40:56.937-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUSE SUSE-SA:2009:035 SUSE SUSE-SR:2009:012 GENTOO GLSA-200907-06 SECTRACK 1022361 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-07.html REDHAT RHSA-2009:1109 BID 35274 CERT TA09-161A VUPEN ADV-2009-1547 Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. cpe:/a:adobe:acrobat:7.0 cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat:7.0.1 cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat:7.0.2 cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat:7.0.2::standard cpe:/a:adobe:acrobat:7.0.3 cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat:7.0.4 cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat:7.0.5 cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat:7.0.6 cpe:/a:adobe:acrobat:7.0.6::professional cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0.7 cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.8 cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat:7.0.9 cpe:/a:adobe:acrobat:7.0.9::professional cpe:/a:adobe:acrobat:7.1 cpe:/a:adobe:acrobat:7.1::professional cpe:/a:adobe:acrobat:7.1::standard cpe:/a:adobe:acrobat:7.1.0 cpe:/a:adobe:acrobat:7.1.1 cpe:/a:adobe:acrobat:7.1.1::standard cpe:/a:adobe:acrobat:8.0 cpe:/a:adobe:acrobat:8.0::professional cpe:/a:adobe:acrobat:8.0::standard cpe:/a:adobe:acrobat:8.1 cpe:/a:adobe:acrobat:8.1::standard cpe:/a:adobe:acrobat:8.1.1 cpe:/a:adobe:acrobat:8.1.1::professional cpe:/a:adobe:acrobat:8.1.1::standard cpe:/a:adobe:acrobat:8.1.2 cpe:/a:adobe:acrobat:8.1.2::professional cpe:/a:adobe:acrobat:8.1.2::standard cpe:/a:adobe:acrobat:8.1.2:security_update:professional cpe:/a:adobe:acrobat:8.1.3 cpe:/a:adobe:acrobat:8.1.3::professional cpe:/a:adobe:acrobat:8.1.3::standard cpe:/a:adobe:acrobat:8.1.4 cpe:/a:adobe:acrobat:8.1.4::professional cpe:/a:adobe:acrobat:8.1.4::standard cpe:/a:adobe:acrobat:9 cpe:/a:adobe:acrobat:9.0 cpe:/a:adobe:acrobat:9.0::standard cpe:/a:adobe:acrobat:9.0.0 cpe:/a:adobe:acrobat:9.1 cpe:/a:adobe:acrobat:9.1::standard cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat_reader:7.0.9 cpe:/a:adobe:acrobat_reader:7.1 cpe:/a:adobe:acrobat_reader:7.1.1 cpe:/a:adobe:acrobat_reader:8.0 cpe:/a:adobe:acrobat_reader:8.1 cpe:/a:adobe:acrobat_reader:8.1.1 cpe:/a:adobe:acrobat_reader:8.1.2 cpe:/a:adobe:acrobat_reader:8.1.2:security_update cpe:/a:adobe:acrobat_reader:8.1.3 cpe:/a:adobe:acrobat_reader:8.1.4 cpe:/a:adobe:acrobat_reader:8.1.5 cpe:/a:adobe:acrobat_reader:9 cpe:/a:adobe:acrobat_reader:9.1 cpe:/a:adobe:acrobat_reader:9.1.1 CVE-2009-0511 2009-06-11T11:30:00.267-04:00 2010-05-04T01:40:57.077-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUSE SUSE-SA:2009:035 SUSE SUSE-SR:2009:012 GENTOO GLSA-200907-06 SECTRACK 1022361 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-07.html REDHAT RHSA-2009:1109 BID 35274 CERT TA09-161A VUPEN ADV-2009-1547 Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. cpe:/a:adobe:acrobat:7.0 cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat:7.0.1 cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat:7.0.2 cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat:7.0.2::standard cpe:/a:adobe:acrobat:7.0.3 cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat:7.0.4 cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat:7.0.5 cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat:7.0.6 cpe:/a:adobe:acrobat:7.0.6::professional cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0.7 cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.8 cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat:7.0.9 cpe:/a:adobe:acrobat:7.0.9::professional cpe:/a:adobe:acrobat:7.1 cpe:/a:adobe:acrobat:7.1::professional cpe:/a:adobe:acrobat:7.1::standard cpe:/a:adobe:acrobat:7.1.0 cpe:/a:adobe:acrobat:7.1.1 cpe:/a:adobe:acrobat:7.1.1::standard cpe:/a:adobe:acrobat:8.0 cpe:/a:adobe:acrobat:8.0::professional cpe:/a:adobe:acrobat:8.0::standard cpe:/a:adobe:acrobat:8.1 cpe:/a:adobe:acrobat:8.1::standard cpe:/a:adobe:acrobat:8.1.1 cpe:/a:adobe:acrobat:8.1.1::professional cpe:/a:adobe:acrobat:8.1.1::standard cpe:/a:adobe:acrobat:8.1.2 cpe:/a:adobe:acrobat:8.1.2::professional cpe:/a:adobe:acrobat:8.1.2::standard cpe:/a:adobe:acrobat:8.1.2:security_update:professional cpe:/a:adobe:acrobat:8.1.3 cpe:/a:adobe:acrobat:8.1.3::professional cpe:/a:adobe:acrobat:8.1.3::standard cpe:/a:adobe:acrobat:8.1.4 cpe:/a:adobe:acrobat:8.1.4::professional cpe:/a:adobe:acrobat:8.1.4::standard cpe:/a:adobe:acrobat:9 cpe:/a:adobe:acrobat:9.0 cpe:/a:adobe:acrobat:9.0::standard cpe:/a:adobe:acrobat:9.0.0 cpe:/a:adobe:acrobat:9.1 cpe:/a:adobe:acrobat:9.1::standard cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat_reader:7.0.9 cpe:/a:adobe:acrobat_reader:7.1 cpe:/a:adobe:acrobat_reader:7.1.1 cpe:/a:adobe:acrobat_reader:8.0 cpe:/a:adobe:acrobat_reader:8.1 cpe:/a:adobe:acrobat_reader:8.1.1 cpe:/a:adobe:acrobat_reader:8.1.2 cpe:/a:adobe:acrobat_reader:8.1.2:security_update cpe:/a:adobe:acrobat_reader:8.1.3 cpe:/a:adobe:acrobat_reader:8.1.4 cpe:/a:adobe:acrobat_reader:8.1.5 cpe:/a:adobe:acrobat_reader:9 cpe:/a:adobe:acrobat_reader:9.1 cpe:/a:adobe:acrobat_reader:9.1.1 CVE-2009-0512 2009-06-11T11:30:00.297-04:00 2010-05-04T01:40:57.203-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SA:2009:035 SUSE SUSE-SR:2009:012 GENTOO GLSA-200907-06 SECTRACK 1022361 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-07.html REDHAT RHSA-2009:1109 BID 35274 BID 35293 CERT TA09-161A VUPEN ADV-2009-1547 Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0888, and CVE-2009-0889. cpe:/a:webframe:webframe:0.76 CVE-2009-0513 2009-02-10T19:30:02.937-05:00 2017-09-28T21:33:50.667-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33701 EXPLOIT-DB 8025 Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/. cpe:/a:webframe:webframe:0.76 CVE-2009-0514 2009-02-10T19:30:02.953-05:00 2017-09-28T21:33:50.730-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33701 EXPLOIT-DB 8025 Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) currentmod and (2) LANG parameters to mod/index.php. cpe:/a:yanocc:yanocc:0.1.0 CVE-2009-0515 2009-02-10T19:30:02.967-05:00 2017-09-28T21:33:50.777-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33704 VUPEN ADV-2009-0383 XF yanocc-checklang-file-include(48608) EXPLOIT-DB 8020 Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. cpe:/a:businessspace:businessspace:1.2 CVE-2009-0516 2009-02-10T19:30:02.983-05:00 2018-10-11T17:01:52.823-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BUGTRAQ 20090209 [ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability BID 33692 XF businessspace-index-sql-injection(48606) EXPLOIT-DB 8011 SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. cpe:/a:phpslash:phpslash cpe:/a:phpslash:phpslash:0.5.3.2 cpe:/a:phpslash:phpslash:0.6 cpe:/a:phpslash:phpslash:0.6.1 cpe:/a:phpslash:phpslash:0.6.2 cpe:/a:phpslash:phpslash:0.7.1 cpe:/a:phpslash:phpslash:0.7.2 cpe:/a:phpslash:phpslash:0.8.0 cpe:/a:phpslash:phpslash:0.8.1 cpe:/a:phpslash:phpslash:0.8.1.1 cpe:/a:phpslash:phpslash:0.61 cpe:/a:phpslash:phpslash:065 CVE-2009-0517 2009-02-10T19:30:03.017-05:00 2018-10-11T17:01:53.417-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BUGTRAQ 20090201 phpslash <= 0.8.1.1 Remote Code Execution Exploit BID 33572 XF phpslash-generic-code-execution(48441) EXPLOIT-DB 7948 Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information. cpe:/a:vmware:vmware_esx:3.5 cpe:/a:vmware:vmware_esxi:3.5 cpe:/a:vmware:vmware_virtualcenter:1.1 cpe:/a:vmware:vmware_virtualcenter:1.2 cpe:/a:vmware:vmware_virtualcenter:1.3 cpe:/a:vmware:vmware_virtualcenter:1.3.1 cpe:/a:vmware:vmware_virtualcenter:1.4 cpe:/a:vmware:vmware_virtualcenter:1.4.1 CVE-2009-0518 2009-04-06T11:30:04.327-04:00 2017-09-28T21:33:50.967-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MLIST [security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues FULLDISC 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues BID 34373 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0005.html VUPEN ADV-2009-0944 VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password. cpe:/a:adobe:air:1.5 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:7.0.63::linux cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8.0::basic cpe:/a:adobe:flash_player:8.0::pro cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:cs3::pro cpe:/a:adobe:flash_player:cs4::pro cpe:/a:adobe:flash_player_for_linux:10.0.15.3 cpe:/a:adobe:flex:3.0 CVE-2009-0519 2009-02-26T11:17:19.877-05:00 2017-09-28T21:33:51.043-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://isc.sans.org/diary.html?storyid=5929 APPLE APPLE-SA-2009-05-12 REDHAT RHSA-2009:0332 REDHAT RHSA-2009:0334 GENTOO GLSA-200903-23 SUNALERT 254909 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-01.html BID 33890 CERT TA09-133A VUPEN ADV-2009-0513 VUPEN ADV-2009-0743 VUPEN ADV-2009-1297 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487141 XF flash-swf-unspecified-dos(48900) Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. cpe:/a:adobe:air:1.5 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:7.0.63::linux cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8.0::basic cpe:/a:adobe:flash_player:8.0::pro cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:cs3::pro cpe:/a:adobe:flash_player:cs4::pro cpe:/a:adobe:flash_player_for_linux:10.0.15.3 cpe:/a:adobe:flex:3.0 CVE-2009-0520 2009-02-26T11:17:19.890-05:00 2017-09-28T21:33:51.137-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://isc.sans.org/diary.html?storyid=5929 IDEFENSE 20090224 Adobe Flash Player Invalid Object Reference Vulnerability APPLE APPLE-SA-2009-05-12 REDHAT RHSA-2009:0332 REDHAT RHSA-2009:0334 GENTOO GLSA-200903-23 SECTRACK 1021750 SUNALERT 254909 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-01.html BID 33880 CERT TA09-133A VUPEN ADV-2009-0513 VUPEN ADV-2009-0743 VUPEN ADV-2009-1297 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487142 XF flash-invalid-object-bo(48887) Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue." cpe:/a:adobe:flash_player_for_linux:10.0.12.36 cpe:/a:adobe:flash_player_for_linux:10.0.15.3 CVE-2009-0521 2009-02-26T11:17:19.920-05:00 2017-09-28T21:33:51.217-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://isc.sans.org/diary.html?storyid=5929 REDHAT RHSA-2009:0332 GENTOO GLSA-200903-23 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-01.html VUPEN ADV-2009-0513 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487144 XF flash-unspecified-information-disclosure(48904) Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH. cpe:/a:adobe:air:1.5 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:7.0.63::linux cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8.0::basic cpe:/a:adobe:flash_player:8.0::pro cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:cs3::pro cpe:/a:adobe:flash_player:cs4::pro cpe:/a:adobe:flash_player_for_linux:10.0.15.3 cpe:/a:adobe:flex:3.0 CVE-2009-0522 2009-02-26T11:17:19.937-05:00 2017-09-28T21:33:51.277-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov MISC http://isc.sans.org/diary.html?storyid=5929 SECTRACK 1021752 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-01.html VUPEN ADV-2009-0513 XF flash-unspecified-click-hijacking(48903) Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." cpe:/a:adobe:robohelp:6 cpe:/a:adobe:robohelp:7 cpe:/a:adobe:robohelp_server:6 cpe:/a:adobe:robohelp_server:7 CVE-2009-0523 2009-02-26T11:17:19.967-05:00 2017-08-07T21:33:58.627-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SECTRACK 1021755 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-02.html BID 33887 VUPEN ADV-2009-0512 XF robohelp-errors-log-xss(48890) Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log. cpe:/a:adobe:robohelp:6 cpe:/a:adobe:robohelp:7 cpe:/a:adobe:robohelp_server:6 cpe:/a:adobe:robohelp_server:7 CVE-2009-0524 2009-02-26T11:17:19.983-05:00 2017-08-07T21:33:58.687-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SECTRACK 1021755 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-02.html BID 33888 VUPEN ADV-2009-0512 XF robohelp-generated-files-xss(48889) Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp. cpe:/a:modernmethod:sajax:0.12 CVE-2009-0525 2009-02-11T15:30:00.390-05:00 2009-02-12T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-02-12T09:39:00.000-05:00 BID 33711 Cross-site scripting (XSS) vulnerability in the sajax_get_common_js function in php/Sajax.php in Sajax 0.12 allows remote attackers to inject arbitrary web script or HTML via the URL parameter, which is not properly handled when using browsers that do not URL-encode requests, such as Internet Explorer 6. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:adaptcms:adaptcms:1.4:unknown:lite CVE-2009-0526 2009-02-11T15:30:00.420-05:00 2017-09-28T21:33:51.357-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33698 XF adaptcms-index-xss(48611) EXPLOIT-DB 8016 Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI. cpe:/a:adaptcms:adaptcms:1.4:unknown:lite CVE-2009-0527 2009-02-11T15:30:00.437-05:00 2017-09-28T21:33:51.417-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33698 XF adaptcms-sitepath-file-include(48610) EXPLOIT-DB 8016 PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. cpe:/a:rhadrix:if-cms:2.07 CVE-2009-0528 2009-02-11T15:30:00.467-05:00 2017-09-28T21:33:51.747-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33697 EXPLOIT-DB 8007 SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:electrictoad:snippetmaster_webpage_editor:2.2.2 CVE-2009-0529 2009-02-11T15:30:00.500-05:00 2017-09-28T21:33:51.950-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33705 EXPLOIT-DB 8017 Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster Webpage Editor 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the language parameter. cpe:/a:electrictoad:snippetmaster_webpage_editor:2.2.2 CVE-2009-0530 2009-02-11T15:30:00.517-05:00 2017-09-28T21:33:52.013-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33705 EXPLOIT-DB 8017 Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SCRIPT_PATH] parameter to includes/vars.inc.php and the (2) g_pcltar_lib_dir parameter to includes/tar_lib/pcltar.lib.php. cpe:/a:ontarioabandonedplaces:a_better_member-based_asp_photo_gallery:1.1 CVE-2009-0531 2009-02-11T15:30:00.530-05:00 2017-09-28T21:33:52.060-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://www.ontarioabandonedplaces.com/ipguardian/gallery/readme.txt BID 33693 XF bettermember-view-sql-injection(48612) EXPLOIT-DB 8012 SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter. cpe:/a:scripts-for-sites:ez_baby:- CVE-2009-0532 2009-02-11T15:30:00.547-05:00 2017-08-07T21:33:58.923-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33635 XF ezbaby-password-xss(48547) Cross-site scripting (XSS) vulnerability in password.php in Scripts For Sites (SFS) EZ Baby allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:scripts-for-sites:ez_reminder:- CVE-2009-0533 2009-02-11T15:30:00.563-05:00 2017-08-07T21:33:58.970-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33641 XF ezreminder-password-xss(48548) Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:flexcms:flexcms CVE-2009-0534 2009-02-11T15:30:00.610-05:00 2017-09-28T21:33:52.123-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33696 XF flexcms-catid-sql-injection(48609) EXPLOIT-DB 8018 SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter. cpe:/a:extrosoft:thyme:1.3 CVE-2009-0535 2009-02-11T15:30:00.627-05:00 2017-09-28T21:33:52.170-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS EXPLOIT-DB 8029 Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter. cpe:/o:ibm:aix:5.2.0 cpe:/o:ibm:aix:5.3.0 cpe:/o:ibm:aix:5.3.7 cpe:/o:ibm:aix:5.3.8 cpe:/o:ibm:aix:5.3.9 cpe:/o:ibm:aix:6.1.0 cpe:/o:ibm:aix:6.1.1 cpe:/o:ibm:aix:6.1.2 CVE-2009-0536 2009-02-11T15:30:00.640-05:00 2017-09-28T21:33:52.230-04:00 4.9 LOCAL LOW NONE COMPLETE NONE NONE http://nvd.nist.gov CONFIRM http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc AIXAPAR IZ43452 AIXAPAR IZ43453 AIXAPAR IZ43454 AIXAPAR IZ43455 AIXAPAR IZ43456 AIXAPAR IZ43457 AIXAPAR IZ43458 AIXAPAR IZ43459 BID 33730 SECTRACK 1021704 VUPEN ADV-2009-0405 CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558 XF ibm-aix-at-information-disclosure(48660) at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges. cpe:/a:microsoft:interix:6.0::10.0.6030.0 cpe:/o:openbsd:openbsd:2.0 cpe:/o:openbsd:openbsd:2.1 cpe:/o:openbsd:openbsd:2.2 cpe:/o:openbsd:openbsd:2.3 cpe:/o:openbsd:openbsd:2.4 cpe:/o:openbsd:openbsd:2.5 cpe:/o:openbsd:openbsd:2.6 cpe:/o:openbsd:openbsd:2.7 cpe:/o:openbsd:openbsd:2.8 cpe:/o:openbsd:openbsd:2.9 cpe:/o:openbsd:openbsd:3.0 cpe:/o:openbsd:openbsd:3.1 cpe:/o:openbsd:openbsd:3.2 cpe:/o:openbsd:openbsd:3.3 cpe:/o:openbsd:openbsd:3.4 cpe:/o:openbsd:openbsd:3.5 cpe:/o:openbsd:openbsd:3.6 cpe:/o:openbsd:openbsd:3.7 cpe:/o:openbsd:openbsd:3.8 cpe:/o:openbsd:openbsd:3.9 cpe:/o:openbsd:openbsd:4.0 cpe:/o:openbsd:openbsd:4.1 cpe:/o:openbsd:openbsd:4.2 cpe:/o:openbsd:openbsd:4.3 cpe:/o:openbsd:openbsd:4.4 CVE-2009-0537 2009-03-09T17:30:00.203-04:00 2018-10-11T17:01:54.760-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov SREASONRES 20090304 libc:fts_*():multiple vendors, Denial-of-service CONFIRM http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c CONFIRM http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41;r2=1.42;f=h BUGTRAQ 20090305 libc:fts_*():multiple vendors, Denial-of-service BID 34008 SECTRACK 1021818 EXPLOIT-DB 8163 Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise. cpe:/a:symantec:pcanywhere:10.0 cpe:/a:symantec:pcanywhere:10.5 cpe:/a:symantec:pcanywhere:11.0 cpe:/a:symantec:pcanywhere:11.0.1 cpe:/a:symantec:pcanywhere:11.5 cpe:/a:symantec:pcanywhere:11.5.1 cpe:/a:symantec:pcanywhere:12.0 cpe:/a:symantec:pcanywhere:12.1 cpe:/a:symantec:pcanywhere:12.5 CVE-2009-0538 2009-03-18T11:30:00.453-04:00 2018-10-11T17:01:55.730-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html SECTRACK 1021855 MISC http://www.layereddefense.com/pcanywhere17mar.html BUGTRAQ 20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5 BID 33845 VUPEN ADV-2009-0755 XF symantec-pcanywhere-unspecified-dos(49291) Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file). cpe:/a:insightinformatics:libero:5.3:sp5 CVE-2009-0540 2009-02-25T11:30:00.453-05:00 2017-08-07T21:33:59.203-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov FULLDISC 20090222 Libero Cross-Site Scripting Vulnerability - Security Advisory - SOS-09-001 BID 33856 VUPEN ADV-2009-0493 XF libero-searchterm-xss(48870) Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field. cpe:/a:magentocommerc:magento:1.2.0 cpe:/a:magentocommerc:magento:1.2.1.1 CVE-2009-0541 2009-02-25T11:30:00.467-05:00 2017-08-07T21:33:59.267-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov FULLDISC 20090223 Magento Multiple Cross-Site Scripting Vulnerabilities - Security Advisory - SOS-09-002 SECTRACK 1021746 BID 33872 XF magento-login-xss(48876) XF magento-forgotpasswordaction-xss(48877) XF magneto-downloader-xss(48878) Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/. cpe:/a:proftpd_project:proftpd:1.3.1 cpe:/a:proftpd_project:proftpd:1.3.2 cpe:/a:proftpd_project:proftpd:1.3.2_rc2 CVE-2009-0542 2009-02-12T11:30:00.267-05:00 2018-10-11T17:01:56.557-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://bugs.proftpd.org/show_bug.cgi?id=3180 GENTOO GLSA-200903-27 DEBIAN DSA-1730 MANDRIVA MDVSA-2009:061 MLIST [oss-security] 20090211 CVE request for proftpd MLIST [oss-security] 20090211 Re: CVE request for proftpd MLIST [oss-security] 20090211 Re: CVE request for proftpd BUGTRAQ 20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) BUGTRAQ 20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) BUGTRAQ 20090210 ProFTPd with mod_mysql Authentication Bypass Exploit BUGTRAQ 20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) EXPLOIT-DB 8037 SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql. cpe:/a:proftpd:proftpd:1.3.1 CVE-2009-0543 2009-02-12T11:30:00.297-05:00 2009-06-09T01:32:35.297-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://bugs.proftpd.org/show_bug.cgi?id=3173 GENTOO GLSA-200903-27 DEBIAN DSA-1730 MANDRIVA MDVSA-2009:061 MLIST [oss-security] 20090211 CVE request for proftpd MLIST [oss-security] 20090211 Re: CVE request for proftpd ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. cpe:/a:pycrypto:arc2:2.0.1 CVE-2009-0544 2009-02-12T12:30:00.217-05:00 2017-08-07T21:33:59.330-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b CONFIRM http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d SUSE SUSE-SR:2009:010 GENTOO GLSA-200903-11 MANDRIVA MDVSA-2009:049 MANDRIVA MDVSA-2009:050 MLIST [oss-security] 20090207 CVE Request: pycrypto MLIST [oss-security] 20090212 Re: CVE Request: pycrypto BID 33674 XF pycrypto-arc2module-bo(48617) Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length. cpe:/a:zeroshell:zeroshell:1.0:beta1 cpe:/a:zeroshell:zeroshell:1.0:beta10 cpe:/a:zeroshell:zeroshell:1.0:beta11 cpe:/a:zeroshell:zeroshell:1.0:beta2 cpe:/a:zeroshell:zeroshell:1.0:beta3 cpe:/a:zeroshell:zeroshell:1.0:beta4 cpe:/a:zeroshell:zeroshell:1.0:beta5 cpe:/a:zeroshell:zeroshell:1.0:beta6 cpe:/a:zeroshell:zeroshell:1.0:beta7 cpe:/a:zeroshell:zeroshell:1.0:beta8 cpe:/a:zeroshell:zeroshell:1.0:beta9 CVE-2009-0545 2009-02-12T18:30:01.170-05:00 2018-10-10T15:29:01.497-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://www.ikkisoft.com/stuff/LC-2009-01.txt BUGTRAQ 20090209 ZeroShell <= 1.0beta11 Remote Code Execution VUPEN ADV-2009-0385 MISC http://www.zeroshell.net/eng/announcements/ MISC http://www.zeroshell.net/eng/patch-details/#C100 EXPLOIT-DB 8023 cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. cpe:/a:newsgator:feeddemon:2.0.0.24 cpe:/a:newsgator:feeddemon:2.6 cpe:/a:newsgator:feeddemon:2.6.1.4 cpe:/a:newsgator:feeddemon:2.6.1.5 cpe:/a:newsgator:feeddemon:2.7 CVE-2009-0546 2009-02-12T18:30:01.187-05:00 2018-10-10T15:29:02.027-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://security.bkis.vn/?p=329 BUGTRAQ 20090205 [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability BID 33630 EXPLOIT-DB 7995 EXPLOIT-DB 8010 Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file. cpe:/a:evolution:evolution:2.22.3.1 CVE-2009-0547 2009-02-12T18:30:01.217-05:00 2017-09-28T21:33:52.590-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479 CONFIRM http://bugzilla.gnome.org/show_bug.cgi?id=564465 SUSE SUSE-SR:2010:006 SUSE SUSE-SR:2010:011 SUSE SUSE-SR:2010:012 MLIST [oss-security] 20090210 CVE Request -- evolution DEBIAN DSA-1813 MANDRIVA MDVSA-2009:078 REDHAT RHSA-2009:0354 REDHAT RHSA-2009:0355 BID 33720 VUPEN ADV-2010-1107 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=484925 FEDORA FEDORA-2009-2784 FEDORA FEDORA-2009-2792 Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. cpe:/a:eset:remote_administrator:3.0.35 CVE-2009-0548 2009-02-12T18:30:01.233-05:00 2011-03-07T22:18:41.500-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://www.eset.eu/support/changelog-eset-remote-administrator-3 VUPEN ADV-2009-0339 Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp2 cpe:/a:microsoft:office_excel:2000:sp3 cpe:/a:microsoft:office_excel:2003:sp3 cpe:/a:microsoft:office_excel:2007:sp1 cpe:/a:microsoft:office_excel:2007:sp2 cpe:/a:microsoft:office_excel_viewer cpe:/a:microsoft:office_excel_viewer:2003:sp3 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x64 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x64 cpe:/a:microsoft:open_xml_file_format_converter:::mac CVE-2009-0549 2009-06-10T14:30:00.187-04:00 2018-10-12T17:50:25.660-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BID 35215 SECTRACK 1022351 CERT TA09-160A VUPEN ADV-2009-1540 MS MS09-021 Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability." cpe:/a:microsoft:ie:5.01:sp4 cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:internet_explorer:7 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp1:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_server_2008:::32_bit cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:gold cpe:/o:microsoft:windows_xp:::pro_x64 cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0550 2009-04-15T04:00:00.593-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 BID 34439 SECTRACK 1022041 CERT TA09-104A VUPEN ADV-2009-1027 VUPEN ADV-2009-1028 MS MS09-013 MS MS09-014 Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:internet_explorer:6:sp1 cpe:/a:microsoft:internet_explorer:7 CVE-2009-0551 2009-04-15T04:00:00.627-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 SECTRACK 1022042 CERT TA09-104A VUPEN ADV-2009-1028 MS MS09-014 Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." cpe:/a:microsoft:ie:5.0.1:sp4 cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:6.0:sp1 CVE-2009-0552 2009-04-15T04:00:00.640-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm SECTRACK 1022042 CERT TA09-104A VUPEN ADV-2009-1028 MS MS09-014 Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:internet_explorer:6:sp1 cpe:/a:microsoft:internet_explorer:7 CVE-2009-0553 2009-04-15T04:00:00.670-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://skypher.com/index.php/2009/04/19/ms09-014-embed-element-memory-corruption/ CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm BID 34424 SECTRACK 1022042 CERT TA09-104A VUPEN ADV-2009-1028 MS MS09-014 Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." cpe:/a:microsoft:internet_explorer:5.01:sp4 cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:internet_explorer:6:sp1 cpe:/a:microsoft:internet_explorer:7 CVE-2009-0554 2009-04-15T04:00:00.687-04:00 2019-02-26T09:04:00.993-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm SECTRACK 1022042 CERT TA09-104A VUPEN ADV-2009-1028 MS MS09-014 Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." cpe:/a:microsoft:windows_media_format_runtime:9.0 cpe:/a:microsoft:windows_media_format_runtime:9.5 cpe:/a:microsoft:windows_media_format_runtime:11 cpe:/a:microsoft:windows_media_player:9 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2003:-:sp2 cpe:/o:microsoft:windows_server_2008:::~~~~x64~ cpe:/o:microsoft:windows_server_2008:::~~~~x86~ cpe:/o:microsoft:windows_server_2008::sp2:~~~~x64~ cpe:/o:microsoft:windows_server_2008::sp2:~~~~x86~ cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::~~~~x64~ cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:~~~~x64~ cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:~~~~x64~ cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:~~~~x64~ cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0555 2009-10-14T06:30:00.920-04:00 2019-02-27T20:20:18.863-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2019-02-27T13:55:47.313-05:00 CERT TA09-286A MS MS09-051 Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." cpe:/a:microsoft:office_powerpoint:2004 cpe:/a:microsoft:powerpoint:2000:sp3 cpe:/a:microsoft:powerpoint:2002:sp3 cpe:/a:microsoft:powerpoint:2003:sp3 CVE-2009-0556 2009-04-03T14:30:00.610-04:00 2018-10-12T17:50:34.863-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx CONFIRM http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx CONFIRM http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx CERT-VN VU#627331 CONFIRM http://www.microsoft.com/technet/security/advisory/969136.mspx BUGTRAQ 20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability BID 34351 SECTRACK 1021967 CERT TA09-132A VUPEN ADV-2009-0915 VUPEN ADV-2009-1290 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-019 MS MS09-017 XF powerpoint-unspecified-code-execution(49632) Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp2 cpe:/a:microsoft:office_excel:2000:sp3 cpe:/a:microsoft:office_excel:2003:sp3 cpe:/a:microsoft:office_excel:2007:sp1 cpe:/a:microsoft:office_excel:2007:sp2 cpe:/a:microsoft:office_excel_viewer cpe:/a:microsoft:office_excel_viewer:2003:sp3 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x64 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x64 cpe:/a:microsoft:open_xml_file_format_converter:::mac CVE-2009-0557 2009-06-10T14:30:00.203-04:00 2018-10-12T17:50:37.457-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BID 35241 SECTRACK 1022351 CERT TA09-160A VUPEN ADV-2009-1540 MS MS09-021 Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability." cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp2 cpe:/a:microsoft:office_excel:2000:sp3 cpe:/a:microsoft:office_excel:2003:sp3 cpe:/a:microsoft:office_excel:2007:sp1 cpe:/a:microsoft:office_excel:2007:sp2 cpe:/a:microsoft:office_excel_viewer cpe:/a:microsoft:office_excel_viewer:2003:sp3 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x64 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x64 cpe:/a:microsoft:open_xml_file_format_converter:::mac CVE-2009-0558 2009-06-10T14:30:00.217-04:00 2018-10-12T17:50:38.397-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability BID 35242 SECTRACK 1022351 CERT TA09-160A VUPEN ADV-2009-1540 MS MS09-021 Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp2 cpe:/a:microsoft:office_excel:2000:sp3 cpe:/a:microsoft:office_excel:2003:sp3 cpe:/a:microsoft:office_excel:2007:sp1 cpe:/a:microsoft:office_excel:2007:sp2 cpe:/a:microsoft:office_excel_viewer cpe:/a:microsoft:office_excel_viewer:2003:sp3 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x64 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x64 cpe:/a:microsoft:open_xml_file_format_converter:::mac CVE-2009-0559 2009-06-10T14:30:00.250-04:00 2018-10-12T17:50:39.740-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 35243 SECTRACK 1022351 CERT TA09-160A VUPEN ADV-2009-1540 MS MS09-021 Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp2 cpe:/a:microsoft:office_excel:2000:sp3 cpe:/a:microsoft:office_excel:2003:sp3 cpe:/a:microsoft:office_excel:2007:sp1 cpe:/a:microsoft:office_excel:2007:sp2 cpe:/a:microsoft:office_excel_viewer cpe:/a:microsoft:office_excel_viewer:2003:sp3 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x64 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x64 cpe:/a:microsoft:open_xml_file_format_converter:::mac CVE-2009-0560 2009-06-10T14:30:00.267-04:00 2018-10-12T17:50:40.410-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BID 35244 SECTRACK 1022351 CERT TA09-160A VUPEN ADV-2009-1540 MS MS09-021 Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability." cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp2 cpe:/a:microsoft:office_excel:2000:sp3 cpe:/a:microsoft:office_excel:2003:sp3 cpe:/a:microsoft:office_excel:2007:sp1 cpe:/a:microsoft:office_excel:2007:sp2 cpe:/a:microsoft:office_excel_viewer cpe:/a:microsoft:office_excel_viewer:2003:sp3 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp1:x64 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x32 cpe:/a:microsoft:office_sharepoint_server:2007:sp2:x64 cpe:/a:microsoft:open_xml_file_format_converter:::mac CVE-2009-0561 2009-06-10T14:30:00.280-04:00 2018-10-12T17:50:41.367-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov IDEFENSE 20090609 Microsoft Excel SST Record Integer Overflow Vulnerability BUGTRAQ 20090609 Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability BID 35245 SECTRACK 1022351 CERT TA09-160A VUPEN ADV-2009-1540 MS MS09-021 Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability." cpe:/a:microsoft:isa_server:2004:sp3:enterprise cpe:/a:microsoft:isa_server:2004:sp3:standard cpe:/a:microsoft:isa_server:2006:sp1:enterprise cpe:/a:microsoft:isa_server:2006:sp1:standard cpe:/a:microsoft:office:-::small_business_accounting_2006 cpe:/a:microsoft:office:2003:sp3 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office_web_components:2000:sp3 cpe:/a:microsoft:office_web_components:2003:sp1:2007_microsoft_office cpe:/a:microsoft:office_web_components:2003:sp3 cpe:/a:microsoft:office_web_components:xp:sp3 CVE-2009-0562 2009-08-12T13:30:00.390-04:00 2018-10-12T17:50:42.663-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SECTRACK 1022708 CERT TA09-223A MS MS09-043 The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp2 cpe:/a:microsoft:office_word:2000:sp3 cpe:/a:microsoft:office_word:2002:sp3 cpe:/a:microsoft:office_word:2003:sp3 cpe:/a:microsoft:office_word:2007:sp1 cpe:/a:microsoft:office_word:2007:sp2 cpe:/a:microsoft:office_word_viewer cpe:/a:microsoft:office_word_viewer:2003:sp3 cpe:/a:microsoft:open_xml_file_format_converter:::mac CVE-2009-0563 2009-06-10T14:00:00.313-04:00 2018-10-12T17:50:43.147-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090610 ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability BID 35188 SECTRACK 1022356 CERT TA09-160A VUPEN ADV-2009-1546 MISC http://www.zerodayinitiative.com/advisories/ZDI-09-035 MS MS09-027 Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability." cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp2 cpe:/a:microsoft:office_word:2000:sp3 cpe:/a:microsoft:office_word:2002:sp3 cpe:/a:microsoft:office_word:2003:sp3 cpe:/a:microsoft:office_word:2007:sp1 cpe:/a:microsoft:office_word:2007:sp2 cpe:/a:microsoft:office_word_viewer cpe:/a:microsoft:office_word_viewer:2003:sp3 cpe:/a:microsoft:open_xml_file_format_converter:::mac CVE-2009-0565 2009-06-10T14:00:00.327-04:00 2018-10-12T17:50:44.350-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SREASON 8206 BID 35190 SECTRACK 1022356 CERT TA09-160A VUPEN ADV-2009-1546 MS MS09-027 Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability." cpe:/a:microsoft:office_publisher:2007:sp1 CVE-2009-0566 2009-07-15T11:30:01.313-04:00 2018-10-12T17:50:45.380-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BID 35599 SECTRACK 1022546 CERT TA09-195A VUPEN ADV-2009-1888 MS MS09-030 Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." CVE-2009-0567 2017-05-11T10:29:09.137-04:00 2017-05-11T10:29:09.137-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none. cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:~~~~itanium~ cpe:/o:microsoft:windows_2003_server::sp2:~~~~x64~ cpe:/o:microsoft:windows_server:2008::~~~~itanium~ cpe:/o:microsoft:windows_server:2008::~sp2~~~itanium~ cpe:/o:microsoft:windows_server_2008:::~~~~x64~ cpe:/o:microsoft:windows_server_2008:::~~~~x86~ cpe:/o:microsoft:windows_server_2008::sp2:~~~~x64~ cpe:/o:microsoft:windows_server_2008::sp2:~~~~x86~ cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_vista:::~~~~x64~ cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista:- cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:~~~~x64~ cpe:/o:microsoft:windows_xp::sp3 CVE-2009-0568 2009-06-10T14:00:00.360-04:00 2018-10-12T17:50:46.083-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://blogs.technet.com/srd/archive/2009/06/09/ms09-026-how-a-developer-can-know-if-their-rpc-interface-is-affected.aspx BID 35219 SECTRACK 1022357 CERT TA09-160A VUPEN ADV-2009-1545 MS MS09-026 The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." cpe:/a:rimarts:becky%21_internet_mail:1.26.3 cpe:/a:rimarts:becky%21_internet_mail:1.26.4 cpe:/a:rimarts:becky%21_internet_mail:1.26.5 cpe:/a:rimarts:becky%21_internet_mail:2.00.0 cpe:/a:rimarts:becky%21_internet_mail:2.00.01 cpe:/a:rimarts:becky%21_internet_mail:2.00.02 cpe:/a:rimarts:becky%21_internet_mail:2.00.03 cpe:/a:rimarts:becky%21_internet_mail:2.00.04 cpe:/a:rimarts:becky%21_internet_mail:2.00.05 cpe:/a:rimarts:becky%21_internet_mail:2.00.06 cpe:/a:rimarts:becky%21_internet_mail:2.00.07 cpe:/a:rimarts:becky%21_internet_mail:2.00.08 cpe:/a:rimarts:becky%21_internet_mail:2.00.09 cpe:/a:rimarts:becky%21_internet_mail:2.00.10 cpe:/a:rimarts:becky%21_internet_mail:2.00.11 cpe:/a:rimarts:becky%21_internet_mail:2.05.00 cpe:/a:rimarts:becky%21_internet_mail:2.05.01 cpe:/a:rimarts:becky%21_internet_mail:2.05.02 cpe:/a:rimarts:becky%21_internet_mail:2.05.03 cpe:/a:rimarts:becky%21_internet_mail:2.05.04 cpe:/a:rimarts:becky%21_internet_mail:2.05.05 cpe:/a:rimarts:becky%21_internet_mail:2.05.06 cpe:/a:rimarts:becky%21_internet_mail:2.05.07 cpe:/a:rimarts:becky%21_internet_mail:2.05.08 cpe:/a:rimarts:becky%21_internet_mail:2.05.09 cpe:/a:rimarts:becky%21_internet_mail:2.05.10 cpe:/a:rimarts:becky%21_internet_mail:2.05.11 cpe:/a:rimarts:becky%21_internet_mail:2.06 cpe:/a:rimarts:becky%21_internet_mail:2.06.02 cpe:/a:rimarts:becky%21_internet_mail:2.07 cpe:/a:rimarts:becky%21_internet_mail:2.07.01 cpe:/a:rimarts:becky%21_internet_mail:2.07.02 cpe:/a:rimarts:becky%21_internet_mail:2.07.03 cpe:/a:rimarts:becky%21_internet_mail:2.07.04 cpe:/a:rimarts:becky%21_internet_mail:2.08 cpe:/a:rimarts:becky%21_internet_mail:2.08.01 cpe:/a:rimarts:becky%21_internet_mail:2.09 cpe:/a:rimarts:becky%21_internet_mail:2.09.01 cpe:/a:rimarts:becky%21_internet_mail:2.10 cpe:/a:rimarts:becky%21_internet_mail:2.10.01 cpe:/a:rimarts:becky%21_internet_mail:2.10.02 cpe:/a:rimarts:becky%21_internet_mail:2.10.03 cpe:/a:rimarts:becky%21_internet_mail:2.10.04 cpe:/a:rimarts:becky%21_internet_mail:2.11 cpe:/a:rimarts:becky%21_internet_mail:2.11.01 cpe:/a:rimarts:becky%21_internet_mail:2.11.02 cpe:/a:rimarts:becky%21_internet_mail:2.12 cpe:/a:rimarts:becky%21_internet_mail:2.12.01 cpe:/a:rimarts:becky%21_internet_mail:2.20 cpe:/a:rimarts:becky%21_internet_mail:2.20.01 cpe:/a:rimarts:becky%21_internet_mail:2.20.02 cpe:/a:rimarts:becky%21_internet_mail:2.20.03 cpe:/a:rimarts:becky%21_internet_mail:2.20.04 cpe:/a:rimarts:becky%21_internet_mail:2.20.05 cpe:/a:rimarts:becky%21_internet_mail:2.20.06 cpe:/a:rimarts:becky%21_internet_mail:2.20.07 cpe:/a:rimarts:becky%21_internet_mail:2.21 cpe:/a:rimarts:becky%21_internet_mail:2.21.01 cpe:/a:rimarts:becky%21_internet_mail:2.21.02 cpe:/a:rimarts:becky%21_internet_mail:2.21.03 cpe:/a:rimarts:becky%21_internet_mail:2.21.04 cpe:/a:rimarts:becky%21_internet_mail:2.22 cpe:/a:rimarts:becky%21_internet_mail:2.22.01 cpe:/a:rimarts:becky%21_internet_mail:2.22.02 cpe:/a:rimarts:becky%21_internet_mail:2.23 cpe:/a:rimarts:becky%21_internet_mail:2.24 cpe:/a:rimarts:becky%21_internet_mail:2.24.01 cpe:/a:rimarts:becky%21_internet_mail:2.24.02 cpe:/a:rimarts:becky%21_internet_mail:2.25 cpe:/a:rimarts:becky%21_internet_mail:2.25.01 cpe:/a:rimarts:becky%21_internet_mail:2.25.02 cpe:/a:rimarts:becky%21_internet_mail:2.26 cpe:/a:rimarts:becky%21_internet_mail:2.27 cpe:/a:rimarts:becky%21_internet_mail:2.28 cpe:/a:rimarts:becky%21_internet_mail:2.28.01 cpe:/a:rimarts:becky%21_internet_mail:2.29 cpe:/a:rimarts:becky%21_internet_mail:2.30 cpe:/a:rimarts:becky%21_internet_mail:2.30.01 cpe:/a:rimarts:becky%21_internet_mail:2.30.02 cpe:/a:rimarts:becky%21_internet_mail:2.30.03 cpe:/a:rimarts:becky%21_internet_mail:2.30.04 cpe:/a:rimarts:becky%21_internet_mail:2.31.00 cpe:/a:rimarts:becky%21_internet_mail:2.40.00 cpe:/a:rimarts:becky%21_internet_mail:2.40.01 cpe:/a:rimarts:becky%21_internet_mail:2.40.02 cpe:/a:rimarts:becky%21_internet_mail:2.40.03 cpe:/a:rimarts:becky%21_internet_mail:2.40.04 cpe:/a:rimarts:becky%21_internet_mail:2.41.00 cpe:/a:rimarts:becky%21_internet_mail:2.42.00 cpe:/a:rimarts:becky%21_internet_mail:2.43.00 cpe:/a:rimarts:becky%21_internet_mail:2.44.00 cpe:/a:rimarts:becky%21_internet_mail:2.45.00 cpe:/a:rimarts:becky%21_internet_mail:2.45.01 cpe:/a:rimarts:becky%21_internet_mail:2.45.02 cpe:/a:rimarts:becky%21_internet_mail:2.46 cpe:/a:rimarts:becky%21_internet_mail:2.47 cpe:/a:rimarts:becky%21_internet_mail:2.47.01 cpe:/a:rimarts:becky%21_internet_mail:2.48 cpe:/a:rimarts:becky%21_internet_mail:2.48.01 cpe:/a:rimarts:becky%21_internet_mail:2.48.02 CVE-2009-0569 2009-02-12T20:30:00.377-05:00 2017-08-07T21:33:59.470-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS JVN JVN#29641290 JVNDB JVNDB-2009-000011 CONFIRM http://www.rimarts.jp/downloads/B2/Readme-e.txt BID 33756 XF becky-readreceipt-bo(48684) Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request. cpe:/a:ninjadesigns:mailist:3.0 CVE-2009-0570 2009-02-13T12:30:00.733-05:00 2017-09-28T21:33:53.873-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33648 EXPLOIT-DB 8001 Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter. NOTE: some of these details are obtained from third party information. cpe:/a:ninjadesigns:mailist:3.0 CVE-2009-0571 2009-02-13T12:30:00.750-05:00 2017-09-28T21:33:53.920-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov EXPLOIT-DB 8001 admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory. cpe:/a:flatnux:flatnux:2009-01-27 cpe:/a:flatnux:flatnux:2009-02-04 CVE-2009-0572 2009-02-13T12:30:00.767-05:00 2018-10-10T15:29:07.527-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BUGTRAQ 20090202 flatnux Flatnux-2009-01-27 Remote File Include BID 33599 XF flatnuxcms-fnrootpath-file-include(48491) EXPLOIT-DB 7969 PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php. cpe:/a:fotoware:fotoweb:6.0 CVE-2009-0573 2009-02-13T12:30:00.780-05:00 2009-02-16T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-02-16T08:33:00.000-05:00 MISC http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf BID 33677 Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx. cpe:/a:cafeengine:easycafeengine:- CVE-2009-0574 2009-02-13T12:30:00.813-05:00 2017-09-28T21:33:54.060-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33655 VUPEN ADV-2009-0359 EXPLOIT-DB 8002 SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604. cpe:/a:drupal:views_bulk_operations:5.x-1.0 cpe:/a:drupal:views_bulk_operations:5.x-1.0beta1 cpe:/a:drupal:views_bulk_operations:5.x-1.0beta3 cpe:/a:drupal:views_bulk_operations:5.x-1.0beta4 cpe:/a:drupal:views_bulk_operations:5.x-1.0beta5 cpe:/a:drupal:views_bulk_operations:5.x-1.1 cpe:/a:drupal:views_bulk_operations:5.x-1.2 cpe:/a:drupal:views_bulk_operations:6.x-1.0 cpe:/a:drupal:views_bulk_operations:6.x-1.1 cpe:/a:drupal:views_bulk_operations:6.x-1.2 cpe:/a:drupal:views_bulk_operations:6.x-1.3 CVE-2009-0575 2009-02-13T12:30:00.827-05:00 2017-08-16T21:29:54.693-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://drupal.org/node/369223 BID 33622 XF viewsbulk-themeviewsbulk-xss(48516) Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information. cpe:/a:sun:java_system_directory_server:5.0:-:enterprise cpe:/a:sun:java_system_directory_server:5.2 CVE-2009-0576 2009-02-13T12:30:00.843-05:00 2017-08-16T21:29:54.740-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1 SUNALERT 250086 BID 33732 VUPEN ADV-2009-0409 XF sun-java-sds-ldap-dos(48662) Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests. cpe:/a:apple:cups:1.1.17 CVE-2009-0577 2009-02-20T14:30:00.233-05:00 2017-09-28T21:33:54.123-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-064.htm REDHAT RHSA-2009:0308 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=486052 XF cups-texttops-writeprolog-bo(48977) Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2008-3640. cpe:/o:ubuntu:ubuntu_linux:8.10 CVE-2009-0578 2009-03-04T21:30:00.343-05:00 2017-09-28T21:33:54.183-04:00 6.2 LOCAL LOW SINGLE_INSTANCE NONE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SA:2009:013 SUSE SUSE-SR:2009:009 REDHAT RHSA-2009:0361 BID 33966 SECTRACK 1021909 UBUNTU USN-727-1 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487752 XF networkmanager-dbus-security-bypass(49063) GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. cpe:/a:linux-pam:linux-pam:0.99.1.0 cpe:/a:linux-pam:linux-pam:0.99.2.0 cpe:/a:linux-pam:linux-pam:0.99.2.1 cpe:/a:linux-pam:linux-pam:0.99.3.0 cpe:/a:linux-pam:linux-pam:0.99.4.0 cpe:/a:linux-pam:linux-pam:0.99.5.0 cpe:/a:linux-pam:linux-pam:0.99.6.0 cpe:/a:linux-pam:linux-pam:0.99.6.1 cpe:/a:linux-pam:linux-pam:0.99.6.2 cpe:/a:linux-pam:linux-pam:0.99.6.3 cpe:/a:linux-pam:linux-pam:0.99.7.0 cpe:/a:linux-pam:linux-pam:0.99.7.1 cpe:/a:linux-pam:linux-pam:0.99.8.0 cpe:/a:linux-pam:linux-pam:0.99.8.1 cpe:/a:linux-pam:linux-pam:0.99.9.0 cpe:/a:linux-pam:linux-pam:0.99.10.0 cpe:/a:linux-pam:linux-pam:1.0.0 cpe:/a:linux-pam:linux-pam:1.0.1 cpe:/a:linux-pam:linux-pam:1.0.2 cpe:/a:linux-pam:linux-pam:1.0.3 cpe:/a:linux-pam:linux-pam:1.0.4 CVE-2009-0579 2009-04-16T11:12:57.360-04:00 2019-01-03T10:01:44.730-05:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-04-16T11:52:00.000-04:00 ALLOWS_OTHER_ACCESS CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487216 FEDORA FEDORA-2009-3204 FEDORA FEDORA-2009-3231 MLIST [pam-list] 20090309 Linux-PAM 1.0.4 released Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. cpe:/a:apache:tomcat:4.1.0 cpe:/a:apache:tomcat:4.1.1 cpe:/a:apache:tomcat:4.1.2 cpe:/a:apache:tomcat:4.1.3 cpe:/a:apache:tomcat:4.1.3:beta cpe:/a:apache:tomcat:4.1.4 cpe:/a:apache:tomcat:4.1.5 cpe:/a:apache:tomcat:4.1.6 cpe:/a:apache:tomcat:4.1.7 cpe:/a:apache:tomcat:4.1.8 cpe:/a:apache:tomcat:4.1.9 cpe:/a:apache:tomcat:4.1.9:beta cpe:/a:apache:tomcat:4.1.10 cpe:/a:apache:tomcat:4.1.11 cpe:/a:apache:tomcat:4.1.12 cpe:/a:apache:tomcat:4.1.13 cpe:/a:apache:tomcat:4.1.14 cpe:/a:apache:tomcat:4.1.15 cpe:/a:apache:tomcat:4.1.16 cpe:/a:apache:tomcat:4.1.17 cpe:/a:apache:tomcat:4.1.18 cpe:/a:apache:tomcat:4.1.19 cpe:/a:apache:tomcat:4.1.20 cpe:/a:apache:tomcat:4.1.21 cpe:/a:apache:tomcat:4.1.22 cpe:/a:apache:tomcat:4.1.23 cpe:/a:apache:tomcat:4.1.24 cpe:/a:apache:tomcat:4.1.25 cpe:/a:apache:tomcat:4.1.26 cpe:/a:apache:tomcat:4.1.27 cpe:/a:apache:tomcat:4.1.28 cpe:/a:apache:tomcat:4.1.29 cpe:/a:apache:tomcat:4.1.30 cpe:/a:apache:tomcat:4.1.31 cpe:/a:apache:tomcat:4.1.32 cpe:/a:apache:tomcat:4.1.33 cpe:/a:apache:tomcat:4.1.34 cpe:/a:apache:tomcat:4.1.35 cpe:/a:apache:tomcat:4.1.36 cpe:/a:apache:tomcat:4.1.37 cpe:/a:apache:tomcat:4.1.38 cpe:/a:apache:tomcat:4.1.39 cpe:/a:apache:tomcat:5.5.0 cpe:/a:apache:tomcat:5.5.1 cpe:/a:apache:tomcat:5.5.2 cpe:/a:apache:tomcat:5.5.3 cpe:/a:apache:tomcat:5.5.4 cpe:/a:apache:tomcat:5.5.5 cpe:/a:apache:tomcat:5.5.6 cpe:/a:apache:tomcat:5.5.7 cpe:/a:apache:tomcat:5.5.8 cpe:/a:apache:tomcat:5.5.9 cpe:/a:apache:tomcat:5.5.10 cpe:/a:apache:tomcat:5.5.11 cpe:/a:apache:tomcat:5.5.12 cpe:/a:apache:tomcat:5.5.13 cpe:/a:apache:tomcat:5.5.14 cpe:/a:apache:tomcat:5.5.15 cpe:/a:apache:tomcat:5.5.16 cpe:/a:apache:tomcat:5.5.17 cpe:/a:apache:tomcat:5.5.18 cpe:/a:apache:tomcat:5.5.19 cpe:/a:apache:tomcat:5.5.20 cpe:/a:apache:tomcat:5.5.21 cpe:/a:apache:tomcat:5.5.22 cpe:/a:apache:tomcat:5.5.23 cpe:/a:apache:tomcat:5.5.24 cpe:/a:apache:tomcat:5.5.25 cpe:/a:apache:tomcat:5.5.26 cpe:/a:apache:tomcat:5.5.27 cpe:/a:apache:tomcat:6.0.0 cpe:/a:apache:tomcat:6.0.1 cpe:/a:apache:tomcat:6.0.2 cpe:/a:apache:tomcat:6.0.3 cpe:/a:apache:tomcat:6.0.4 cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:6.0.10 cpe:/a:apache:tomcat:6.0.11 cpe:/a:apache:tomcat:6.0.12 cpe:/a:apache:tomcat:6.0.13 cpe:/a:apache:tomcat:6.0.14 cpe:/a:apache:tomcat:6.0.15 cpe:/a:apache:tomcat:6.0.16 CVE-2009-0580 2009-06-05T12:00:00.233-04:00 2019-03-25T07:30:39.177-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov APPLE APPLE-SA-2010-03-29-1 SUSE SUSE-SR:2009:012 HP HPSBMA02535 HP HPSBUX02579 HP HPSBOV02762 HP HPSBUX02860 SECTRACK 1022332 SUNALERT 263529 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://svn.apache.org/viewvc?rev=747840&view=rev CONFIRM http://svn.apache.org/viewvc?rev=781379&view=rev CONFIRM http://svn.apache.org/viewvc?rev=781382&view=rev CONFIRM http://tomcat.apache.org/security-4.html CONFIRM http://tomcat.apache.org/security-5.html CONFIRM http://tomcat.apache.org/security-6.html DEBIAN DSA-2207 MANDRIVA MDVSA-2009:136 MANDRIVA MDVSA-2009:138 MANDRIVA MDVSA-2010:176 BUGTRAQ 20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication BUGTRAQ 20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication BUGTRAQ 20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 35196 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-1496 VUPEN ADV-2009-1856 VUPEN ADV-2009-3316 VUPEN ADV-2010-3056 XF tomcat-jsecuritycheck-info-disclosure(50930) MLIST [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ FEDORA FEDORA-2009-11374 FEDORA FEDORA-2009-11352 FEDORA FEDORA-2009-11356 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. cpe:/a:gimp:gimp cpe:/a:littlecms:lcms:1.07 cpe:/a:littlecms:lcms:1.08 cpe:/a:littlecms:lcms:1.09 cpe:/a:littlecms:lcms:1.10 cpe:/a:littlecms:lcms:1.11 cpe:/a:littlecms:lcms:1.12 cpe:/a:littlecms:lcms:1.13 cpe:/a:littlecms:lcms:1.14 cpe:/a:littlecms:lcms:1.15 cpe:/a:littlecms:lcms:1.16 cpe:/a:littlecms:lcms:1.17 cpe:/a:mozilla:firefox:3.1:beta1 cpe:/a:sun:openjdk:7 CVE-2009-0581 2009-03-23T10:19:12.467-04:00 2018-10-10T15:29:16.057-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov SUSE SUSE-SR:2009:007 MISC http://scary.beasts.org/security/CESA-2009-003.html MISC http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html GENTOO GLSA-200904-19 SLACKWARE SSA:2009-083-01 DEBIAN DSA-1745 DEBIAN DSA-1769 MANDRIVA MDVSA-2009:121 MANDRIVA MDVSA-2009:137 MANDRIVA MDVSA-2009:162 MISC http://www.ocert.org/advisories/ocert-2009-003.html REDHAT RHSA-2009:0339 BUGTRAQ 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted) BUGTRAQ 20090320 [oCERT-2009-003] LittleCMS integer errors BID 34185 SECTRACK 1021870 UBUNTU USN-744-1 VUPEN ADV-2009-0775 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487509 XF littlecms-unspecified-dos(49328) REDHAT RHSA-2009:0377 FEDORA FEDORA-2009-2903 FEDORA FEDORA-2009-2910 FEDORA FEDORA-2009-2928 FEDORA FEDORA-2009-2970 FEDORA FEDORA-2009-2982 FEDORA FEDORA-2009-2983 FEDORA FEDORA-2009-3034 Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. cpe:/a:gnome:evolution-data-server:2.24.5 cpe:/a:gnome:evolution-data-server:2.25.92 CVE-2009-0582 2009-03-14T14:30:00.467-04:00 2017-09-28T21:33:54.467-04:00 5.8 NETWORK MEDIUM NONE PARTIAL NONE PARTIAL http://nvd.nist.gov SUSE SUSE-SR:2009:010 MLIST [release-team] 20090312 Another Evolution-Data-Server freeze break SECTRACK 1021845 DEBIAN DSA-1813 MANDRIVA MDVSA-2009:078 REDHAT RHSA-2009:0354 REDHAT RHSA-2009:0355 REDHAT RHSA-2009:0358 BID 34109 VUPEN ADV-2009-0716 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487685 XF evolution-ntlmsasl-info-disclosure(49233) FEDORA FEDORA-2009-2784 FEDORA FEDORA-2009-2792 The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. cpe:/a:argyllcms:argyllcms:0.1.0 cpe:/a:argyllcms:argyllcms:0.2.0 cpe:/a:argyllcms:argyllcms:0.2.1 cpe:/a:argyllcms:argyllcms:0.2.2 cpe:/a:argyllcms:argyllcms:0.3.0 cpe:/a:argyllcms:argyllcms:0.6.0 cpe:/a:argyllcms:argyllcms:0.7.0:beta_8 cpe:/a:argyllcms:argyllcms:1.0.0 cpe:/a:argyllcms:argyllcms:1.0.2 cpe:/a:argyllcms:argyllcms:1.0.3 cpe:/a:ghostscript:ghostscript:5.50 cpe:/a:ghostscript:ghostscript:7.05 cpe:/a:ghostscript:ghostscript:7.07 cpe:/a:ghostscript:ghostscript:8.0.1 cpe:/a:ghostscript:ghostscript:8.15 cpe:/a:ghostscript:ghostscript:8.15.2 cpe:/a:ghostscript:ghostscript:8.54 cpe:/a:ghostscript:ghostscript:8.56 cpe:/a:ghostscript:ghostscript:8.57 cpe:/a:ghostscript:ghostscript:8.61 cpe:/a:ghostscript:ghostscript:8.62 cpe:/a:ghostscript:ghostscript:8.63 cpe:/a:ghostscript:ghostscript:8.64 CVE-2009-0583 2009-03-23T16:00:00.343-04:00 2018-10-10T15:29:22.247-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=261087 SUSE SUSE-SR:2009:007 SECTRACK 1021868 SUNALERT 262288 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 AUSCERT ESB-2009.0259 DEBIAN DSA-1746 GENTOO GLSA-200903-37 MANDRIVA MDVSA-2009:095 MANDRIVA MDVSA-2009:096 REDHAT RHSA-2009:0345 BUGTRAQ 20090319 rPSA-2009-0050-1 ghostscript BID 34184 UBUNTU USN-743-1 VUPEN ADV-2009-0776 VUPEN ADV-2009-0777 VUPEN ADV-2009-0816 VUPEN ADV-2009-1708 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487742 XF ghostscript-icclib-native-color-bo(49329) CONFIRM https://issues.rpath.com/browse/RPL-2991 UBUNTU USN-757-1 FEDORA FEDORA-2009-2883 FEDORA FEDORA-2009-2885 FEDORA FEDORA-2009-3011 FEDORA FEDORA-2009-3031 Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. cpe:/a:argyllcms:cms:1.0.3 cpe:/a:ghostscript:ghostscript:0 cpe:/a:ghostscript:ghostscript:5.50 cpe:/a:ghostscript:ghostscript:7.05 cpe:/a:ghostscript:ghostscript:7.07 cpe:/a:ghostscript:ghostscript:8.0.1 cpe:/a:ghostscript:ghostscript:8.15 cpe:/a:ghostscript:ghostscript:8.15.2 cpe:/a:ghostscript:ghostscript:8.54 cpe:/a:ghostscript:ghostscript:8.56 cpe:/a:ghostscript:ghostscript:8.57 cpe:/a:ghostscript:ghostscript:8.60 cpe:/a:ghostscript:ghostscript:8.61 cpe:/a:ghostscript:ghostscript:8.64 CVE-2009-0584 2009-03-23T16:00:00.377-04:00 2018-10-10T15:29:28.217-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=261087 SUSE SUSE-SR:2009:007 SECTRACK 1021868 SUNALERT 262288 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 AUSCERT ESB-2009.0259 DEBIAN DSA-1746 GENTOO GLSA-200903-37 MANDRIVA MDVSA-2009:095 MANDRIVA MDVSA-2009:096 REDHAT RHSA-2009:0345 BUGTRAQ 20090319 rPSA-2009-0050-1 ghostscript BID 34184 UBUNTU USN-743-1 VUPEN ADV-2009-0776 VUPEN ADV-2009-0777 VUPEN ADV-2009-0816 VUPEN ADV-2009-1708 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487744 XF ghostscript-icclib-bo(49327) CONFIRM https://issues.rpath.com/browse/RPL-2991 UBUNTU USN-757-1 FEDORA FEDORA-2009-2883 FEDORA FEDORA-2009-2885 FEDORA FEDORA-2009-3011 FEDORA FEDORA-2009-3031 icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. cpe:/a:joe_shaw:libsoup:2.1 cpe:/a:joe_shaw:libsoup:2.23.1 cpe:/a:joe_shaw:libsoup:2.23.6 cpe:/a:joe_shaw:libsoup:2.23.91 cpe:/a:joe_shaw:libsoup:2.23.92 CVE-2009-0585 2009-03-14T14:30:00.483-04:00 2018-10-10T15:29:34.077-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SUSE SUSE-SR:2009:010 MISC http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff MLIST [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-088.htm DEBIAN DSA-1748 MANDRIVA MDVSA-2009:081 MISC http://www.ocert.org/advisories/ocert-2008-015.html REDHAT RHSA-2009:0344 BUGTRAQ 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows BID 34100 UBUNTU USN-737-1 XF libsoup-soupmisc-bo(49273) Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. cpe:/a:gstreamer:gst-plugins-base:0.10.22 CVE-2009-0586 2009-03-14T14:30:00.500-04:00 2018-10-10T15:29:35.857-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9 SUSE SUSE-SR:2009:009 MISC http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff MLIST [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows GENTOO GLSA-200907-11 MANDRIVA MDVSA-2009:085 MISC http://www.ocert.org/advisories/ocert-2008-015.html BUGTRAQ 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows BID 34100 UBUNTU USN-735-1 XF gstreamer-gstvorbistagaddcoverart-bo(49274) Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow. cpe:/a:go-evolution:evolution-data-server:2.24.4 CVE-2009-0587 2009-03-14T14:30:00.530-04:00 2018-10-10T15:29:37.480-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SUSE SUSE-SR:2010:012 MISC http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff MISC http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff MLIST [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows DEBIAN DSA-1813 MANDRIVA MDVSA-2009:078 MISC http://www.ocert.org/advisories/ocert-2008-015.html REDHAT RHSA-2009:0354 REDHAT RHSA-2009:0355 REDHAT RHSA-2009:0358 BUGTRAQ 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows BID 34100 UBUNTU USN-733-1 Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. cpe:/a:redhat:certificate_system:7.3 cpe:/a:redhat:dogtag_certificate_system CVE-2009-0588 2009-05-27T12:30:01.670-04:00 2009-06-09T01:32:40.017-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov REDHAT RHSA-2009:1065 BID 35104 SECTRACK 1022278 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=484828 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=488706 agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field. CVE-2009-0589 2009-03-26T06:12:11.360-04:00 2009-03-26T06:12:11.563-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. cpe:/a:openssl:openssl:::openvms cpe:/a:openssl:openssl:0.9.1c cpe:/a:openssl:openssl:0.9.2b cpe:/a:openssl:openssl:0.9.3 cpe:/a:openssl:openssl:0.9.3a cpe:/a:openssl:openssl:0.9.4 cpe:/a:openssl:openssl:0.9.5 cpe:/a:openssl:openssl:0.9.5:beta1 cpe:/a:openssl:openssl:0.9.5:beta2 cpe:/a:openssl:openssl:0.9.5a cpe:/a:openssl:openssl:0.9.5a:beta1 cpe:/a:openssl:openssl:0.9.5a:beta2 cpe:/a:openssl:openssl:0.9.6 cpe:/a:openssl:openssl:0.9.6:beta1 cpe:/a:openssl:openssl:0.9.6:beta2 cpe:/a:openssl:openssl:0.9.6:beta3 cpe:/a:openssl:openssl:0.9.6a cpe:/a:openssl:openssl:0.9.6a:beta1 cpe:/a:openssl:openssl:0.9.6a:beta2 cpe:/a:openssl:openssl:0.9.6a:beta3 cpe:/a:openssl:openssl:0.9.6b cpe:/a:openssl:openssl:0.9.6c cpe:/a:openssl:openssl:0.9.6d cpe:/a:openssl:openssl:0.9.6e cpe:/a:openssl:openssl:0.9.6f cpe:/a:openssl:openssl:0.9.6g cpe:/a:openssl:openssl:0.9.6h cpe:/a:openssl:openssl:0.9.6i cpe:/a:openssl:openssl:0.9.6j cpe:/a:openssl:openssl:0.9.6k cpe:/a:openssl:openssl:0.9.6l cpe:/a:openssl:openssl:0.9.6m cpe:/a:openssl:openssl:0.9.7 cpe:/a:openssl:openssl:0.9.7:beta1 cpe:/a:openssl:openssl:0.9.7:beta2 cpe:/a:openssl:openssl:0.9.7:beta3 cpe:/a:openssl:openssl:0.9.7:beta4 cpe:/a:openssl:openssl:0.9.7:beta5 cpe:/a:openssl:openssl:0.9.7:beta6 cpe:/a:openssl:openssl:0.9.7a cpe:/a:openssl:openssl:0.9.7b cpe:/a:openssl:openssl:0.9.7c cpe:/a:openssl:openssl:0.9.7d cpe:/a:openssl:openssl:0.9.7e cpe:/a:openssl:openssl:0.9.7f cpe:/a:openssl:openssl:0.9.7g cpe:/a:openssl:openssl:0.9.7h cpe:/a:openssl:openssl:0.9.7i cpe:/a:openssl:openssl:0.9.7j cpe:/a:openssl:openssl:0.9.7k cpe:/a:openssl:openssl:0.9.7l cpe:/a:openssl:openssl:0.9.8 cpe:/a:openssl:openssl:0.9.8a cpe:/a:openssl:openssl:0.9.8b cpe:/a:openssl:openssl:0.9.8c cpe:/a:openssl:openssl:0.9.8d cpe:/a:openssl:openssl:0.9.8e cpe:/a:openssl:openssl:0.9.8f cpe:/a:openssl:openssl:0.9.8g cpe:/a:openssl:openssl:0.9.8h CVE-2009-0590 2009-03-27T12:30:00.170-04:00 2018-10-10T15:29:39.700-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov NETBSD NetBSD-SA2009-008 APPLE APPLE-SA-2009-09-10-2 SUSE SUSE-SR:2009:010 SUSE openSUSE-SU-2011:0845 SUSE SUSE-SU-2011:0847 MLIST [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates HP SSRT090059 HP HPSBMA02447 HP HPSBOV02540 FREEBSD FreeBSD-SA-09:08 SECTRACK 1021905 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 SUNALERT 258048 CONFIRM http://support.apple.com/kb/HT3865 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm CONFIRM http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0057 MISC http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057 DEBIAN DSA-1763 MANDRIVA MDVSA-2009:087 CONFIRM http://www.openssl.org/news/secadv_20090325.txt CONFIRM http://www.php.net/archive/2009.php#id2009-04-08-1 REDHAT RHSA-2009:1335 BUGTRAQ 20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts BUGTRAQ 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console BID 34256 UBUNTU USN-750-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2010-0019.html VUPEN ADV-2009-0850 VUPEN ADV-2009-1020 VUPEN ADV-2009-1175 VUPEN ADV-2009-1220 VUPEN ADV-2009-1548 VUPEN ADV-2010-0528 VUPEN ADV-2010-3126 XF openssl-asn1-stringprintex-dos(49431) CONFIRM https://kb.bluecoat.com/index?page=content&id=SA50 MLIST [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released MLIST [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. cpe:/a:openssl:openssl:0.9.8h cpe:/a:openssl:openssl:0.9.8i cpe:/a:openssl:openssl:0.9.8j CVE-2009-0591 2009-03-27T12:30:01.920-04:00 2017-08-16T21:29:55.600-04:00 2.6 NETWORK HIGH NONE NONE PARTIAL NONE http://nvd.nist.gov NETBSD NetBSD-SA2009-008 APPLE APPLE-SA-2009-09-10-2 SUSE SUSE-SR:2009:010 HP SSRT090059 HP HPSBOV02540 SECTRACK 1021907 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 CONFIRM http://support.apple.com/kb/HT3865 CONFIRM http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html CONFIRM http://www.openssl.org/news/secadv_20090325.txt CONFIRM http://www.php.net/archive/2009.php#id2009-04-08-1 BID 34256 VUPEN ADV-2009-0850 VUPEN ADV-2009-1020 VUPEN ADV-2009-1175 VUPEN ADV-2009-1548 XF openssl-cmsverify-security-bypass(49432) CONFIRM https://kb.bluecoat.com/index?page=content&id=SA50 The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. cpe:/a:pnphpbb:pnphpbb2:1.0 cpe:/a:pnphpbb:pnphpbb2:1.1 cpe:/a:pnphpbb:pnphpbb2:1.1a cpe:/a:pnphpbb:pnphpbb2:1.2 cpe:/a:pnphpbb:pnphpbb2:1.2a cpe:/a:pnphpbb:pnphpbb2:1.2d cpe:/a:pnphpbb:pnphpbb2:1.2e cpe:/a:pnphpbb:pnphpbb2:1.2f cpe:/a:pnphpbb:pnphpbb2:1.2g cpe:/a:pnphpbb:pnphpbb2:1.2h:rc3b cpe:/a:pnphpbb:pnphpbb2:1.2i CVE-2009-0592 2009-02-16T12:30:04.937-05:00 2017-09-28T21:33:55.060-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33103 EXPLOIT-DB 7658 Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/. cpe:/a:plxwebdev:plx_auto_reminder:3.7 CVE-2009-0593 2009-02-16T12:30:04.953-05:00 2017-09-28T21:33:55.107-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33106 EXPLOIT-DB 7663 SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action. cpe:/a:apmuthu:phpskelsite:1.4 CVE-2009-0594 2009-02-16T12:30:04.967-05:00 2017-09-28T21:33:55.153-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33092 EXPLOIT-DB 7648 Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. cpe:/a:phpskelsite:phpskelsite:1.4 CVE-2009-0595 2009-02-16T12:30:05.000-05:00 2017-09-28T21:33:55.217-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33092 EXPLOIT-DB 7648 PHP remote file inclusion vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter. cpe:/a:phpskelsite:phpskelsite:1.4 CVE-2009-0596 2009-02-16T12:30:05.017-05:00 2017-09-28T21:33:55.263-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33092 EXPLOIT-DB 7648 Directory traversal vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the TplSuffix parameter. cpe:/a:w3b_cms:aka_w3blabor_cms:3.3.0 CVE-2009-0597 2009-02-16T12:30:05.030-05:00 2017-09-28T21:33:55.327-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://forum.w3bcms.de/viewtopic.php?f=5&t=256 BID 33082 EXPLOIT-DB 7640 SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action. cpe:/a:phpmesfilms:phpmesfilms:1.0 cpe:/a:phpmesfilms:phpmesfilms:1.8 CVE-2009-0598 2009-02-16T12:30:05.047-05:00 2017-09-28T21:33:55.373-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33105 EXPLOIT-DB 7660 SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:wireshark:wireshark:0.99.7 cpe:/a:wireshark:wireshark:0.99.8 cpe:/a:wireshark:wireshark:1.0 cpe:/a:wireshark:wireshark:1.0.0 cpe:/a:wireshark:wireshark:1.0.1 cpe:/a:wireshark:wireshark:1.0.2 cpe:/a:wireshark:wireshark:1.0.3 cpe:/a:wireshark:wireshark:1.0.4 cpe:/a:wireshark:wireshark:1.0.5 CVE-2009-0599 2009-02-16T15:30:00.203-05:00 2018-10-10T15:29:51.030-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov SUSE SUSE-SR:2009:005 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0040 REDHAT RHSA-2009:0313 BUGTRAQ 20090312 rPSA-2009-0040-1 tshark wireshark BID 33690 SECTRACK 1021697 VUPEN ADV-2009-0370 CONFIRM http://www.wireshark.org/security/wnpa-sec-2009-01.html CONFIRM https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2590 CONFIRM https://issues.rpath.com/browse/RPL-2984 FEDORA FEDORA-2009-1877 Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. cpe:/a:wireshark:wireshark:0.99.6 cpe:/a:wireshark:wireshark:0.99.6a cpe:/a:wireshark:wireshark:0.99.7 cpe:/a:wireshark:wireshark:0.99.8 cpe:/a:wireshark:wireshark:1.0 cpe:/a:wireshark:wireshark:1.0.0 cpe:/a:wireshark:wireshark:1.0.1 cpe:/a:wireshark:wireshark:1.0.2 cpe:/a:wireshark:wireshark:1.0.3 cpe:/a:wireshark:wireshark:1.0.4 cpe:/a:wireshark:wireshark:1.0.5 CVE-2009-0600 2009-02-16T15:30:03.093-05:00 2018-10-10T15:29:53.153-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov SUSE SUSE-SR:2009:005 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0040 REDHAT RHSA-2009:0313 BUGTRAQ 20090312 rPSA-2009-0040-1 tshark wireshark BID 33690 SECTRACK 1021697 VUPEN ADV-2009-0370 CONFIRM http://www.wireshark.org/security/wnpa-sec-2009-01.html CONFIRM https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1937 CONFIRM https://issues.rpath.com/browse/RPL-2984 FEDORA FEDORA-2009-1877 Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. cpe:/a:wireshark:wireshark:0.99.8 cpe:/a:wireshark:wireshark:1.0.0 cpe:/a:wireshark:wireshark:1.0.1 cpe:/a:wireshark:wireshark:1.0.2 cpe:/a:wireshark:wireshark:1.0.3 cpe:/a:wireshark:wireshark:1.0.4 cpe:/a:wireshark:wireshark:1.0.5 CVE-2009-0601 2009-02-16T15:30:03.127-05:00 2018-10-10T15:29:54.983-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov SUSE SUSE-SR:2009:005 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0040 BUGTRAQ 20090312 rPSA-2009-0040-1 tshark wireshark BID 33690 SECTRACK 1021697 VUPEN ADV-2009-0370 CONFIRM http://www.wireshark.org/security/wnpa-sec-2009-01.html CONFIRM https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150 CONFIRM https://issues.rpath.com/browse/RPL-2984 Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. cpe:/a:wikkitikkitavi:wikkitikkitavi:1.11 CVE-2009-0602 2009-02-16T15:30:03.140-05:00 2017-09-28T21:33:55.607-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33647 XF wikkitikkitavi-upload-file-upload(48571) EXPLOIT-DB 7998 Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/. cpe:/a:drupal:link_module:5.x-2.5 CVE-2009-0603 2009-02-16T15:30:03.157-05:00 2017-08-16T21:29:55.707-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov FULLDISC 20090205 Drupal Link Module XSS Vulnerability BID 33642 XF link-description-xss(48553) Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information. cpe:/a:php_director:php_director:0.2 cpe:/a:php_director:php_director:0.21 CVE-2009-0604 2009-02-16T15:30:03.187-05:00 2017-09-28T21:33:55.670-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33694 VUPEN ADV-2009-0379 EXPLOIT-DB 8014 SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter. cpe:/o:linux:linux_kernel:2.2.27 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.12 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24:rc1 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.24:rc4 cpe:/o:linux:linux_kernel:2.6.24:rc5 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.25.18 cpe:/o:linux:linux_kernel:2.6.25.19 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.26:rc4 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.26.6 cpe:/o:linux:linux_kernel:2.6.26.7 cpe:/o:linux:linux_kernel:2.6.26.8 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27:rc1 cpe:/o:linux:linux_kernel:2.6.27:rc2 cpe:/o:linux:linux_kernel:2.6.27:rc3 cpe:/o:linux:linux_kernel:2.6.27:rc4 cpe:/o:linux:linux_kernel:2.6.27:rc5 cpe:/o:linux:linux_kernel:2.6.27:rc6 cpe:/o:linux:linux_kernel:2.6.27:rc7 cpe:/o:linux:linux_kernel:2.6.27:rc8 cpe:/o:linux:linux_kernel:2.6.27:rc9 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28:rc1 cpe:/o:linux:linux_kernel:2.6.28:rc2 cpe:/o:linux:linux_kernel:2.6.28:rc3 cpe:/o:linux:linux_kernel:2.6.28:rc4 cpe:/o:linux:linux_kernel:2.6.28:rc5 cpe:/o:linux:linux_kernel:2.6.28:rc6 cpe:/o:linux:linux_kernel:2.6.28:rc7 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.28.2 cpe:/o:linux:linux_kernel:2.6.28.3 cpe:/o:linux:linux_kernel:2.6.28.4 CVE-2009-0605 2009-02-17T12:30:05.937-05:00 2012-03-19T00:00:00.000-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-02-18T08:54:00.000-05:00 CONFIRM http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=9be260a646bf76fa418ee519afa10196b3164681 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5 BID 33758 UBUNTU USN-751-1 Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe. cpe:/a:openhandsetalliance:android_sdk:1.0 CVE-2009-0606 2009-02-17T12:30:05.953-05:00 2018-10-10T15:29:55.763-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090208 rooting your own phone: android security BID 33695 XF android-dynamic-linker-privilege-escalation(48840) The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820. cpe:/a:openhandsetalliance:android_sdk:1.0 CVE-2009-0607 2009-02-17T12:30:05.967-05:00 2018-10-10T15:29:56.093-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090208 rooting your own phone: android security BID 33695 XF android-malloc-overflow(48841) Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions. cpe:/a:android:android_sdk:1.0 CVE-2009-0608 2009-02-17T12:30:05.983-05:00 2018-10-10T15:29:56.653-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BUGTRAQ 20090208 rooting your own phone: android security BID 33695 XF android-showlog-bo(48842) Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines. cpe:/a:sun:java_system_directory_server:6.0:enterprise cpe:/a:sun:java_system_directory_server:6.1:enterprise cpe:/a:sun:java_system_directory_server:6.2:enterprise cpe:/a:sun:java_system_directory_server:6.3:enterprise CVE-2009-0609 2009-02-17T12:30:06.017-05:00 2009-02-18T00:00:00.000-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-02-18T11:22:00.000-05:00 CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-125276-08-1 SUNALERT 251086 BID 33761 Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests. cpe:/a:dminnich:simple_php_news:1.0 CVE-2009-0610 2009-02-17T12:30:06.030-05:00 2009-02-18T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-18T11:49:00.000-05:00 Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:novell:open_enterprise_server:1.x CVE-2009-0611 2009-02-17T12:30:06.047-05:00 2017-08-16T21:29:55.910-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov MISC http://packetstormsecurity.org/0902-exploits/nqfs-xss.txt BID 33708 SECTRACK 1021695 VUPEN ADV-2009-0421 XF quickfinderserver-multiple-xss(48619) Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter. cpe:/a:trendmicro:interscan_web_security_suite:2.5 cpe:/a:trendmicro:interscan_web_security_suite:3.1 cpe:/a:trendmicro:interscan_web_security_virtual_appliance:3.1 CVE-2009-0612 2009-02-17T12:30:06.077-05:00 2018-10-30T12:25:42.623-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov BUGTRAQ 20090209 Trend micro - IWSVA/IWSS - Authorization module password leak BID 33687 SECTRACK 1021716 XF interscan-proxyauthorization-info-disc(48681) Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header. cpe:/a:trendmicro:interscan_web_security_suite:3.1 CVE-2009-0613 2009-02-17T12:30:06.093-05:00 2018-10-30T12:25:42.543-04:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SECTRACK 1021694 CONFIRM http://www.trendmicro.com/ftp/documentation/readme/iwss_31_win_en_readme_CP_1237_EN.txt VUPEN ADV-2009-0369 Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages. cpe:/a:cisco:unified_meetingplace_web_conferencing:7.0%281%29 CVE-2009-0614 2009-02-26T11:17:20.017-05:00 2018-11-08T15:21:06.283-05:00 9.0 NETWORK LOW NONE PARTIAL PARTIAL COMPLETE http://nvd.nist.gov 2018-11-07T10:14:51.640-05:00 CISCO 20090225 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability BID 33901 XF cisco-meetingplace-unauth-access(48888) Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. cpe:/a:cisco:application_control_engine_device_manager:1.1 cpe:/a:cisco:application_control_engine_device_manager:1.2 cpe:/a:cisco:application_networking_manager:1.1 cpe:/a:cisco:application_networking_manager:1.2 CVE-2009-0615 2009-02-26T11:17:20.030-05:00 2009-03-03T02:04:48.920-05:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CISCO 20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities BID 33903 SECTRACK 1021770 Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions." cpe:/a:cisco:application_networking_manager:1.1 cpe:/a:cisco:application_networking_manager:1.2 CVE-2009-0616 2009-02-26T11:17:20.047-05:00 2009-03-03T02:04:49.093-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CISCO 20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities BID 33903 SECTRACK 1021771 Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation." cpe:/a:cisco:application_networking_manager:1.1 cpe:/a:cisco:application_networking_manager:1.2 CVE-2009-0617 2009-02-26T11:17:20.077-05:00 2009-03-03T02:04:49.280-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CISCO 20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities BID 33903 SECTRACK 1021771 Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files. cpe:/a:cisco:application_networking_manager:1.1 cpe:/a:cisco:application_networking_manager:1.2 cpe:/a:cisco:application_networking_manager:2.0 CVE-2009-0618 2009-02-26T11:17:20.093-05:00 2009-03-03T02:04:49.500-05:00 8.5 NETWORK LOW NONE PARTIAL NONE COMPLETE http://nvd.nist.gov CISCO 20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities BID 33903 SECTRACK 1021772 Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading configuration files. cpe:/a:cisco:session_border_controller:3.0%281%29 CVE-2009-0619 2009-03-04T21:30:00.360-05:00 2017-08-16T21:29:56.053-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CISCO 20090304 Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability BID 33975 SECTRACK 1021787 XF cisco-sbc-dos(49055) Unspecified vulnerability in the Session Border Controller (SBC) before 3.0(2) for Cisco 7600 series routers allows remote attackers to cause a denial of service (SBC card reload) via crafted packets to TCP port 2000. cpe:/a:cisco:application_control_engine_module:0 CVE-2009-0620 2009-02-26T11:17:20.127-05:00 2009-02-27T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-27T09:42:00.000-05:00 ALLOWS_ADMIN_ACCESS CISCO 20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine BID 33900 Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access. cpe:/h:cisco:ace_4710 CVE-2009-0621 2009-02-26T11:17:20.140-05:00 2009-02-27T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-27T09:46:00.000-05:00 ALLOWS_ADMIN_ACCESS CISCO 20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine BID 33900 Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access. cpe:/h:cisco:ace_4710 cpe:/h:cisco:application_control_engine_module:1.0 cpe:/h:cisco:application_control_engine_module:1.1 CVE-2009-0622 2009-02-26T11:17:20.157-05:00 2009-02-27T00:00:00.000-05:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-02-27T09:58:00.000-05:00 ALLOWS_ADMIN_ACCESS CISCO 20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine BID 33900 Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI). cpe:/h:cisco:ace_4710:a3%281.0%29 cpe:/h:cisco:ace_4710:a3%282.0%29 cpe:/h:cisco:application_control_engine_module:a2%281.1%29 cpe:/h:cisco:application_control_engine_module:a2%281.2%29 CVE-2009-0623 2009-02-26T11:17:20.170-05:00 2009-06-19T00:00:00.000-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-02-27T10:07:00.000-05:00 CISCO 20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine BID 33900 Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet. cpe:/h:cisco:ace_4710:a1%282.0%29 cpe:/h:cisco:ace_4710:a1%288.0%29 cpe:/h:cisco:ace_4710:a3%281.0%29 cpe:/h:cisco:ace_4710:a3%282.0%29 cpe:/h:cisco:application_control_engine_module:1.0 cpe:/h:cisco:application_control_engine_module:1.1 cpe:/h:cisco:application_control_engine_module:1.2 CVE-2009-0624 2009-02-26T11:17:20.187-05:00 2009-03-03T02:04:50.127-05:00 6.8 NETWORK LOW SINGLE_INSTANCE NONE NONE COMPLETE http://nvd.nist.gov CISCO 20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine BID 33900 SECTRACK 1021769 Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet. cpe:/h:cisco:ace_4710:a1%282.0%29 cpe:/h:cisco:application_control_engine_module:a2%281.1%29 CVE-2009-0625 2009-02-26T11:17:20.217-05:00 2009-03-03T02:04:50.343-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CISCO 20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine BID 33900 SECTRACK 1021769 Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet. cpe:/o:cisco:ios:12.3 cpe:/o:cisco:ios:12.3b cpe:/o:cisco:ios:12.3bc cpe:/o:cisco:ios:12.3bw cpe:/o:cisco:ios:12.3ja cpe:/o:cisco:ios:12.3jea cpe:/o:cisco:ios:12.3jeb cpe:/o:cisco:ios:12.3jec cpe:/o:cisco:ios:12.3jk cpe:/o:cisco:ios:12.3jl cpe:/o:cisco:ios:12.3jx cpe:/o:cisco:ios:12.3t cpe:/o:cisco:ios:12.3tpc cpe:/o:cisco:ios:12.3va cpe:/o:cisco:ios:12.3xa cpe:/o:cisco:ios:12.3xb cpe:/o:cisco:ios:12.3xc cpe:/o:cisco:ios:12.3xd cpe:/o:cisco:ios:12.3xf cpe:/o:cisco:ios:12.3xg cpe:/o:cisco:ios:12.3xi cpe:/o:cisco:ios:12.3xj cpe:/o:cisco:ios:12.3xk cpe:/o:cisco:ios:12.3xl cpe:/o:cisco:ios:12.3xq cpe:/o:cisco:ios:12.3xs cpe:/o:cisco:ios:12.3xu cpe:/o:cisco:ios:12.3xw cpe:/o:cisco:ios:12.3xx cpe:/o:cisco:ios:12.3xy cpe:/o:cisco:ios:12.3xz cpe:/o:cisco:ios:12.3ya cpe:/o:cisco:ios:12.3yd cpe:/o:cisco:ios:12.3yf cpe:/o:cisco:ios:12.3yg cpe:/o:cisco:ios:12.3yh cpe:/o:cisco:ios:12.3yi cpe:/o:cisco:ios:12.3yj cpe:/o:cisco:ios:12.3yk cpe:/o:cisco:ios:12.3ym cpe:/o:cisco:ios:12.3yq cpe:/o:cisco:ios:12.3ys cpe:/o:cisco:ios:12.3yt cpe:/o:cisco:ios:12.3yu cpe:/o:cisco:ios:12.3yx cpe:/o:cisco:ios:12.3yz cpe:/o:cisco:ios:12.4 cpe:/o:cisco:ios:12.4ja cpe:/o:cisco:ios:12.4jda cpe:/o:cisco:ios:12.4jk cpe:/o:cisco:ios:12.4jl cpe:/o:cisco:ios:12.4jma cpe:/o:cisco:ios:12.4jmb cpe:/o:cisco:ios:12.4jx cpe:/o:cisco:ios:12.4md cpe:/o:cisco:ios:12.4mr cpe:/o:cisco:ios:12.4sw cpe:/o:cisco:ios:12.4t cpe:/o:cisco:ios:12.4xa cpe:/o:cisco:ios:12.4xb cpe:/o:cisco:ios:12.4xc cpe:/o:cisco:ios:12.4xd cpe:/o:cisco:ios:12.4xf cpe:/o:cisco:ios:12.4xg cpe:/o:cisco:ios:12.4xj cpe:/o:cisco:ios:12.4xk cpe:/o:cisco:ios:12.4xl cpe:/o:cisco:ios:12.4xm cpe:/o:cisco:ios:12.4xn cpe:/o:cisco:ios:12.4xp cpe:/o:cisco:ios:12.4xq cpe:/o:cisco:ios:12.4xt cpe:/o:cisco:ios:12.4xv cpe:/o:cisco:ios:12.4xw cpe:/o:cisco:ios:12.4xy cpe:/o:cisco:ios:12.4xz cpe:/o:cisco:ios:12.4ya CVE-2009-0626 2009-03-27T12:30:01.953-04:00 2017-09-28T21:33:55.763-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov SECTRACK 1021896 CISCO 20090325 Cisco IOS Software WebVPN and SSLVPN Vulnerabilities CONFIRM http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml BID 34239 VUPEN ADV-2009-0851 XF ios-sslvpn-dos(49425) The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet. cpe:/h:cisco:nexus_5000 cpe:/h:cisco:nexus_7000 cpe:/o:cisco:nx-os:4.0 CVE-2009-0627 2009-09-08T19:30:00.500-04:00 2009-09-09T00:00:00.000-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-09-09T14:04:00.000-04:00 CISCO 20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products SECTRACK 1022847 Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609. cpe:/o:cisco:cisco_ios:12.3 cpe:/o:cisco:cisco_ios:12.3:b cpe:/o:cisco:cisco_ios:12.3:bc cpe:/o:cisco:cisco_ios:12.3:bw cpe:/o:cisco:cisco_ios:12.3:eu cpe:/o:cisco:cisco_ios:12.3:ja cpe:/o:cisco:cisco_ios:12.3:jea cpe:/o:cisco:cisco_ios:12.3:jeb cpe:/o:cisco:cisco_ios:12.3:jec cpe:/o:cisco:cisco_ios:12.3:jk cpe:/o:cisco:cisco_ios:12.3:jl cpe:/o:cisco:cisco_ios:12.3:jx cpe:/o:cisco:cisco_ios:12.3:t cpe:/o:cisco:cisco_ios:12.3:tpc cpe:/o:cisco:cisco_ios:12.3:va cpe:/o:cisco:cisco_ios:12.3:xa cpe:/o:cisco:cisco_ios:12.3:xb cpe:/o:cisco:cisco_ios:12.3:xc cpe:/o:cisco:cisco_ios:12.3:xd cpe:/o:cisco:cisco_ios:12.3:xe cpe:/o:cisco:cisco_ios:12.3:xf cpe:/o:cisco:cisco_ios:12.3:xg cpe:/o:cisco:cisco_ios:12.3:xh cpe:/o:cisco:cisco_ios:12.3:xi cpe:/o:cisco:cisco_ios:12.3:xj cpe:/o:cisco:cisco_ios:12.3:xk cpe:/o:cisco:cisco_ios:12.3:xq cpe:/o:cisco:cisco_ios:12.3:xr cpe:/o:cisco:cisco_ios:12.3:xs cpe:/o:cisco:cisco_ios:12.3:xu cpe:/o:cisco:cisco_ios:12.3:xw cpe:/o:cisco:cisco_ios:12.3:xy cpe:/o:cisco:cisco_ios:12.3:ya cpe:/o:cisco:cisco_ios:12.3:yd cpe:/o:cisco:cisco_ios:12.3:yf cpe:/o:cisco:cisco_ios:12.3:yg cpe:/o:cisco:cisco_ios:12.3:yh cpe:/o:cisco:cisco_ios:12.3:yi cpe:/o:cisco:cisco_ios:12.3:yj cpe:/o:cisco:cisco_ios:12.3:yk cpe:/o:cisco:cisco_ios:12.3:ym cpe:/o:cisco:cisco_ios:12.3:yq cpe:/o:cisco:cisco_ios:12.3:ys cpe:/o:cisco:cisco_ios:12.3:yt cpe:/o:cisco:cisco_ios:12.3:yu cpe:/o:cisco:cisco_ios:12.3:yx cpe:/o:cisco:cisco_ios:12.3:yz cpe:/o:cisco:cisco_ios:12.4 cpe:/o:cisco:cisco_ios:12.4:ja cpe:/o:cisco:cisco_ios:12.4:jk cpe:/o:cisco:cisco_ios:12.4:jma cpe:/o:cisco:cisco_ios:12.4:jmb cpe:/o:cisco:cisco_ios:12.4:jmc cpe:/o:cisco:cisco_ios:12.4:jx cpe:/o:cisco:cisco_ios:12.4:md cpe:/o:cisco:cisco_ios:12.4:mr cpe:/o:cisco:cisco_ios:12.4:sw cpe:/o:cisco:cisco_ios:12.4:t cpe:/o:cisco:cisco_ios:12.4:xa cpe:/o:cisco:cisco_ios:12.4:xb cpe:/o:cisco:cisco_ios:12.4:xc cpe:/o:cisco:cisco_ios:12.4:xd cpe:/o:cisco:cisco_ios:12.4:xe cpe:/o:cisco:cisco_ios:12.4:xf cpe:/o:cisco:cisco_ios:12.4:xg cpe:/o:cisco:cisco_ios:12.4:xj cpe:/o:cisco:cisco_ios:12.4:xk CVE-2009-0628 2009-03-27T12:30:01.967-04:00 2017-09-28T21:33:55.827-04:00 9.0 NETWORK LOW NONE PARTIAL PARTIAL COMPLETE http://nvd.nist.gov SECTRACK 1021896 CISCO 20090325 Cisco IOS Software WebVPN and SSLVPN Vulnerabilities CONFIRM http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml BID 34239 VUPEN ADV-2009-0851 XF ios-sslvpn-tcbleak-dos(49427) Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak. cpe:/o:cisco:ios:12.2 cpe:/o:cisco:ios:12.2b cpe:/o:cisco:ios:12.2bc cpe:/o:cisco:ios:12.2bw cpe:/o:cisco:ios:12.2bx cpe:/o:cisco:ios:12.2by cpe:/o:cisco:ios:12.2bz cpe:/o:cisco:ios:12.2ca cpe:/o:cisco:ios:12.2cx cpe:/o:cisco:ios:12.2cy cpe:/o:cisco:ios:12.2cz cpe:/o:cisco:ios:12.2da cpe:/o:cisco:ios:12.2dd cpe:/o:cisco:ios:12.2dx cpe:/o:cisco:ios:12.2ew cpe:/o:cisco:ios:12.2ewa cpe:/o:cisco:ios:12.2ex cpe:/o:cisco:ios:12.2ey cpe:/o:cisco:ios:12.2ez cpe:/o:cisco:ios:12.2fx cpe:/o:cisco:ios:12.2fy cpe:/o:cisco:ios:12.2fz cpe:/o:cisco:ios:12.2irb cpe:/o:cisco:ios:12.2ixa cpe:/o:cisco:ios:12.2ixb cpe:/o:cisco:ios:12.2ixc cpe:/o:cisco:ios:12.2ixd cpe:/o:cisco:ios:12.2ixe cpe:/o:cisco:ios:12.2ixf cpe:/o:cisco:ios:12.2ixg cpe:/o:cisco:ios:12.2ja cpe:/o:cisco:ios:12.2jk cpe:/o:cisco:ios:12.2l cpe:/o:cisco:ios:12.2mb cpe:/o:cisco:ios:12.2mc cpe:/o:cisco:ios:12.2rc cpe:/o:cisco:ios:12.2s cpe:/o:cisco:ios:12.2sb cpe:/o:cisco:ios:12.2sbc cpe:/o:cisco:ios:12.2sca cpe:/o:cisco:ios:12.2sga cpe:/o:cisco:ios:12.2sm cpe:/o:cisco:ios:12.2so cpe:/o:cisco:ios:12.2sr cpe:/o:cisco:ios:12.2sra cpe:/o:cisco:ios:12.2srb cpe:/o:cisco:ios:12.2src cpe:/o:cisco:ios:12.2su cpe:/o:cisco:ios:12.2sv cpe:/o:cisco:ios:12.2sva cpe:/o:cisco:ios:12.2svc cpe:/o:cisco:ios:12.2svd cpe:/o:cisco:ios:12.2sve cpe:/o:cisco:ios:12.2sw cpe:/o:cisco:ios:12.2sx cpe:/o:cisco:ios:12.2sxa cpe:/o:cisco:ios:12.2sxb cpe:/o:cisco:ios:12.2sxd cpe:/o:cisco:ios:12.2sxe cpe:/o:cisco:ios:12.2sxf cpe:/o:cisco:ios:12.2sy cpe:/o:cisco:ios:12.2sz cpe:/o:cisco:ios:12.2t cpe:/o:cisco:ios:12.2tpc cpe:/o:cisco:ios:12.2xa cpe:/o:cisco:ios:12.2xb cpe:/o:cisco:ios:12.2xc cpe:/o:cisco:ios:12.2xd cpe:/o:cisco:ios:12.2xe cpe:/o:cisco:ios:12.2xf cpe:/o:cisco:ios:12.2xg cpe:/o:cisco:ios:12.2xh cpe:/o:cisco:ios:12.2xi cpe:/o:cisco:ios:12.2xj cpe:/o:cisco:ios:12.2xk cpe:/o:cisco:ios:12.2xl cpe:/o:cisco:ios:12.2xm cpe:/o:cisco:ios:12.2xn cpe:/o:cisco:ios:12.2xo cpe:/o:cisco:ios:12.2xq cpe:/o:cisco:ios:12.2xr cpe:/o:cisco:ios:12.2xs cpe:/o:cisco:ios:12.2xt cpe:/o:cisco:ios:12.2xu cpe:/o:cisco:ios:12.2xv cpe:/o:cisco:ios:12.2xw cpe:/o:cisco:ios:12.2ya cpe:/o:cisco:ios:12.2yb cpe:/o:cisco:ios:12.2yc cpe:/o:cisco:ios:12.2yd cpe:/o:cisco:ios:12.2ye cpe:/o:cisco:ios:12.2yf cpe:/o:cisco:ios:12.2yg cpe:/o:cisco:ios:12.2yh cpe:/o:cisco:ios:12.2yj cpe:/o:cisco:ios:12.2yk cpe:/o:cisco:ios:12.2yl cpe:/o:cisco:ios:12.2ym cpe:/o:cisco:ios:12.2yn cpe:/o:cisco:ios:12.2yo cpe:/o:cisco:ios:12.2yp cpe:/o:cisco:ios:12.2yq cpe:/o:cisco:ios:12.2yr cpe:/o:cisco:ios:12.2ys cpe:/o:cisco:ios:12.2yt cpe:/o:cisco:ios:12.2yu cpe:/o:cisco:ios:12.2yv cpe:/o:cisco:ios:12.2yw cpe:/o:cisco:ios:12.2yx cpe:/o:cisco:ios:12.2yy cpe:/o:cisco:ios:12.2yz cpe:/o:cisco:ios:12.2za cpe:/o:cisco:ios:12.2zb cpe:/o:cisco:ios:12.2zc cpe:/o:cisco:ios:12.2zd cpe:/o:cisco:ios:12.2ze cpe:/o:cisco:ios:12.2zf cpe:/o:cisco:ios:12.2zg cpe:/o:cisco:ios:12.2zh cpe:/o:cisco:ios:12.2zj cpe:/o:cisco:ios:12.2zl cpe:/o:cisco:ios:12.2zp cpe:/o:cisco:ios:12.2zu cpe:/o:cisco:ios:12.2zx cpe:/o:cisco:ios:12.2zy cpe:/o:cisco:ios:12.2zya cpe:/o:cisco:ios:12.4 cpe:/o:cisco:ios:12.4%281%29 cpe:/o:cisco:ios:12.4%281b%29 cpe:/o:cisco:ios:12.4%281c%29 cpe:/o:cisco:ios:12.4%282%29mr cpe:/o:cisco:ios:12.4%282%29mr1 cpe:/o:cisco:ios:12.4%282%29t cpe:/o:cisco:ios:12.4%282%29t1 cpe:/o:cisco:ios:12.4%282%29t2 cpe:/o:cisco:ios:12.4%282%29t3 cpe:/o:cisco:ios:12.4%282%29t4 cpe:/o:cisco:ios:12.4%282%29xa cpe:/o:cisco:ios:12.4%282%29xb cpe:/o:cisco:ios:12.4%282%29xb2 cpe:/o:cisco:ios:12.4%283%29 cpe:/o:cisco:ios:12.4%283%29t2 cpe:/o:cisco:ios:12.4%283a%29 cpe:/o:cisco:ios:12.4%283b%29 cpe:/o:cisco:ios:12.4%283d%29 cpe:/o:cisco:ios:12.4%284%29mr cpe:/o:cisco:ios:12.4%284%29t cpe:/o:cisco:ios:12.4%284%29t2 cpe:/o:cisco:ios:12.4%285%29 cpe:/o:cisco:ios:12.4%285b%29 cpe:/o:cisco:ios:12.4%286%29t cpe:/o:cisco:ios:12.4%286%29t1 cpe:/o:cisco:ios:12.4%287%29 cpe:/o:cisco:ios:12.4%287a%29 cpe:/o:cisco:ios:12.4%288%29 cpe:/o:cisco:ios:12.4%289%29t cpe:/o:cisco:ios:12.4%2823%29 cpe:/o:cisco:ios:12.4ja cpe:/o:cisco:ios:12.4jda cpe:/o:cisco:ios:12.4jk cpe:/o:cisco:ios:12.4jl cpe:/o:cisco:ios:12.4jma cpe:/o:cisco:ios:12.4jmb cpe:/o:cisco:ios:12.4jx cpe:/o:cisco:ios:12.4md cpe:/o:cisco:ios:12.4mr cpe:/o:cisco:ios:12.4sw cpe:/o:cisco:ios:12.4t cpe:/o:cisco:ios:12.4xa cpe:/o:cisco:ios:12.4xb cpe:/o:cisco:ios:12.4xc cpe:/o:cisco:ios:12.4xd cpe:/o:cisco:ios:12.4xe cpe:/o:cisco:ios:12.4xf cpe:/o:cisco:ios:12.4xg cpe:/o:cisco:ios:12.4xj cpe:/o:cisco:ios:12.4xk cpe:/o:cisco:ios:12.4xl cpe:/o:cisco:ios:12.4xm cpe:/o:cisco:ios:12.4xn cpe:/o:cisco:ios:12.4xp cpe:/o:cisco:ios:12.4xt cpe:/o:cisco:ios:12.4xv cpe:/o:cisco:ios:12.4xw cpe:/o:cisco:ios:12.4xy cpe:/o:cisco:ios_s:12.4 cpe:/o:cisco:ios_t:12.4 cpe:/o:cisco:ios_xr:12.4 CVE-2009-0629 2009-03-27T12:30:01.983-04:00 2017-08-29T11:30:22.210-04:00 5.4 NETWORK HIGH NONE NONE NONE COMPLETE http://nvd.nist.gov 2017-08-28T12:32:34.027-04:00 SECTRACK 1021903 CONFIRM http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml CISCO 20090325 Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability BID 34238 VUPEN ADV-2009-0851 XF ios-tcp-dos(49420) The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets. cpe:/o:cisco:ios:12.0 cpe:/o:cisco:ios:12.0da cpe:/o:cisco:ios:12.0db cpe:/o:cisco:ios:12.0dc cpe:/o:cisco:ios:12.0s cpe:/o:cisco:ios:12.0sc cpe:/o:cisco:ios:12.0sl cpe:/o:cisco:ios:12.0sp cpe:/o:cisco:ios:12.0st cpe:/o:cisco:ios:12.0sx cpe:/o:cisco:ios:12.0sy cpe:/o:cisco:ios:12.0sz cpe:/o:cisco:ios:12.0t cpe:/o:cisco:ios:12.0w cpe:/o:cisco:ios:12.0wc cpe:/o:cisco:ios:12.0wt cpe:/o:cisco:ios:12.0wx cpe:/o:cisco:ios:12.0xa cpe:/o:cisco:ios:12.0xb cpe:/o:cisco:ios:12.0xc cpe:/o:cisco:ios:12.0xd cpe:/o:cisco:ios:12.0xe cpe:/o:cisco:ios:12.0xg cpe:/o:cisco:ios:12.0xh cpe:/o:cisco:ios:12.0xi cpe:/o:cisco:ios:12.0xj cpe:/o:cisco:ios:12.0xk cpe:/o:cisco:ios:12.0xl cpe:/o:cisco:ios:12.0xm cpe:/o:cisco:ios:12.0xn cpe:/o:cisco:ios:12.0xq cpe:/o:cisco:ios:12.0xr cpe:/o:cisco:ios:12.0xs cpe:/o:cisco:ios:12.0xt cpe:/o:cisco:ios:12.0xv cpe:/o:cisco:ios:12.1 cpe:/o:cisco:ios:12.1aa cpe:/o:cisco:ios:12.1ax cpe:/o:cisco:ios:12.1ay cpe:/o:cisco:ios:12.1az cpe:/o:cisco:ios:12.1cx cpe:/o:cisco:ios:12.1da cpe:/o:cisco:ios:12.1db cpe:/o:cisco:ios:12.1dc cpe:/o:cisco:ios:12.1e cpe:/o:cisco:ios:12.1ea cpe:/o:cisco:ios:12.1eb cpe:/o:cisco:ios:12.1ec cpe:/o:cisco:ios:12.1eo cpe:/o:cisco:ios:12.1eu cpe:/o:cisco:ios:12.1ev cpe:/o:cisco:ios:12.1ew cpe:/o:cisco:ios:12.1ex cpe:/o:cisco:ios:12.1ey cpe:/o:cisco:ios:12.1ez cpe:/o:cisco:ios:12.1ga cpe:/o:cisco:ios:12.1gb cpe:/o:cisco:ios:12.1t cpe:/o:cisco:ios:12.1xa cpe:/o:cisco:ios:12.1xb cpe:/o:cisco:ios:12.1xc cpe:/o:cisco:ios:12.1xd cpe:/o:cisco:ios:12.1xe cpe:/o:cisco:ios:12.1xf cpe:/o:cisco:ios:12.1xg cpe:/o:cisco:ios:12.1xh cpe:/o:cisco:ios:12.1xi cpe:/o:cisco:ios:12.1xj cpe:/o:cisco:ios:12.1xl cpe:/o:cisco:ios:12.1xm cpe:/o:cisco:ios:12.1xp cpe:/o:cisco:ios:12.1xq cpe:/o:cisco:ios:12.1xr cpe:/o:cisco:ios:12.1xs cpe:/o:cisco:ios:12.1xt cpe:/o:cisco:ios:12.1xu cpe:/o:cisco:ios:12.1xv cpe:/o:cisco:ios:12.1xw cpe:/o:cisco:ios:12.1xx cpe:/o:cisco:ios:12.1xy cpe:/o:cisco:ios:12.1xz cpe:/o:cisco:ios:12.1ya cpe:/o:cisco:ios:12.1yb cpe:/o:cisco:ios:12.1yc cpe:/o:cisco:ios:12.1yd cpe:/o:cisco:ios:12.1ye cpe:/o:cisco:ios:12.1yf cpe:/o:cisco:ios:12.1yh cpe:/o:cisco:ios:12.1yi cpe:/o:cisco:ios:12.1yj cpe:/o:cisco:ios:12.2 cpe:/o:cisco:ios:12.2b cpe:/o:cisco:ios:12.2bc cpe:/o:cisco:ios:12.2bw cpe:/o:cisco:ios:12.2bx cpe:/o:cisco:ios:12.2by cpe:/o:cisco:ios:12.2bz cpe:/o:cisco:ios:12.2cx cpe:/o:cisco:ios:12.2cy cpe:/o:cisco:ios:12.2cz cpe:/o:cisco:ios:12.2da cpe:/o:cisco:ios:12.2dd cpe:/o:cisco:ios:12.2dx cpe:/o:cisco:ios:12.2ew cpe:/o:cisco:ios:12.2ewa cpe:/o:cisco:ios:12.2ex cpe:/o:cisco:ios:12.2ey cpe:/o:cisco:ios:12.2ez cpe:/o:cisco:ios:12.2fx cpe:/o:cisco:ios:12.2fy cpe:/o:cisco:ios:12.2fz cpe:/o:cisco:ios:12.2ira cpe:/o:cisco:ios:12.2irb cpe:/o:cisco:ios:12.2ixa cpe:/o:cisco:ios:12.2ixb cpe:/o:cisco:ios:12.2ixc cpe:/o:cisco:ios:12.2ixd cpe:/o:cisco:ios:12.2ixe cpe:/o:cisco:ios:12.2ixf cpe:/o:cisco:ios:12.2ixg cpe:/o:cisco:ios:12.2ja cpe:/o:cisco:ios:12.2jk cpe:/o:cisco:ios:12.2mb cpe:/o:cisco:ios:12.2mc cpe:/o:cisco:ios:12.2s cpe:/o:cisco:ios:12.2sb cpe:/o:cisco:ios:12.2sbc cpe:/o:cisco:ios:12.2sca cpe:/o:cisco:ios:12.2scb cpe:/o:cisco:ios:12.2se cpe:/o:cisco:ios:12.2sea cpe:/o:cisco:ios:12.2seb cpe:/o:cisco:ios:12.2sec cpe:/o:cisco:ios:12.2sed cpe:/o:cisco:ios:12.2see cpe:/o:cisco:ios:12.2sef cpe:/o:cisco:ios:12.2seg cpe:/o:cisco:ios:12.2sg cpe:/o:cisco:ios:12.2sga cpe:/o:cisco:ios:12.2sm cpe:/o:cisco:ios:12.2so cpe:/o:cisco:ios:12.2sq cpe:/o:cisco:ios:12.2sra cpe:/o:cisco:ios:12.2srb cpe:/o:cisco:ios:12.2src cpe:/o:cisco:ios:12.2srd cpe:/o:cisco:ios:12.2ste cpe:/o:cisco:ios:12.2su cpe:/o:cisco:ios:12.2sv cpe:/o:cisco:ios:12.2sva cpe:/o:cisco:ios:12.2svc cpe:/o:cisco:ios:12.2svd cpe:/o:cisco:ios:12.2sve cpe:/o:cisco:ios:12.2sw cpe:/o:cisco:ios:12.2sx cpe:/o:cisco:ios:12.2sxa cpe:/o:cisco:ios:12.2sxb cpe:/o:cisco:ios:12.2sxd cpe:/o:cisco:ios:12.2sxe cpe:/o:cisco:ios:12.2sxf cpe:/o:cisco:ios:12.2sxh cpe:/o:cisco:ios:12.2sxi cpe:/o:cisco:ios:12.2sy cpe:/o:cisco:ios:12.2sz cpe:/o:cisco:ios:12.2t cpe:/o:cisco:ios:12.2tpc cpe:/o:cisco:ios:12.2xa cpe:/o:cisco:ios:12.2xb cpe:/o:cisco:ios:12.2xc cpe:/o:cisco:ios:12.2xd cpe:/o:cisco:ios:12.2xe cpe:/o:cisco:ios:12.2xf cpe:/o:cisco:ios:12.2xg cpe:/o:cisco:ios:12.2xh cpe:/o:cisco:ios:12.2xi cpe:/o:cisco:ios:12.2xj cpe:/o:cisco:ios:12.2xk cpe:/o:cisco:ios:12.2xl cpe:/o:cisco:ios:12.2xm cpe:/o:cisco:ios:12.2xn cpe:/o:cisco:ios:12.2xna cpe:/o:cisco:ios:12.2xnb cpe:/o:cisco:ios:12.2xo cpe:/o:cisco:ios:12.2xq cpe:/o:cisco:ios:12.2xr cpe:/o:cisco:ios:12.2xs cpe:/o:cisco:ios:12.2xt cpe:/o:cisco:ios:12.2xu cpe:/o:cisco:ios:12.2xv cpe:/o:cisco:ios:12.2xw cpe:/o:cisco:ios:12.2ya cpe:/o:cisco:ios:12.2yb cpe:/o:cisco:ios:12.2yc cpe:/o:cisco:ios:12.2yd cpe:/o:cisco:ios:12.2ye cpe:/o:cisco:ios:12.2yf cpe:/o:cisco:ios:12.2yg cpe:/o:cisco:ios:12.2yh cpe:/o:cisco:ios:12.2yj cpe:/o:cisco:ios:12.2yk cpe:/o:cisco:ios:12.2yl cpe:/o:cisco:ios:12.2ym cpe:/o:cisco:ios:12.2yn cpe:/o:cisco:ios:12.2yo cpe:/o:cisco:ios:12.2yp cpe:/o:cisco:ios:12.2yq cpe:/o:cisco:ios:12.2yr cpe:/o:cisco:ios:12.2yt cpe:/o:cisco:ios:12.2yu cpe:/o:cisco:ios:12.2yv cpe:/o:cisco:ios:12.2yw cpe:/o:cisco:ios:12.2yx cpe:/o:cisco:ios:12.2yy cpe:/o:cisco:ios:12.2yz cpe:/o:cisco:ios:12.2za cpe:/o:cisco:ios:12.2zb cpe:/o:cisco:ios:12.2zc cpe:/o:cisco:ios:12.2zd cpe:/o:cisco:ios:12.2ze cpe:/o:cisco:ios:12.2zf cpe:/o:cisco:ios:12.2zg cpe:/o:cisco:ios:12.2zh cpe:/o:cisco:ios:12.2zj cpe:/o:cisco:ios:12.2zl cpe:/o:cisco:ios:12.2zp cpe:/o:cisco:ios:12.2zu cpe:/o:cisco:ios:12.2zx cpe:/o:cisco:ios:12.2zy cpe:/o:cisco:ios:12.2zya cpe:/o:cisco:ios:12.3 cpe:/o:cisco:ios:12.3b cpe:/o:cisco:ios:12.3bc cpe:/o:cisco:ios:12.3bw cpe:/o:cisco:ios:12.3ja cpe:/o:cisco:ios:12.3jea cpe:/o:cisco:ios:12.3jeb cpe:/o:cisco:ios:12.3jec cpe:/o:cisco:ios:12.3jk cpe:/o:cisco:ios:12.3jl cpe:/o:cisco:ios:12.3jx cpe:/o:cisco:ios:12.3t cpe:/o:cisco:ios:12.3tpc cpe:/o:cisco:ios:12.3va cpe:/o:cisco:ios:12.3xa cpe:/o:cisco:ios:12.3xb cpe:/o:cisco:ios:12.3xc cpe:/o:cisco:ios:12.3xd cpe:/o:cisco:ios:12.3xe cpe:/o:cisco:ios:12.3xf cpe:/o:cisco:ios:12.3xg cpe:/o:cisco:ios:12.3xi cpe:/o:cisco:ios:12.3xj cpe:/o:cisco:ios:12.3xk cpe:/o:cisco:ios:12.3xl cpe:/o:cisco:ios:12.3xq cpe:/o:cisco:ios:12.3xr cpe:/o:cisco:ios:12.3xs cpe:/o:cisco:ios:12.3xu cpe:/o:cisco:ios:12.3xw cpe:/o:cisco:ios:12.3xx cpe:/o:cisco:ios:12.3xy cpe:/o:cisco:ios:12.3xz cpe:/o:cisco:ios:12.3ya cpe:/o:cisco:ios:12.3yd cpe:/o:cisco:ios:12.3yf cpe:/o:cisco:ios:12.3yg cpe:/o:cisco:ios:12.3yh cpe:/o:cisco:ios:12.3yi cpe:/o:cisco:ios:12.3yj cpe:/o:cisco:ios:12.3yk cpe:/o:cisco:ios:12.3ym cpe:/o:cisco:ios:12.3yq cpe:/o:cisco:ios:12.3ys cpe:/o:cisco:ios:12.3yt cpe:/o:cisco:ios:12.3yu cpe:/o:cisco:ios:12.3yx cpe:/o:cisco:ios:12.3yz cpe:/o:cisco:ios:12.4 cpe:/o:cisco:ios:12.4ja cpe:/o:cisco:ios:12.4jda cpe:/o:cisco:ios:12.4jk cpe:/o:cisco:ios:12.4jl cpe:/o:cisco:ios:12.4jma cpe:/o:cisco:ios:12.4jmb cpe:/o:cisco:ios:12.4jx cpe:/o:cisco:ios:12.4md cpe:/o:cisco:ios:12.4mr cpe:/o:cisco:ios:12.4sw cpe:/o:cisco:ios:12.4t cpe:/o:cisco:ios:12.4xa cpe:/o:cisco:ios:12.4xb cpe:/o:cisco:ios:12.4xc cpe:/o:cisco:ios:12.4xd cpe:/o:cisco:ios:12.4xe cpe:/o:cisco:ios:12.4xf cpe:/o:cisco:ios:12.4xg cpe:/o:cisco:ios:12.4xj cpe:/o:cisco:ios:12.4xk cpe:/o:cisco:ios:12.4xl cpe:/o:cisco:ios:12.4xm cpe:/o:cisco:ios:12.4xn cpe:/o:cisco:ios:12.4xp cpe:/o:cisco:ios:12.4xq cpe:/o:cisco:ios:12.4xr cpe:/o:cisco:ios:12.4xt cpe:/o:cisco:ios:12.4xv cpe:/o:cisco:ios:12.4xw cpe:/o:cisco:ios:12.4xy cpe:/o:cisco:ios:12.4xz cpe:/o:cisco:ios:12.4ya CVE-2009-0630 2009-03-27T12:30:02.017-04:00 2017-08-16T21:29:56.363-04:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov SECTRACK 1021897 CONFIRM http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml CISCO 20090325 Cisco IOS Software Multiple Features IP Sockets Vulnerability BID 34242 VUPEN ADV-2009-0851 XF ios-ipsockets-dos(49418) The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets. cpe:/o:cisco:ios:12.0 cpe:/o:cisco:ios:12.0da cpe:/o:cisco:ios:12.0db cpe:/o:cisco:ios:12.0dc cpe:/o:cisco:ios:12.0s cpe:/o:cisco:ios:12.0sc cpe:/o:cisco:ios:12.0sl cpe:/o:cisco:ios:12.0sp cpe:/o:cisco:ios:12.0st cpe:/o:cisco:ios:12.0sx cpe:/o:cisco:ios:12.0sy cpe:/o:cisco:ios:12.0sz cpe:/o:cisco:ios:12.0t cpe:/o:cisco:ios:12.0w cpe:/o:cisco:ios:12.0wc cpe:/o:cisco:ios:12.0wt cpe:/o:cisco:ios:12.0wx cpe:/o:cisco:ios:12.0xa cpe:/o:cisco:ios:12.0xb cpe:/o:cisco:ios:12.0xc cpe:/o:cisco:ios:12.0xd cpe:/o:cisco:ios:12.0xe cpe:/o:cisco:ios:12.0xg cpe:/o:cisco:ios:12.0xh cpe:/o:cisco:ios:12.0xi cpe:/o:cisco:ios:12.0xj cpe:/o:cisco:ios:12.0xk cpe:/o:cisco:ios:12.0xl cpe:/o:cisco:ios:12.0xm cpe:/o:cisco:ios:12.0xn cpe:/o:cisco:ios:12.0xq cpe:/o:cisco:ios:12.0xr cpe:/o:cisco:ios:12.0xs cpe:/o:cisco:ios:12.0xt cpe:/o:cisco:ios:12.0xv cpe:/o:cisco:ios:12.1 cpe:/o:cisco:ios:12.1aa cpe:/o:cisco:ios:12.1ax cpe:/o:cisco:ios:12.1ay cpe:/o:cisco:ios:12.1az cpe:/o:cisco:ios:12.1cx cpe:/o:cisco:ios:12.1da cpe:/o:cisco:ios:12.1db cpe:/o:cisco:ios:12.1dc cpe:/o:cisco:ios:12.1e cpe:/o:cisco:ios:12.1ea cpe:/o:cisco:ios:12.1eb cpe:/o:cisco:ios:12.1ec cpe:/o:cisco:ios:12.1eo cpe:/o:cisco:ios:12.1eu cpe:/o:cisco:ios:12.1ev cpe:/o:cisco:ios:12.1ew cpe:/o:cisco:ios:12.1ex cpe:/o:cisco:ios:12.1ey cpe:/o:cisco:ios:12.1ez cpe:/o:cisco:ios:12.1ga cpe:/o:cisco:ios:12.1gb cpe:/o:cisco:ios:12.1t cpe:/o:cisco:ios:12.1xa cpe:/o:cisco:ios:12.1xb cpe:/o:cisco:ios:12.1xc cpe:/o:cisco:ios:12.1xd cpe:/o:cisco:ios:12.1xe cpe:/o:cisco:ios:12.1xf cpe:/o:cisco:ios:12.1xg cpe:/o:cisco:ios:12.1xh cpe:/o:cisco:ios:12.1xi cpe:/o:cisco:ios:12.1xj cpe:/o:cisco:ios:12.1xl cpe:/o:cisco:ios:12.1xm cpe:/o:cisco:ios:12.1xp cpe:/o:cisco:ios:12.1xq cpe:/o:cisco:ios:12.1xr cpe:/o:cisco:ios:12.1xs cpe:/o:cisco:ios:12.1xt cpe:/o:cisco:ios:12.1xu cpe:/o:cisco:ios:12.1xv cpe:/o:cisco:ios:12.1xw cpe:/o:cisco:ios:12.1xx cpe:/o:cisco:ios:12.1xy cpe:/o:cisco:ios:12.1xz cpe:/o:cisco:ios:12.1ya cpe:/o:cisco:ios:12.1yb cpe:/o:cisco:ios:12.1yc cpe:/o:cisco:ios:12.1yd cpe:/o:cisco:ios:12.1ye cpe:/o:cisco:ios:12.1yf cpe:/o:cisco:ios:12.1yh cpe:/o:cisco:ios:12.1yi cpe:/o:cisco:ios:12.1yj cpe:/o:cisco:ios:12.2 cpe:/o:cisco:ios:12.2b cpe:/o:cisco:ios:12.2bc cpe:/o:cisco:ios:12.2bw cpe:/o:cisco:ios:12.2bx cpe:/o:cisco:ios:12.2by cpe:/o:cisco:ios:12.2bz cpe:/o:cisco:ios:12.2cx cpe:/o:cisco:ios:12.2cy cpe:/o:cisco:ios:12.2cz cpe:/o:cisco:ios:12.2da cpe:/o:cisco:ios:12.2dd cpe:/o:cisco:ios:12.2dx cpe:/o:cisco:ios:12.2ew cpe:/o:cisco:ios:12.2ewa cpe:/o:cisco:ios:12.2ex cpe:/o:cisco:ios:12.2ey cpe:/o:cisco:ios:12.2ez cpe:/o:cisco:ios:12.2fx cpe:/o:cisco:ios:12.2fy cpe:/o:cisco:ios:12.2fz cpe:/o:cisco:ios:12.2ira cpe:/o:cisco:ios:12.2irb cpe:/o:cisco:ios:12.2ixa cpe:/o:cisco:ios:12.2ixb cpe:/o:cisco:ios:12.2ixc cpe:/o:cisco:ios:12.2ixd cpe:/o:cisco:ios:12.2ixe cpe:/o:cisco:ios:12.2ixf cpe:/o:cisco:ios:12.2ixg cpe:/o:cisco:ios:12.2ja cpe:/o:cisco:ios:12.2jk cpe:/o:cisco:ios:12.2mb cpe:/o:cisco:ios:12.2mc cpe:/o:cisco:ios:12.2s cpe:/o:cisco:ios:12.2sb cpe:/o:cisco:ios:12.2sbc cpe:/o:cisco:ios:12.2sca cpe:/o:cisco:ios:12.2scb cpe:/o:cisco:ios:12.2se cpe:/o:cisco:ios:12.2sea cpe:/o:cisco:ios:12.2seb cpe:/o:cisco:ios:12.2sec cpe:/o:cisco:ios:12.2sed cpe:/o:cisco:ios:12.2see cpe:/o:cisco:ios:12.2sef cpe:/o:cisco:ios:12.2seg cpe:/o:cisco:ios:12.2sg cpe:/o:cisco:ios:12.2sga cpe:/o:cisco:ios:12.2sm cpe:/o:cisco:ios:12.2so cpe:/o:cisco:ios:12.2sq cpe:/o:cisco:ios:12.2sra cpe:/o:cisco:ios:12.2srb cpe:/o:cisco:ios:12.2src cpe:/o:cisco:ios:12.2srd cpe:/o:cisco:ios:12.2ste cpe:/o:cisco:ios:12.2su cpe:/o:cisco:ios:12.2sv cpe:/o:cisco:ios:12.2sva cpe:/o:cisco:ios:12.2svc cpe:/o:cisco:ios:12.2svd cpe:/o:cisco:ios:12.2sve cpe:/o:cisco:ios:12.2sw cpe:/o:cisco:ios:12.2sx cpe:/o:cisco:ios:12.2sxa cpe:/o:cisco:ios:12.2sxb cpe:/o:cisco:ios:12.2sxd cpe:/o:cisco:ios:12.2sxe cpe:/o:cisco:ios:12.2sxf cpe:/o:cisco:ios:12.2sxh cpe:/o:cisco:ios:12.2sxi cpe:/o:cisco:ios:12.2sy cpe:/o:cisco:ios:12.2sz cpe:/o:cisco:ios:12.2t cpe:/o:cisco:ios:12.2tpc cpe:/o:cisco:ios:12.2xa cpe:/o:cisco:ios:12.2xb cpe:/o:cisco:ios:12.2xc cpe:/o:cisco:ios:12.2xd cpe:/o:cisco:ios:12.2xe cpe:/o:cisco:ios:12.2xf cpe:/o:cisco:ios:12.2xg cpe:/o:cisco:ios:12.2xh cpe:/o:cisco:ios:12.2xi cpe:/o:cisco:ios:12.2xj cpe:/o:cisco:ios:12.2xk cpe:/o:cisco:ios:12.2xl cpe:/o:cisco:ios:12.2xm cpe:/o:cisco:ios:12.2xn cpe:/o:cisco:ios:12.2xna cpe:/o:cisco:ios:12.2xnb cpe:/o:cisco:ios:12.2xo cpe:/o:cisco:ios:12.2xq cpe:/o:cisco:ios:12.2xr cpe:/o:cisco:ios:12.2xs cpe:/o:cisco:ios:12.2xt cpe:/o:cisco:ios:12.2xu cpe:/o:cisco:ios:12.2xv cpe:/o:cisco:ios:12.2xw cpe:/o:cisco:ios:12.2ya cpe:/o:cisco:ios:12.2yb cpe:/o:cisco:ios:12.2yc cpe:/o:cisco:ios:12.2yd cpe:/o:cisco:ios:12.2ye cpe:/o:cisco:ios:12.2yf cpe:/o:cisco:ios:12.2yg cpe:/o:cisco:ios:12.2yh cpe:/o:cisco:ios:12.2yj cpe:/o:cisco:ios:12.2yk cpe:/o:cisco:ios:12.2yl cpe:/o:cisco:ios:12.2ym cpe:/o:cisco:ios:12.2yn cpe:/o:cisco:ios:12.2yo cpe:/o:cisco:ios:12.2yp cpe:/o:cisco:ios:12.2yq cpe:/o:cisco:ios:12.2yr cpe:/o:cisco:ios:12.2yt cpe:/o:cisco:ios:12.2yu cpe:/o:cisco:ios:12.2yv cpe:/o:cisco:ios:12.2yw cpe:/o:cisco:ios:12.2yx cpe:/o:cisco:ios:12.2yy cpe:/o:cisco:ios:12.2yz cpe:/o:cisco:ios:12.2za cpe:/o:cisco:ios:12.2zb cpe:/o:cisco:ios:12.2zc cpe:/o:cisco:ios:12.2zd cpe:/o:cisco:ios:12.2ze cpe:/o:cisco:ios:12.2zf cpe:/o:cisco:ios:12.2zg cpe:/o:cisco:ios:12.2zh cpe:/o:cisco:ios:12.2zj cpe:/o:cisco:ios:12.2zl cpe:/o:cisco:ios:12.2zp cpe:/o:cisco:ios:12.2zu cpe:/o:cisco:ios:12.2zx cpe:/o:cisco:ios:12.2zy cpe:/o:cisco:ios:12.2zya cpe:/o:cisco:ios:12.3 cpe:/o:cisco:ios:12.3b cpe:/o:cisco:ios:12.3bc cpe:/o:cisco:ios:12.3bw cpe:/o:cisco:ios:12.3ja cpe:/o:cisco:ios:12.3jea cpe:/o:cisco:ios:12.3jeb cpe:/o:cisco:ios:12.3jec cpe:/o:cisco:ios:12.3jk cpe:/o:cisco:ios:12.3jl cpe:/o:cisco:ios:12.3jx cpe:/o:cisco:ios:12.3t cpe:/o:cisco:ios:12.3tpc cpe:/o:cisco:ios:12.3va cpe:/o:cisco:ios:12.3xa cpe:/o:cisco:ios:12.3xb cpe:/o:cisco:ios:12.3xc cpe:/o:cisco:ios:12.3xd cpe:/o:cisco:ios:12.3xe cpe:/o:cisco:ios:12.3xf cpe:/o:cisco:ios:12.3xg cpe:/o:cisco:ios:12.3xi cpe:/o:cisco:ios:12.3xj cpe:/o:cisco:ios:12.3xk cpe:/o:cisco:ios:12.3xl cpe:/o:cisco:ios:12.3xq cpe:/o:cisco:ios:12.3xr cpe:/o:cisco:ios:12.3xs cpe:/o:cisco:ios:12.3xu cpe:/o:cisco:ios:12.3xw cpe:/o:cisco:ios:12.3xx cpe:/o:cisco:ios:12.3xy cpe:/o:cisco:ios:12.3xz cpe:/o:cisco:ios:12.3ya cpe:/o:cisco:ios:12.3yd cpe:/o:cisco:ios:12.3yf cpe:/o:cisco:ios:12.3yg cpe:/o:cisco:ios:12.3yh cpe:/o:cisco:ios:12.3yi cpe:/o:cisco:ios:12.3yj cpe:/o:cisco:ios:12.3yk cpe:/o:cisco:ios:12.3ym cpe:/o:cisco:ios:12.3yq cpe:/o:cisco:ios:12.3ys cpe:/o:cisco:ios:12.3yt cpe:/o:cisco:ios:12.3yu cpe:/o:cisco:ios:12.3yx cpe:/o:cisco:ios:12.3yz cpe:/o:cisco:ios:12.4 cpe:/o:cisco:ios:12.4ja cpe:/o:cisco:ios:12.4jda cpe:/o:cisco:ios:12.4jk cpe:/o:cisco:ios:12.4jl cpe:/o:cisco:ios:12.4jma cpe:/o:cisco:ios:12.4jmb cpe:/o:cisco:ios:12.4jx cpe:/o:cisco:ios:12.4md cpe:/o:cisco:ios:12.4mr cpe:/o:cisco:ios:12.4sw cpe:/o:cisco:ios:12.4t cpe:/o:cisco:ios:12.4xa cpe:/o:cisco:ios:12.4xb cpe:/o:cisco:ios:12.4xc cpe:/o:cisco:ios:12.4xd cpe:/o:cisco:ios:12.4xe cpe:/o:cisco:ios:12.4xf cpe:/o:cisco:ios:12.4xg cpe:/o:cisco:ios:12.4xj cpe:/o:cisco:ios:12.4xk cpe:/o:cisco:ios:12.4xl cpe:/o:cisco:ios:12.4xm cpe:/o:cisco:ios:12.4xn cpe:/o:cisco:ios:12.4xp cpe:/o:cisco:ios:12.4xq cpe:/o:cisco:ios:12.4xr cpe:/o:cisco:ios:12.4xt cpe:/o:cisco:ios:12.4xv cpe:/o:cisco:ios:12.4xw cpe:/o:cisco:ios:12.4xy cpe:/o:cisco:ios:12.4xz cpe:/o:cisco:ios:12.4ya CVE-2009-0631 2009-03-27T11:16:24.047-04:00 2017-09-28T21:33:55.920-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CISCO 20090325 Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability CONFIRM http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml BID 34245 SECTRACK 1021904 XF ios-udp-dos(49419) Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet. cpe:/a:cisco:unified_communications_manager:4.1 cpe:/a:cisco:unified_communications_manager:4.2 cpe:/a:cisco:unified_communications_manager:4.2%283%29sr1 cpe:/a:cisco:unified_communications_manager:4.2%283%29sr2b cpe:/a:cisco:unified_communications_manager:4.2%283%29sr3 cpe:/a:cisco:unified_communications_manager:4.2%283%29sr4 cpe:/a:cisco:unified_communications_manager:4.3 cpe:/a:cisco:unified_communications_manager:4.3%281%29sr.1 cpe:/a:cisco:unified_communications_manager:4.3%282%29 cpe:/a:cisco:unified_communications_manager:4.3%282%29sr1 cpe:/a:cisco:unified_communications_manager:5.0 cpe:/a:cisco:unified_communications_manager:5.1%281%29 cpe:/a:cisco:unified_communications_manager:5.1%282%29 cpe:/a:cisco:unified_communications_manager:5.1%282a%29 cpe:/a:cisco:unified_communications_manager:5.1%282b%29 cpe:/a:cisco:unified_communications_manager:5.1%283%29 cpe:/a:cisco:unified_communications_manager:5.1%283a%29 cpe:/a:cisco:unified_communications_manager:5.1%283c%29 cpe:/a:cisco:unified_communications_manager:5.1%283d%29 cpe:/a:cisco:unified_communications_manager:6.0 cpe:/a:cisco:unified_communications_manager:6.0%281%29 cpe:/a:cisco:unified_communications_manager:6.0%281a%29 cpe:/a:cisco:unified_communications_manager:6.1 cpe:/a:cisco:unified_communications_manager:6.1%281%29 cpe:/a:cisco:unified_communications_manager:6.1%281a%29 cpe:/a:cisco:unified_communications_manager:6.1%282%29 cpe:/a:cisco:unified_communications_manager:6.1%282%29su1 cpe:/a:cisco:unified_communications_manager:6.1%283%29 cpe:/a:cisco:unified_communications_manager:7.0 cpe:/a:cisco:unified_communications_manager:7.0%281%29 CVE-2009-0632 2009-03-12T11:20:49.750-04:00 2017-08-16T21:29:56.537-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS CISCO 20090311 Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability CISCO 20090311 Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability BID 34082 SECTRACK 1021839 VUPEN ADV-2009-0675 XF cucm-pab-privilege-escalation(49196) The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x. cpe:/o:cisco:cisco_ios:12.3 cpe:/o:cisco:cisco_ios:12.3:b cpe:/o:cisco:cisco_ios:12.3:bc cpe:/o:cisco:cisco_ios:12.3:bw cpe:/o:cisco:cisco_ios:12.3:eu cpe:/o:cisco:cisco_ios:12.3:ja cpe:/o:cisco:cisco_ios:12.3:jea cpe:/o:cisco:cisco_ios:12.3:jeb cpe:/o:cisco:cisco_ios:12.3:jec cpe:/o:cisco:cisco_ios:12.3:jk cpe:/o:cisco:cisco_ios:12.3:jl cpe:/o:cisco:cisco_ios:12.3:jx cpe:/o:cisco:cisco_ios:12.3:t cpe:/o:cisco:cisco_ios:12.3:tpc cpe:/o:cisco:cisco_ios:12.3:va cpe:/o:cisco:cisco_ios:12.3:xa cpe:/o:cisco:cisco_ios:12.3:xb cpe:/o:cisco:cisco_ios:12.3:xc cpe:/o:cisco:cisco_ios:12.3:xd cpe:/o:cisco:cisco_ios:12.3:xe cpe:/o:cisco:cisco_ios:12.3:xf cpe:/o:cisco:cisco_ios:12.3:xg cpe:/o:cisco:cisco_ios:12.3:xh cpe:/o:cisco:cisco_ios:12.3:xi cpe:/o:cisco:cisco_ios:12.3:xj cpe:/o:cisco:cisco_ios:12.3:xk cpe:/o:cisco:cisco_ios:12.3:xq cpe:/o:cisco:cisco_ios:12.3:xr cpe:/o:cisco:cisco_ios:12.3:xs cpe:/o:cisco:cisco_ios:12.3:xu cpe:/o:cisco:cisco_ios:12.3:xw cpe:/o:cisco:cisco_ios:12.3:xy cpe:/o:cisco:cisco_ios:12.3:ya cpe:/o:cisco:cisco_ios:12.3:yd cpe:/o:cisco:cisco_ios:12.3:yf cpe:/o:cisco:cisco_ios:12.3:yg cpe:/o:cisco:cisco_ios:12.3:yh cpe:/o:cisco:cisco_ios:12.3:yi cpe:/o:cisco:cisco_ios:12.3:yj cpe:/o:cisco:cisco_ios:12.3:yk cpe:/o:cisco:cisco_ios:12.3:ym cpe:/o:cisco:cisco_ios:12.3:yq cpe:/o:cisco:cisco_ios:12.3:ys cpe:/o:cisco:cisco_ios:12.3:yt cpe:/o:cisco:cisco_ios:12.3:yu cpe:/o:cisco:cisco_ios:12.3:yx cpe:/o:cisco:cisco_ios:12.3:yz cpe:/o:cisco:cisco_ios:12.4 cpe:/o:cisco:cisco_ios:12.4:ja cpe:/o:cisco:cisco_ios:12.4:jk cpe:/o:cisco:cisco_ios:12.4:jma cpe:/o:cisco:cisco_ios:12.4:jmb cpe:/o:cisco:cisco_ios:12.4:jmc cpe:/o:cisco:cisco_ios:12.4:jx cpe:/o:cisco:cisco_ios:12.4:md cpe:/o:cisco:cisco_ios:12.4:mr cpe:/o:cisco:cisco_ios:12.4:sw cpe:/o:cisco:cisco_ios:12.4:t cpe:/o:cisco:cisco_ios:12.4:xa cpe:/o:cisco:cisco_ios:12.4:xb cpe:/o:cisco:cisco_ios:12.4:xc cpe:/o:cisco:cisco_ios:12.4:xd cpe:/o:cisco:cisco_ios:12.4:xe cpe:/o:cisco:cisco_ios:12.4:xf cpe:/o:cisco:cisco_ios:12.4:xg cpe:/o:cisco:cisco_ios:12.4:xj cpe:/o:cisco:cisco_ios:12.4:xk CVE-2009-0633 2009-03-27T12:30:02.030-04:00 2017-09-28T21:33:56.013-04:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov SECTRACK 1021898 CISCO 20090325 Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities CONFIRM http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml BID 34241 VUPEN ADV-2009-0851 XF ios-mobile-dos(49424) Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220. cpe:/o:cisco:cisco_ios:12.3 cpe:/o:cisco:cisco_ios:12.3:b cpe:/o:cisco:cisco_ios:12.3:bc cpe:/o:cisco:cisco_ios:12.3:bw cpe:/o:cisco:cisco_ios:12.3:eu cpe:/o:cisco:cisco_ios:12.3:ja cpe:/o:cisco:cisco_ios:12.3:jea cpe:/o:cisco:cisco_ios:12.3:jeb cpe:/o:cisco:cisco_ios:12.3:jec cpe:/o:cisco:cisco_ios:12.3:jk cpe:/o:cisco:cisco_ios:12.3:jl cpe:/o:cisco:cisco_ios:12.3:jx cpe:/o:cisco:cisco_ios:12.3:t cpe:/o:cisco:cisco_ios:12.3:tpc cpe:/o:cisco:cisco_ios:12.3:va cpe:/o:cisco:cisco_ios:12.3:xa cpe:/o:cisco:cisco_ios:12.3:xb cpe:/o:cisco:cisco_ios:12.3:xc cpe:/o:cisco:cisco_ios:12.3:xd cpe:/o:cisco:cisco_ios:12.3:xe cpe:/o:cisco:cisco_ios:12.3:xf cpe:/o:cisco:cisco_ios:12.3:xg cpe:/o:cisco:cisco_ios:12.3:xh cpe:/o:cisco:cisco_ios:12.3:xi cpe:/o:cisco:cisco_ios:12.3:xj cpe:/o:cisco:cisco_ios:12.3:xk cpe:/o:cisco:cisco_ios:12.3:xq cpe:/o:cisco:cisco_ios:12.3:xr cpe:/o:cisco:cisco_ios:12.3:xs cpe:/o:cisco:cisco_ios:12.3:xu cpe:/o:cisco:cisco_ios:12.3:xw cpe:/o:cisco:cisco_ios:12.3:xy cpe:/o:cisco:cisco_ios:12.3:ya cpe:/o:cisco:cisco_ios:12.3:yd cpe:/o:cisco:cisco_ios:12.3:yf cpe:/o:cisco:cisco_ios:12.3:yg cpe:/o:cisco:cisco_ios:12.3:yh cpe:/o:cisco:cisco_ios:12.3:yi cpe:/o:cisco:cisco_ios:12.3:yj cpe:/o:cisco:cisco_ios:12.3:yk cpe:/o:cisco:cisco_ios:12.3:ym cpe:/o:cisco:cisco_ios:12.3:yq cpe:/o:cisco:cisco_ios:12.3:ys cpe:/o:cisco:cisco_ios:12.3:yt cpe:/o:cisco:cisco_ios:12.3:yu cpe:/o:cisco:cisco_ios:12.3:yx cpe:/o:cisco:cisco_ios:12.3:yz cpe:/o:cisco:cisco_ios:12.4 cpe:/o:cisco:cisco_ios:12.4:ja cpe:/o:cisco:cisco_ios:12.4:jk cpe:/o:cisco:cisco_ios:12.4:jma cpe:/o:cisco:cisco_ios:12.4:jmb cpe:/o:cisco:cisco_ios:12.4:jmc cpe:/o:cisco:cisco_ios:12.4:jx cpe:/o:cisco:cisco_ios:12.4:md cpe:/o:cisco:cisco_ios:12.4:mr cpe:/o:cisco:cisco_ios:12.4:sw cpe:/o:cisco:cisco_ios:12.4:t cpe:/o:cisco:cisco_ios:12.4:xa cpe:/o:cisco:cisco_ios:12.4:xb cpe:/o:cisco:cisco_ios:12.4:xc cpe:/o:cisco:cisco_ios:12.4:xd cpe:/o:cisco:cisco_ios:12.4:xe cpe:/o:cisco:cisco_ios:12.4:xf cpe:/o:cisco:cisco_ios:12.4:xg cpe:/o:cisco:cisco_ios:12.4:xj cpe:/o:cisco:cisco_ios:12.4:xk CVE-2009-0634 2009-03-27T12:30:02.063-04:00 2017-09-28T21:33:56.090-04:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov SECTRACK 1021898 CISCO 20090325 Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities CONFIRM http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml BID 34241 VUPEN ADV-2009-0851 XF ios-mobile-dos(49424) XF ios-mobile-ha-dos(49585) Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337. cpe:/o:cisco:ios:12.4t cpe:/o:cisco:ios:12.4xz cpe:/o:cisco:ios:12.4ya CVE-2009-0635 2009-03-27T12:30:02.077-04:00 2017-08-16T21:29:56.740-04:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov CISCO 20090325 Cisco IOS cTCP Denial of Service Vulnerability CONFIRM http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml BID 34246 SECTRACK 1021895 VUPEN ADV-2009-0851 XF ios-ctcp-dos(49417) Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets. cpe:/o:cisco:ios:12.0 cpe:/o:cisco:ios:12.0da cpe:/o:cisco:ios:12.0db cpe:/o:cisco:ios:12.0dc cpe:/o:cisco:ios:12.0s cpe:/o:cisco:ios:12.0sc cpe:/o:cisco:ios:12.0sl cpe:/o:cisco:ios:12.0sp cpe:/o:cisco:ios:12.0st cpe:/o:cisco:ios:12.0sx cpe:/o:cisco:ios:12.0sy cpe:/o:cisco:ios:12.0sz cpe:/o:cisco:ios:12.0t cpe:/o:cisco:ios:12.0w cpe:/o:cisco:ios:12.0wc cpe:/o:cisco:ios:12.0wt cpe:/o:cisco:ios:12.0wx cpe:/o:cisco:ios:12.0xa cpe:/o:cisco:ios:12.0xb cpe:/o:cisco:ios:12.0xc cpe:/o:cisco:ios:12.0xd cpe:/o:cisco:ios:12.0xe cpe:/o:cisco:ios:12.0xg cpe:/o:cisco:ios:12.0xh cpe:/o:cisco:ios:12.0xi cpe:/o:cisco:ios:12.0xj cpe:/o:cisco:ios:12.0xk cpe:/o:cisco:ios:12.0xl cpe:/o:cisco:ios:12.0xm cpe:/o:cisco:ios:12.0xn cpe:/o:cisco:ios:12.0xq cpe:/o:cisco:ios:12.0xr cpe:/o:cisco:ios:12.0xs cpe:/o:cisco:ios:12.0xt cpe:/o:cisco:ios:12.0xv cpe:/o:cisco:ios:12.1 cpe:/o:cisco:ios:12.1aa cpe:/o:cisco:ios:12.1ax cpe:/o:cisco:ios:12.1ay cpe:/o:cisco:ios:12.1az cpe:/o:cisco:ios:12.1cx cpe:/o:cisco:ios:12.1da cpe:/o:cisco:ios:12.1db cpe:/o:cisco:ios:12.1dc cpe:/o:cisco:ios:12.1e cpe:/o:cisco:ios:12.1ea cpe:/o:cisco:ios:12.1eb cpe:/o:cisco:ios:12.1ec cpe:/o:cisco:ios:12.1eo cpe:/o:cisco:ios:12.1eu cpe:/o:cisco:ios:12.1ev cpe:/o:cisco:ios:12.1ew cpe:/o:cisco:ios:12.1ex cpe:/o:cisco:ios:12.1ey cpe:/o:cisco:ios:12.1ez cpe:/o:cisco:ios:12.1ga cpe:/o:cisco:ios:12.1gb cpe:/o:cisco:ios:12.1t cpe:/o:cisco:ios:12.1xa cpe:/o:cisco:ios:12.1xb cpe:/o:cisco:ios:12.1xc cpe:/o:cisco:ios:12.1xd cpe:/o:cisco:ios:12.1xe cpe:/o:cisco:ios:12.1xf cpe:/o:cisco:ios:12.1xg cpe:/o:cisco:ios:12.1xh cpe:/o:cisco:ios:12.1xi cpe:/o:cisco:ios:12.1xj cpe:/o:cisco:ios:12.1xl cpe:/o:cisco:ios:12.1xm cpe:/o:cisco:ios:12.1xp cpe:/o:cisco:ios:12.1xq cpe:/o:cisco:ios:12.1xr cpe:/o:cisco:ios:12.1xs cpe:/o:cisco:ios:12.1xt cpe:/o:cisco:ios:12.1xu cpe:/o:cisco:ios:12.1xv cpe:/o:cisco:ios:12.1xw cpe:/o:cisco:ios:12.1xx cpe:/o:cisco:ios:12.1xy cpe:/o:cisco:ios:12.1xz cpe:/o:cisco:ios:12.1ya cpe:/o:cisco:ios:12.1yb cpe:/o:cisco:ios:12.1yc cpe:/o:cisco:ios:12.1yd cpe:/o:cisco:ios:12.1ye cpe:/o:cisco:ios:12.1yf cpe:/o:cisco:ios:12.1yh cpe:/o:cisco:ios:12.1yi cpe:/o:cisco:ios:12.1yj cpe:/o:cisco:ios:12.2 cpe:/o:cisco:ios:12.2b cpe:/o:cisco:ios:12.2bc cpe:/o:cisco:ios:12.2bw cpe:/o:cisco:ios:12.2bx cpe:/o:cisco:ios:12.2by cpe:/o:cisco:ios:12.2bz cpe:/o:cisco:ios:12.2cx cpe:/o:cisco:ios:12.2cy cpe:/o:cisco:ios:12.2cz cpe:/o:cisco:ios:12.2da cpe:/o:cisco:ios:12.2dd cpe:/o:cisco:ios:12.2dx cpe:/o:cisco:ios:12.2ew cpe:/o:cisco:ios:12.2ewa cpe:/o:cisco:ios:12.2ex cpe:/o:cisco:ios:12.2ey cpe:/o:cisco:ios:12.2ez cpe:/o:cisco:ios:12.2fx cpe:/o:cisco:ios:12.2fy cpe:/o:cisco:ios:12.2fz cpe:/o:cisco:ios:12.2ira cpe:/o:cisco:ios:12.2irb cpe:/o:cisco:ios:12.2ixa cpe:/o:cisco:ios:12.2ixb cpe:/o:cisco:ios:12.2ixc cpe:/o:cisco:ios:12.2ixd cpe:/o:cisco:ios:12.2ixe cpe:/o:cisco:ios:12.2ixf cpe:/o:cisco:ios:12.2ixg cpe:/o:cisco:ios:12.2ja cpe:/o:cisco:ios:12.2jk cpe:/o:cisco:ios:12.2mb cpe:/o:cisco:ios:12.2mc cpe:/o:cisco:ios:12.2s cpe:/o:cisco:ios:12.2sb cpe:/o:cisco:ios:12.2sbc cpe:/o:cisco:ios:12.2sca cpe:/o:cisco:ios:12.2scb cpe:/o:cisco:ios:12.2se cpe:/o:cisco:ios:12.2sea cpe:/o:cisco:ios:12.2seb cpe:/o:cisco:ios:12.2sec cpe:/o:cisco:ios:12.2sed cpe:/o:cisco:ios:12.2see cpe:/o:cisco:ios:12.2sef cpe:/o:cisco:ios:12.2seg cpe:/o:cisco:ios:12.2sg cpe:/o:cisco:ios:12.2sga cpe:/o:cisco:ios:12.2sm cpe:/o:cisco:ios:12.2so cpe:/o:cisco:ios:12.2sq cpe:/o:cisco:ios:12.2sra cpe:/o:cisco:ios:12.2srb cpe:/o:cisco:ios:12.2src cpe:/o:cisco:ios:12.2srd cpe:/o:cisco:ios:12.2ste cpe:/o:cisco:ios:12.2su cpe:/o:cisco:ios:12.2sv cpe:/o:cisco:ios:12.2sva cpe:/o:cisco:ios:12.2svc cpe:/o:cisco:ios:12.2svd cpe:/o:cisco:ios:12.2sve cpe:/o:cisco:ios:12.2sw cpe:/o:cisco:ios:12.2sx cpe:/o:cisco:ios:12.2sxa cpe:/o:cisco:ios:12.2sxb cpe:/o:cisco:ios:12.2sxd cpe:/o:cisco:ios:12.2sxe cpe:/o:cisco:ios:12.2sxf cpe:/o:cisco:ios:12.2sxh cpe:/o:cisco:ios:12.2sxi cpe:/o:cisco:ios:12.2sy cpe:/o:cisco:ios:12.2sz cpe:/o:cisco:ios:12.2t cpe:/o:cisco:ios:12.2tpc cpe:/o:cisco:ios:12.2xa cpe:/o:cisco:ios:12.2xb cpe:/o:cisco:ios:12.2xc cpe:/o:cisco:ios:12.2xd cpe:/o:cisco:ios:12.2xe cpe:/o:cisco:ios:12.2xf cpe:/o:cisco:ios:12.2xg cpe:/o:cisco:ios:12.2xh cpe:/o:cisco:ios:12.2xi cpe:/o:cisco:ios:12.2xj cpe:/o:cisco:ios:12.2xk cpe:/o:cisco:ios:12.2xl cpe:/o:cisco:ios:12.2xm cpe:/o:cisco:ios:12.2xn cpe:/o:cisco:ios:12.2xna cpe:/o:cisco:ios:12.2xnb cpe:/o:cisco:ios:12.2xo cpe:/o:cisco:ios:12.2xq cpe:/o:cisco:ios:12.2xr cpe:/o:cisco:ios:12.2xs cpe:/o:cisco:ios:12.2xt cpe:/o:cisco:ios:12.2xu cpe:/o:cisco:ios:12.2xv cpe:/o:cisco:ios:12.2xw cpe:/o:cisco:ios:12.2ya cpe:/o:cisco:ios:12.2yb cpe:/o:cisco:ios:12.2yc cpe:/o:cisco:ios:12.2yd cpe:/o:cisco:ios:12.2ye cpe:/o:cisco:ios:12.2yf cpe:/o:cisco:ios:12.2yg cpe:/o:cisco:ios:12.2yh cpe:/o:cisco:ios:12.2yj cpe:/o:cisco:ios:12.2yk cpe:/o:cisco:ios:12.2yl cpe:/o:cisco:ios:12.2ym cpe:/o:cisco:ios:12.2yn cpe:/o:cisco:ios:12.2yo cpe:/o:cisco:ios:12.2yp cpe:/o:cisco:ios:12.2yq cpe:/o:cisco:ios:12.2yr cpe:/o:cisco:ios:12.2yt cpe:/o:cisco:ios:12.2yu cpe:/o:cisco:ios:12.2yv cpe:/o:cisco:ios:12.2yw cpe:/o:cisco:ios:12.2yx cpe:/o:cisco:ios:12.2yy cpe:/o:cisco:ios:12.2yz cpe:/o:cisco:ios:12.2za cpe:/o:cisco:ios:12.2zb cpe:/o:cisco:ios:12.2zc cpe:/o:cisco:ios:12.2zd cpe:/o:cisco:ios:12.2ze cpe:/o:cisco:ios:12.2zf cpe:/o:cisco:ios:12.2zg cpe:/o:cisco:ios:12.2zh cpe:/o:cisco:ios:12.2zj cpe:/o:cisco:ios:12.2zl cpe:/o:cisco:ios:12.2zp cpe:/o:cisco:ios:12.2zu cpe:/o:cisco:ios:12.2zx cpe:/o:cisco:ios:12.2zy cpe:/o:cisco:ios:12.2zya cpe:/o:cisco:ios:12.3 cpe:/o:cisco:ios:12.3b cpe:/o:cisco:ios:12.3bc cpe:/o:cisco:ios:12.3bw cpe:/o:cisco:ios:12.3ja cpe:/o:cisco:ios:12.3jea cpe:/o:cisco:ios:12.3jeb cpe:/o:cisco:ios:12.3jec cpe:/o:cisco:ios:12.3jk cpe:/o:cisco:ios:12.3jl cpe:/o:cisco:ios:12.3jx cpe:/o:cisco:ios:12.3t cpe:/o:cisco:ios:12.3tpc cpe:/o:cisco:ios:12.3va cpe:/o:cisco:ios:12.3xa cpe:/o:cisco:ios:12.3xb cpe:/o:cisco:ios:12.3xc cpe:/o:cisco:ios:12.3xd cpe:/o:cisco:ios:12.3xe cpe:/o:cisco:ios:12.3xf cpe:/o:cisco:ios:12.3xg cpe:/o:cisco:ios:12.3xi cpe:/o:cisco:ios:12.3xj cpe:/o:cisco:ios:12.3xk cpe:/o:cisco:ios:12.3xl cpe:/o:cisco:ios:12.3xq cpe:/o:cisco:ios:12.3xr cpe:/o:cisco:ios:12.3xs cpe:/o:cisco:ios:12.3xu cpe:/o:cisco:ios:12.3xw cpe:/o:cisco:ios:12.3xx cpe:/o:cisco:ios:12.3xy cpe:/o:cisco:ios:12.3xz cpe:/o:cisco:ios:12.3ya cpe:/o:cisco:ios:12.3yd cpe:/o:cisco:ios:12.3yf cpe:/o:cisco:ios:12.3yg cpe:/o:cisco:ios:12.3yh cpe:/o:cisco:ios:12.3yi cpe:/o:cisco:ios:12.3yj cpe:/o:cisco:ios:12.3yk cpe:/o:cisco:ios:12.3ym cpe:/o:cisco:ios:12.3yq cpe:/o:cisco:ios:12.3ys cpe:/o:cisco:ios:12.3yt cpe:/o:cisco:ios:12.3yu cpe:/o:cisco:ios:12.3yx cpe:/o:cisco:ios:12.3yz cpe:/o:cisco:ios:12.4 cpe:/o:cisco:ios:12.4ja cpe:/o:cisco:ios:12.4jda cpe:/o:cisco:ios:12.4jk cpe:/o:cisco:ios:12.4jl cpe:/o:cisco:ios:12.4jma cpe:/o:cisco:ios:12.4jmb cpe:/o:cisco:ios:12.4jx cpe:/o:cisco:ios:12.4md cpe:/o:cisco:ios:12.4mr cpe:/o:cisco:ios:12.4sw cpe:/o:cisco:ios:12.4t cpe:/o:cisco:ios:12.4xa cpe:/o:cisco:ios:12.4xb cpe:/o:cisco:ios:12.4xc cpe:/o:cisco:ios:12.4xd cpe:/o:cisco:ios:12.4xe cpe:/o:cisco:ios:12.4xf cpe:/o:cisco:ios:12.4xg cpe:/o:cisco:ios:12.4xj cpe:/o:cisco:ios:12.4xk cpe:/o:cisco:ios:12.4xl cpe:/o:cisco:ios:12.4xm cpe:/o:cisco:ios:12.4xn cpe:/o:cisco:ios:12.4xp cpe:/o:cisco:ios:12.4xq cpe:/o:cisco:ios:12.4xr cpe:/o:cisco:ios:12.4xt cpe:/o:cisco:ios:12.4xv cpe:/o:cisco:ios:12.4xw cpe:/o:cisco:ios:12.4xy cpe:/o:cisco:ios:12.4xz cpe:/o:cisco:ios:12.4ya CVE-2009-0636 2009-03-27T12:30:02.093-04:00 2017-08-16T21:29:56.817-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov SECTRACK 1021902 CONFIRM http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml CISCO 20090325 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability BID 34243 VUPEN ADV-2009-0851 XF ios-sip-dos(49421) Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message. cpe:/o:cisco:ios:12.2 cpe:/o:cisco:ios:12.2b cpe:/o:cisco:ios:12.2bc cpe:/o:cisco:ios:12.2bw cpe:/o:cisco:ios:12.2bx cpe:/o:cisco:ios:12.2by cpe:/o:cisco:ios:12.2bz cpe:/o:cisco:ios:12.2ca cpe:/o:cisco:ios:12.2cx cpe:/o:cisco:ios:12.2cy cpe:/o:cisco:ios:12.2cz cpe:/o:cisco:ios:12.2da cpe:/o:cisco:ios:12.2dd cpe:/o:cisco:ios:12.2dx cpe:/o:cisco:ios:12.2ew cpe:/o:cisco:ios:12.2ewa cpe:/o:cisco:ios:12.2ex cpe:/o:cisco:ios:12.2ey cpe:/o:cisco:ios:12.2ez cpe:/o:cisco:ios:12.2fx cpe:/o:cisco:ios:12.2fy cpe:/o:cisco:ios:12.2fz cpe:/o:cisco:ios:12.2irb cpe:/o:cisco:ios:12.2ixa cpe:/o:cisco:ios:12.2ixb cpe:/o:cisco:ios:12.2ixc cpe:/o:cisco:ios:12.2ixd cpe:/o:cisco:ios:12.2ixe cpe:/o:cisco:ios:12.2ixf cpe:/o:cisco:ios:12.2ixg cpe:/o:cisco:ios:12.2ja cpe:/o:cisco:ios:12.2jk cpe:/o:cisco:ios:12.2l cpe:/o:cisco:ios:12.2mb cpe:/o:cisco:ios:12.2mc cpe:/o:cisco:ios:12.2rc cpe:/o:cisco:ios:12.2s cpe:/o:cisco:ios:12.2sb cpe:/o:cisco:ios:12.2sbc cpe:/o:cisco:ios:12.2sca cpe:/o:cisco:ios:12.2sga cpe:/o:cisco:ios:12.2sm cpe:/o:cisco:ios:12.2so cpe:/o:cisco:ios:12.2sr cpe:/o:cisco:ios:12.2sra cpe:/o:cisco:ios:12.2srb cpe:/o:cisco:ios:12.2src cpe:/o:cisco:ios:12.2su cpe:/o:cisco:ios:12.2sv cpe:/o:cisco:ios:12.2sva cpe:/o:cisco:ios:12.2svc cpe:/o:cisco:ios:12.2svd cpe:/o:cisco:ios:12.2sve cpe:/o:cisco:ios:12.2sw cpe:/o:cisco:ios:12.2sx cpe:/o:cisco:ios:12.2sxa cpe:/o:cisco:ios:12.2sxb cpe:/o:cisco:ios:12.2sxd cpe:/o:cisco:ios:12.2sxe cpe:/o:cisco:ios:12.2sxf cpe:/o:cisco:ios:12.2sy cpe:/o:cisco:ios:12.2sz cpe:/o:cisco:ios:12.2t cpe:/o:cisco:ios:12.2tpc cpe:/o:cisco:ios:12.2xa cpe:/o:cisco:ios:12.2xb cpe:/o:cisco:ios:12.2xc cpe:/o:cisco:ios:12.2xd cpe:/o:cisco:ios:12.2xe cpe:/o:cisco:ios:12.2xf cpe:/o:cisco:ios:12.2xg cpe:/o:cisco:ios:12.2xh cpe:/o:cisco:ios:12.2xi cpe:/o:cisco:ios:12.2xj cpe:/o:cisco:ios:12.2xk cpe:/o:cisco:ios:12.2xl cpe:/o:cisco:ios:12.2xm cpe:/o:cisco:ios:12.2xn cpe:/o:cisco:ios:12.2xo cpe:/o:cisco:ios:12.2xq cpe:/o:cisco:ios:12.2xr cpe:/o:cisco:ios:12.2xs cpe:/o:cisco:ios:12.2xt cpe:/o:cisco:ios:12.2xu cpe:/o:cisco:ios:12.2xv cpe:/o:cisco:ios:12.2xw cpe:/o:cisco:ios:12.2ya cpe:/o:cisco:ios:12.2yb cpe:/o:cisco:ios:12.2yc cpe:/o:cisco:ios:12.2yd cpe:/o:cisco:ios:12.2ye cpe:/o:cisco:ios:12.2yf cpe:/o:cisco:ios:12.2yg cpe:/o:cisco:ios:12.2yh cpe:/o:cisco:ios:12.2yj cpe:/o:cisco:ios:12.2yk cpe:/o:cisco:ios:12.2yl cpe:/o:cisco:ios:12.2ym cpe:/o:cisco:ios:12.2yn cpe:/o:cisco:ios:12.2yo cpe:/o:cisco:ios:12.2yp cpe:/o:cisco:ios:12.2yq cpe:/o:cisco:ios:12.2yr cpe:/o:cisco:ios:12.2ys cpe:/o:cisco:ios:12.2yt cpe:/o:cisco:ios:12.2yu cpe:/o:cisco:ios:12.2yv cpe:/o:cisco:ios:12.2yw cpe:/o:cisco:ios:12.2yx cpe:/o:cisco:ios:12.2yy cpe:/o:cisco:ios:12.2yz cpe:/o:cisco:ios:12.2za cpe:/o:cisco:ios:12.2zb cpe:/o:cisco:ios:12.2zc cpe:/o:cisco:ios:12.2zd cpe:/o:cisco:ios:12.2ze cpe:/o:cisco:ios:12.2zf cpe:/o:cisco:ios:12.2zg cpe:/o:cisco:ios:12.2zh cpe:/o:cisco:ios:12.2zj cpe:/o:cisco:ios:12.2zl cpe:/o:cisco:ios:12.2zp cpe:/o:cisco:ios:12.2zu cpe:/o:cisco:ios:12.2zx cpe:/o:cisco:ios:12.2zy cpe:/o:cisco:ios:12.2zya cpe:/o:cisco:ios:12.4 cpe:/o:cisco:ios:12.4%281%29 cpe:/o:cisco:ios:12.4%281b%29 cpe:/o:cisco:ios:12.4%281c%29 cpe:/o:cisco:ios:12.4%282%29mr cpe:/o:cisco:ios:12.4%282%29mr1 cpe:/o:cisco:ios:12.4%282%29t cpe:/o:cisco:ios:12.4%282%29t1 cpe:/o:cisco:ios:12.4%282%29t2 cpe:/o:cisco:ios:12.4%282%29t3 cpe:/o:cisco:ios:12.4%282%29t4 cpe:/o:cisco:ios:12.4%282%29xa cpe:/o:cisco:ios:12.4%282%29xb cpe:/o:cisco:ios:12.4%282%29xb2 cpe:/o:cisco:ios:12.4%283%29 cpe:/o:cisco:ios:12.4%283%29t2 cpe:/o:cisco:ios:12.4%283a%29 cpe:/o:cisco:ios:12.4%283b%29 cpe:/o:cisco:ios:12.4%283d%29 cpe:/o:cisco:ios:12.4%284%29mr cpe:/o:cisco:ios:12.4%284%29t cpe:/o:cisco:ios:12.4%284%29t2 cpe:/o:cisco:ios:12.4%285%29 cpe:/o:cisco:ios:12.4%285b%29 cpe:/o:cisco:ios:12.4%286%29t cpe:/o:cisco:ios:12.4%286%29t1 cpe:/o:cisco:ios:12.4%287%29 cpe:/o:cisco:ios:12.4%287a%29 cpe:/o:cisco:ios:12.4%288%29 cpe:/o:cisco:ios:12.4%289%29t cpe:/o:cisco:ios:12.4%2823%29 cpe:/o:cisco:ios:12.4ja cpe:/o:cisco:ios:12.4jda cpe:/o:cisco:ios:12.4jk cpe:/o:cisco:ios:12.4jl cpe:/o:cisco:ios:12.4jma cpe:/o:cisco:ios:12.4jmb cpe:/o:cisco:ios:12.4jx cpe:/o:cisco:ios:12.4md cpe:/o:cisco:ios:12.4mr cpe:/o:cisco:ios:12.4sw cpe:/o:cisco:ios:12.4t cpe:/o:cisco:ios:12.4xa cpe:/o:cisco:ios:12.4xb cpe:/o:cisco:ios:12.4xc cpe:/o:cisco:ios:12.4xd cpe:/o:cisco:ios:12.4xe cpe:/o:cisco:ios:12.4xf cpe:/o:cisco:ios:12.4xg cpe:/o:cisco:ios:12.4xj cpe:/o:cisco:ios:12.4xk cpe:/o:cisco:ios:12.4xl cpe:/o:cisco:ios:12.4xm cpe:/o:cisco:ios:12.4xn cpe:/o:cisco:ios:12.4xp cpe:/o:cisco:ios:12.4xt cpe:/o:cisco:ios:12.4xv cpe:/o:cisco:ios:12.4xw cpe:/o:cisco:ios:12.4xy cpe:/o:cisco:ios_s:12.4 cpe:/o:cisco:ios_t:12.4 cpe:/o:cisco:ios_xr:12.4 CVE-2009-0637 2009-03-27T12:30:02.127-04:00 2017-08-29T11:14:21.607-04:00 7.1 NETWORK HIGH SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2017-08-28T12:30:20.227-04:00 SECTRACK 1021899 CONFIRM http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml CISCO 20090325 Cisco IOS Software Secure Copy Privilege Escalation Vulnerability BID 34247 VUPEN ADV-2009-0851 XF ios-scp-priv-escalation(49423) The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command. cpe:/h:cisco:firewall_services_module:2.1_%280.208%29 cpe:/h:cisco:firewall_services_module:2.2 cpe:/h:cisco:firewall_services_module:2.2%281%29 cpe:/h:cisco:firewall_services_module:2.3 cpe:/h:cisco:firewall_services_module:2.3%281%29 cpe:/h:cisco:firewall_services_module:3.1 cpe:/h:cisco:firewall_services_module:3.1%285%29 cpe:/h:cisco:firewall_services_module:3.1%286%29 cpe:/h:cisco:firewall_services_module:3.2 cpe:/h:cisco:firewall_services_module:3.2%281%29 cpe:/h:cisco:firewall_services_module:3.2%282%29 cpe:/h:cisco:firewall_services_module:3.2%283%29 cpe:/h:cisco:firewall_services_module:4.0 cpe:/h:cisco:firewall_services_module:4.0%284%29 CVE-2009-0638 2009-08-21T07:02:41.640-04:00 2017-08-16T21:29:56.973-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov SECTRACK 1022747 CISCO 20090819 Firewall Services Module Crafted ICMP Message Vulnerability BID 36085 VUPEN ADV-2009-2329 XF cisco-fwsm-icmp-dos(52591) The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP messages. cpe:/a:phpyabs:phpyabs:0.1.2 CVE-2009-0639 2009-02-18T11:30:00.343-05:00 2017-09-28T21:33:56.153-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33670 VUPEN ADV-2009-0361 EXPLOIT-DB 8005 PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter. cpe:/h:swannsecurity:dvr4-securanet:- CVE-2009-0640 2009-02-20T01:47:48.217-05:00 2018-10-10T15:29:57.403-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://packetstorm.linuxsecurity.com/0902-exploits/cctv-disclose.txt BUGTRAQ 20090210 Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well) BID 33716 Directory traversal vulnerability in the administrative web server in Swann DVR4-SecuraNet allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by reading the vy_netman.cfg file that contains passwords. cpe:/o:freebsd:freebsd:7.0 cpe:/o:freebsd:freebsd:7.0:beta_4 cpe:/o:freebsd:freebsd:7.0:current cpe:/o:freebsd:freebsd:7.0-release cpe:/o:freebsd:freebsd:7.0_beta4 cpe:/o:freebsd:freebsd:7.0_releng cpe:/o:freebsd:freebsd:7.1 cpe:/o:freebsd:freebsd:7.1:rc1 CVE-2009-0641 2009-02-20T01:47:48.250-05:00 2017-09-28T21:33:56.200-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS FULLDISC 20090214 FreeBSD zeroday FREEBSD FreeBSD-SA-09:05 BID 33777 XF freebsd-telnet-ldpreload-code-execution(48780) EXPLOIT-DB 8055 sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library. cpe:/a:ruby-lang:ruby:1.8 cpe:/a:ruby-lang:ruby:1.9 CVE-2009-0642 2009-02-20T01:47:48.297-05:00 2017-09-28T21:33:56.263-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528 CONFIRM http://redmine.ruby-lang.org/issues/show/1091 MANDRIVA MDVSA-2009:193 REDHAT RHSA-2009:1140 BID 33769 SECTRACK 1022505 UBUNTU USN-805-1 XF ruby-ocspbasicverify-spoofing(48761) ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. cpe:/a:dminnich:simple_php_news:1.0 CVE-2009-0643 2009-02-20T01:47:48.377-05:00 2017-09-28T21:33:56.327-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS VUPEN ADV-2009-0357 XF simplephpnews-news-code-execution(48829) EXPLOIT-DB 7999 Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party information. cpe:/h:swannsecurity:dvr4-securanet:- CVE-2009-0644 2009-02-18T14:30:00.187-05:00 2018-10-10T15:29:57.827-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://packetstorm.linuxsecurity.com/0902-exploits/cctv-disclose.txt BUGTRAQ 20090210 Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well) The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access. cpe:/a:jaws:jaws:0.8.8 CVE-2009-0645 2009-02-18T18:30:00.313-05:00 2017-09-28T21:33:56.373-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov MISC http://www.jaws-project.com/blog/show/jaws-089-released BID 33607 XF jaws-index-file-include(48476) EXPLOIT-DB 7976 Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445. cpe:/a:4site:4site_cms:2.6 CVE-2009-0646 2009-02-18T18:30:00.327-05:00 2018-10-10T15:29:58.047-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/ MISC http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html BUGTRAQ 20101019 SQL Injection in 4site CMS BID 33594 XF 4sitecms-pages-sql-injection(48483) XF 4sitecms-hotels-sql-injection(48486) XF 4sitecms-news-sql-injection(48487) XF 4sitecms-faq-sql-injection(48488) EXPLOIT-DB 7964 Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml. cpe:/a:microsoft:windows_live_messenger:2009 CVE-2009-0647 2009-02-19T11:30:00.563-05:00 2018-10-10T15:29:59.717-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov BUGTRAQ 20090218 RE: hello bug in windows live messenger BID 33825 VUPEN ADV-2009-0466 XF wlm-packets-dos(48810) msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown. cpe:/a:falt4:falt4_extreme:rc4 CVE-2009-0648 2009-02-19T11:30:00.577-05:00 2017-08-16T21:29:57.380-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://packetstorm.linuxsecurity.com/0902-exploits/falt4-cms-xsrf.txt XF falt4-admin-index-csrf(48786) Multiple cross-site request forgery (CSRF) vulnerabilities in the manage_users handler in admin/index.php in Falt4 CMS (aka Falt4 Extreme) RC4 allow remote attackers to hijack the authentication of administrators for requests that change passwords via the (1) edit and (2) edit_now actions. cpe:/a:nokia:symbian_s60_browser cpe:/h:nokia:n95 CVE-2009-0649 2009-02-20T13:30:00.390-05:00 2018-10-10T15:30:00.123-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov BUGTRAQ 20090213 Nokia N95 browser "setAttributeNode" method crash BID 33767 XF nokian95-setattributenode-dos(48763) EXPLOIT-DB 8051 The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method. cpe:/a:tptest:tptest:3.1.7 cpe:/a:tptest:tptest:5.0.2 CVE-2009-0650 2009-02-20T13:30:00.453-05:00 2017-09-28T21:33:56.827-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BID 33785 XF tptest-pwd-bo(48781) EXPLOIT-DB 8058 Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 and earlier, and possibly 5.02, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a STATS line with a long pwd field. NOTE: some of these details are obtained from third party information. cpe:/a:symantec:veritas_netbackup_server_%2fenterprise_server:5.1 cpe:/a:symantec:veritas_netbackup_server_%2fenterprise_server:5.1mp7 cpe:/a:symantec:veritas_netbackup_server_%2fenterprise_server:6.0 cpe:/a:symantec:veritas_netbackup_server_%2fenterprise_server:6.0mp7 cpe:/a:symantec:veritas_netbackup_server_%2fenterprise_server:6.5 cpe:/a:symantec:veritas_netbackup_server_%2fenterprise_server:6.5.2 CVE-2009-0651 2009-02-20T13:30:00.500-05:00 2017-08-16T21:29:57.537-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://securityresponse.symantec.com/avcenter/security/Content/2009.02.17.html CONFIRM http://seer.entsupport.symantec.com/docs/317828.htm SUNALERT 253287 BID 33772 SECTRACK 1021734 VUPEN ADV-2009-0461 VUPEN ADV-2009-1097 XF veritas-netbackup-vnetd-privilege-escalation(48795) Unspecified vulnerability in the Veritas network daemon (aka vnetd) in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup." cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.20 CVE-2009-0652 2009-02-20T14:30:00.250-05:00 2018-10-03T17:58:35.520-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov MLIST [dailydave] 20090219 SSL MITM fun. MLIST [dailydave] 20090220 SSL MITM fun. SUSE SUSE-SR:2009:010 REDHAT RHSA-2009:0437 MISC http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike DEBIAN DSA-1797 DEBIAN DSA-1830 MANDRIVA MDVSA-2009:111 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-15.html REDHAT RHSA-2009:0436 BID 33837 VUPEN ADV-2009-1125 XF mozilla-firefox-homoglyph-spoofing(48974) UBUNTU USN-764-1 MISC https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf FEDORA FEDORA-2009-3875 The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. cpe:/a:openssl:openssl:0.9.6 CVE-2009-0653 2009-02-20T14:30:00.280-05:00 2009-06-25T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-23T12:34:00.000-05:00 MISC http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike MISC https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. cpe:/a:tor:tor:0.2.0.1:alpha cpe:/a:tor:tor:0.2.0.2:alpha cpe:/a:tor:tor:0.2.0.3:alpha cpe:/a:tor:tor:0.2.0.4:alpha cpe:/a:tor:tor:0.2.0.5:alpha cpe:/a:tor:tor:0.2.0.6:alpha cpe:/a:tor:tor:0.2.0.7:alpha cpe:/a:tor:tor:0.2.0.8:alpha cpe:/a:tor:tor:0.2.0.9:alpha cpe:/a:tor:tor:0.2.0.10:alpha cpe:/a:tor:tor:0.2.0.11:alpha cpe:/a:tor:tor:0.2.0.12:alpha cpe:/a:tor:tor:0.2.0.13:alpha cpe:/a:tor:tor:0.2.0.14:alpha cpe:/a:tor:tor:0.2.0.15:alpha cpe:/a:tor:tor:0.2.0.16:alpha cpe:/a:tor:tor:0.2.0.17:alpha cpe:/a:tor:tor:0.2.0.18:alpha cpe:/a:tor:tor:0.2.0.19:alpha cpe:/a:tor:tor:0.2.0.20:alpha cpe:/a:tor:tor:0.2.0.21:alpha cpe:/a:tor:tor:0.2.0.22:alpha cpe:/a:tor:tor:0.2.0.23:alpha cpe:/a:tor:tor:0.2.0.24:alpha cpe:/a:tor:tor:0.2.0.25:alpha cpe:/a:tor:tor:0.2.0.26:alpha cpe:/a:tor:tor:0.2.0.27:alpha cpe:/a:tor:tor:0.2.0.28:alpha cpe:/a:tor:tor:0.2.0.29:alpha cpe:/a:tor:tor:0.2.0.30:alpha cpe:/a:tor:tor:0.2.0.31:alpha cpe:/a:tor:tor:0.2.0.32:alpha cpe:/a:tor:tor:0.2.0.34:alpha CVE-2009-0654 2009-02-20T14:30:00.313-05:00 2009-02-25T00:00:00.000-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-23T12:34:00.000-05:00 MISC http://blog.torproject.org/blog/one-cell-enough MISC http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu MISC http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve." cpe:/a:lenovo:veriface:iii CVE-2009-0655 2009-02-20T14:30:00.327-05:00 2017-08-16T21:29:57.660-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://security.bkis.vn/?p=292 MISC http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen MISC http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf BUGTRAQ 20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops BID 32700 XF lenovo-plainimage-unauth-access(48961) Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. cpe:/a:asus:smartlogon:1.0.0005 CVE-2009-0656 2009-02-20T14:30:00.360-05:00 2017-08-16T21:29:57.723-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://security.bkis.vn/?p=292 MISC http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen MISC http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf BUGTRAQ 20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops BID 32700 XF asus-image-security-bypass(48962) Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user. cpe:/h:toshiba:face_recognition:2.0.2.32 CVE-2009-0657 2009-02-20T14:30:00.377-05:00 2017-08-16T21:29:57.787-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://security.bkis.vn/?p=292 MISC http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen MISC http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf BUGTRAQ 20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops BID 32700 XF toshibaface-notebook-unauth-access(48963) Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user. cpe:/a:adobe:acrobat:7.0 cpe:/a:adobe:acrobat:7.0:-:pro cpe:/a:adobe:acrobat:7.0.1 cpe:/a:adobe:acrobat:7.0.2 cpe:/a:adobe:acrobat:7.0.3 cpe:/a:adobe:acrobat:7.0.4 cpe:/a:adobe:acrobat:7.0.5 cpe:/a:adobe:acrobat:7.0.6 cpe:/a:adobe:acrobat:7.0.7 cpe:/a:adobe:acrobat:7.0.8 cpe:/a:adobe:acrobat:7.0.9 cpe:/a:adobe:acrobat:7.1.0 cpe:/a:adobe:acrobat:7.1.1 cpe:/a:adobe:acrobat:8.0 cpe:/a:adobe:acrobat:8.0:-:pro cpe:/a:adobe:acrobat:8.0.0 cpe:/a:adobe:acrobat:8.1 cpe:/a:adobe:acrobat:8.1.1 cpe:/a:adobe:acrobat:8.1.2 cpe:/a:adobe:acrobat:8.1.2:-:pro cpe:/a:adobe:acrobat:8.1.3 cpe:/a:adobe:acrobat:8.1.3:-:pro cpe:/a:adobe:acrobat:8.1.4 cpe:/a:adobe:acrobat:9.0 cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat_reader:7.0.9 cpe:/a:adobe:acrobat_reader:7.1.0 cpe:/a:adobe:acrobat_reader:8.0 cpe:/a:adobe:acrobat_reader:8.1 cpe:/a:adobe:acrobat_reader:8.1.1 cpe:/a:adobe:acrobat_reader:8.1.2 cpe:/a:adobe:acrobat_reader:8.1.3 cpe:/a:adobe:acrobat_reader:8.1.4 cpe:/a:adobe:acrobat_reader:9.0 CVE-2009-0658 2009-02-20T14:30:00.390-05:00 2019-09-27T12:48:23.890-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2019-09-27T11:11:02.357-04:00 MISC http://isc.sans.org/diary.html?n&storyid=5902 SUSE SUSE-SA:2009:014 SUSE SUSE-SR:2009:009 GENTOO GLSA-200904-17 SUNALERT 256788 CONFIRM http://www.adobe.com/support/security/advisories/apsa09-01.html CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-04.html CERT-VN VU#905281 REDHAT RHSA-2009:0376 BID 33751 SECTRACK 1021739 MISC http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 MISC http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2 CERT TA09-051A FRSIRT ADV-2009-0472 VUPEN ADV-2009-1019 XF adobe-acrobat-reader-image-bo(48825) EXPLOIT-DB 8090 EXPLOIT-DB 8099 Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E. cpe:/a:tptest:tptest:3.1.7 CVE-2009-0659 2009-02-20T14:30:00.407-05:00 2017-08-16T21:29:57.910-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov XF tptest-pwd-bo(48781) XF tptest-getstatsfromline-bo(48953) Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:mahara:mahara:1.0.0 cpe:/a:mahara:mahara:1.0.1 cpe:/a:mahara:mahara:1.0.2 cpe:/a:mahara:mahara:1.0.3 cpe:/a:mahara:mahara:1.0.4 cpe:/a:mahara:mahara:1.0.5 cpe:/a:mahara:mahara:1.0.6 cpe:/a:mahara:mahara:1.0.7 cpe:/a:mahara:mahara:1.0.8 cpe:/a:mahara:mahara:1.0.9 cpe:/a:mahara:mahara:1.1.0 cpe:/a:mahara:mahara:1.1.0:alpha1 cpe:/a:mahara:mahara:1.1.0:alpha2 cpe:/a:mahara:mahara:1.1.0:alpha3 cpe:/a:mahara:mahara:1.1.0:beta1 cpe:/a:mahara:mahara:1.1.0:beta2 cpe:/a:mahara:mahara:1.1.0:beta3 cpe:/a:mahara:mahara:1.1.0:beta4 cpe:/a:mahara:mahara:1.1.0:rc1 cpe:/a:mahara:mahara:1.1.0:rc2 cpe:/a:mahara:mahara:1.1.1 CVE-2009-0660 2009-03-11T10:19:15.313-04:00 2017-08-16T21:29:57.957-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://mahara.org/interaction/forum/topic.php?id=350 CONFIRM http://wiki.mahara.org/Release_Notes/1.1.2 DEBIAN DSA-1736 BID 34064 VUPEN ADV-2009-0665 XF mahara-userprofile-xss(49168) Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487. cpe:/a:flashtux:weechat:0.2.6 CVE-2009-0661 2009-03-19T06:30:00.390-04:00 2017-08-16T21:29:58.020-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940 CONFIRM http://savannah.nongnu.org/bugs/index.php?25862 CONFIRM http://weechat.flashtux.org/ DEBIAN DSA-1744 MLIST [oss-security] 20090317 Re: CVE request -- firefox, vlc, WeeChat BID 34148 VUPEN ADV-2009-0758 XF weechat-ircmessage-dos(49295) Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read. cpe:/a:plone:plonepas:3.0 cpe:/a:plone:plonepas:3.1 cpe:/a:plone:plonepas:3.2 cpe:/a:plone:plonepas:3.3 cpe:/a:plone:plonepas:3.4 cpe:/a:plone:plonepas:3.5 CVE-2009-0662 2009-04-23T13:30:01.640-04:00 2017-08-16T21:29:58.083-04:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://plone.org/products/plone/security/advisories/cve-2009-0662 BID 34664 XF plone-unspecified-session-hijacking(50061) The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors. cpe:/a:cmu:dbd%3a%3apg:1.49 CVE-2009-0663 2009-04-30T16:30:00.187-04:00 2017-09-28T21:33:57.170-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS SUSE SUSE-SR:2009:012 CONFIRM http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz DEBIAN DSA-1780 REDHAT RHSA-2009:0479 REDHAT RHSA-2009:1067 BID 34755 XF libdbdpgperl-unspecified-bo(50467) MISC https://launchpad.net/bugs/cve/2009-0663 Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. cpe:/a:mahara:mahara:1.0.0 cpe:/a:mahara:mahara:1.0.1 cpe:/a:mahara:mahara:1.0.2 cpe:/a:mahara:mahara:1.0.3 cpe:/a:mahara:mahara:1.0.4 cpe:/a:mahara:mahara:1.0.5 cpe:/a:mahara:mahara:1.0.6 cpe:/a:mahara:mahara:1.0.7 cpe:/a:mahara:mahara:1.0.8 cpe:/a:mahara:mahara:1.0.9 cpe:/a:mahara:mahara:1.0.10 cpe:/a:mahara:mahara:1.1.0:alpha1 cpe:/a:mahara:mahara:1.1.0:alpha2 cpe:/a:mahara:mahara:1.1.0:alpha3 cpe:/a:mahara:mahara:1.1.0:beta1 cpe:/a:mahara:mahara:1.1.0:beta2 cpe:/a:mahara:mahara:1.1.0:beta3 cpe:/a:mahara:mahara:1.1.0:beta4 cpe:/a:mahara:mahara:1.1.0:rc1 cpe:/a:mahara:mahara:1.1.0:rc2 cpe:/a:mahara:mahara:1.1.1 cpe:/a:mahara:mahara:1.1.2 CVE-2009-0664 2009-04-23T13:30:01.670-04:00 2009-04-29T01:28:36.063-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://mahara.org/interaction/forum/topic.php?id=532 DEBIAN DSA-1778 BID 34677 Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0 cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0:beta cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1 cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2 cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3 cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1 cpe:/a:ocsinventory-ng:ocsinventory-agent:0.0.9.2 cpe:/a:ocsinventory-ng:ocsinventory-agent:0.05 cpe:/a:ocsinventory-ng:ocsinventory-agent:0.08 cpe:/a:ocsinventory-ng:ocsinventory-agent:0.09 CVE-2009-0667 2009-07-09T13:30:00.377-04:00 2009-07-10T00:00:00.000-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-07-09T15:13:00.000-04:00 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416 CONFIRM http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz CONFIRM http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz DEBIAN DSA-1828 CONFIRM http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=144 BID 35593 VUPEN ADV-2009-1809 Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory. cpe:/a:zope:zodb:2.8.11 cpe:/a:zope:zodb:2.9.11 cpe:/a:zope:zodb:2.10.9 cpe:/a:zope:zodb:2.11.4 cpe:/a:zope:zodb:3.1 cpe:/a:zope:zodb:3.1.1 cpe:/a:zope:zodb:3.2 cpe:/a:zope:zodb:3.2.4 cpe:/a:zope:zodb:3.3 cpe:/a:zope:zodb:3.3.3 cpe:/a:zope:zodb:3.4 cpe:/a:zope:zodb:3.4.1 cpe:/a:zope:zodb:3.5 cpe:/a:zope:zodb:3.6 cpe:/a:zope:zodb:3.7 cpe:/a:zope:zodb:3.8.0 cpe:/a:zope:zodb:3.8.1 CVE-2009-0668 2009-08-07T15:30:00.203-04:00 2017-08-16T21:29:58.193-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MLIST [zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities CONFIRM http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2 BID 35987 VUPEN ADV-2009-2217 XF zope-protocol-code-execution(52377) Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol. cpe:/a:zope:zodb:3.8 cpe:/a:zope:zodb:3.8.0 cpe:/a:zope:zodb:3.8.1 CVE-2009-0669 2009-08-07T15:30:00.233-04:00 2017-08-16T21:29:58.240-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov MLIST [zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities CONFIRM http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2 BID 35987 VUPEN ADV-2009-2217 XF zope-protocol-auth-bypass(52379) Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. CVE-2009-0671 2009-02-22T17:30:00.860-05:00 2009-02-26T02:08:04.937-05:00 ** REJECT ** Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp). NOTE: Red Hat has disputed the vulnerability, stating "The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional." CVE agrees that the exploit contains syntax errors and uses Unix-only include files while invoking Windows functions. cpe:/a:ravenphpscripts:ravennuke:2.30 CVE-2009-0672 2009-02-22T17:30:00.890-05:00 2018-10-10T15:30:00.547-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://ravenphpscripts.com/postt17156.html BUGTRAQ 20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0 BID 33787 MISC http://www.waraxe.us/advisory-72.html XF ravennuke-modules-sql-injection(48791) EXPLOIT-DB 8068 SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php. cpe:/a:ravenphpscripts:ravennuke:2.30 CVE-2009-0673 2009-02-22T17:30:00.907-05:00 2018-10-10T15:30:01.170-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://ravenphpscripts.com/postt17156.html BUGTRAQ 20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0 BID 33787 MISC http://www.waraxe.us/advisory-72.html XF ravennuke-admin-code-execution(48790) EXPLOIT-DB 8068 Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php. cpe:/a:ravenphpscripts:ravennuke:2.30 CVE-2009-0674 2009-02-22T17:30:00.920-05:00 2018-10-10T15:30:01.873-04:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://ravenphpscripts.com/postt17156.html BUGTRAQ 20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0 BID 33787 MISC http://www.waraxe.us/advisory-72.html XF ravennuke-captcha-info-disclosure(48792) XF ravennuke-captcha-afonts-info-disclosure(48983) EXPLOIT-DB 8068 images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames. cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.9 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.12 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24:rc1 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.24:rc4 cpe:/o:linux:linux_kernel:2.6.24:rc5 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.25.18 cpe:/o:linux:linux_kernel:2.6.25.19 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.26:rc4 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.26.6 cpe:/o:linux:linux_kernel:2.6.26.7 cpe:/o:linux:linux_kernel:2.6.26.8 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27:rc1 cpe:/o:linux:linux_kernel:2.6.27:rc2 cpe:/o:linux:linux_kernel:2.6.27:rc3 cpe:/o:linux:linux_kernel:2.6.27:rc4 cpe:/o:linux:linux_kernel:2.6.27:rc5 cpe:/o:linux:linux_kernel:2.6.27:rc6 cpe:/o:linux:linux_kernel:2.6.27:rc7 cpe:/o:linux:linux_kernel:2.6.27:rc8 cpe:/o:linux:linux_kernel:2.6.27:rc9 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28:rc1 cpe:/o:linux:linux_kernel:2.6.28:rc2 cpe:/o:linux:linux_kernel:2.6.28:rc3 cpe:/o:linux:linux_kernel:2.6.28:rc4 cpe:/o:linux:linux_kernel:2.6.28:rc5 cpe:/o:linux:linux_kernel:2.6.28:rc6 cpe:/o:linux:linux_kernel:2.6.28:rc7 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.28.2 cpe:/o:linux:linux_kernel:2.6.28.3 cpe:/o:linux:linux_kernel:2.6.28.4 cpe:/o:linux:linux_kernel:2.6.28.5 CVE-2009-0675 2009-02-22T17:30:00.953-05:00 2018-10-10T15:30:02.733-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c25b9abbc2c2c0da88e180c3933d6e773245815a SUSE SUSE-SA:2009:031 MLIST [netdev] 20090128 [PATCH] drivers/net/skfp: if !capable(CAP_NET_ADMIN): inverted logic MLIST [oss-security] 20090220 CVE request: kernel: skfp_ioctl inverted logic flaw DEBIAN DSA-1749 DEBIAN DSA-1787 DEBIAN DSA-1794 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6 MANDRIVA MDVSA-2009:071 REDHAT RHSA-2009:0326 REDHAT RHSA-2009:0360 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components UBUNTU USN-751-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-3316 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=486534 The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.9 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.12 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24:rc1 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.24:rc4 cpe:/o:linux:linux_kernel:2.6.24:rc5 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.25.18 cpe:/o:linux:linux_kernel:2.6.25.19 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.26:rc4 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.26.6 cpe:/o:linux:linux_kernel:2.6.26.7 cpe:/o:linux:linux_kernel:2.6.26.8 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27:rc1 cpe:/o:linux:linux_kernel:2.6.27:rc2 cpe:/o:linux:linux_kernel:2.6.27:rc3 cpe:/o:linux:linux_kernel:2.6.27:rc4 cpe:/o:linux:linux_kernel:2.6.27:rc5 cpe:/o:linux:linux_kernel:2.6.27:rc6 cpe:/o:linux:linux_kernel:2.6.27:rc7 cpe:/o:linux:linux_kernel:2.6.27:rc8 cpe:/o:linux:linux_kernel:2.6.27:rc9 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28:rc1 cpe:/o:linux:linux_kernel:2.6.28:rc2 cpe:/o:linux:linux_kernel:2.6.28:rc3 cpe:/o:linux:linux_kernel:2.6.28:rc4 cpe:/o:linux:linux_kernel:2.6.28:rc5 cpe:/o:linux:linux_kernel:2.6.28:rc6 cpe:/o:linux:linux_kernel:2.6.28:rc7 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.28.2 cpe:/o:linux:linux_kernel:2.6.28.3 cpe:/o:linux:linux_kernel:2.6.28.4 cpe:/o:linux:linux_kernel:2.6.28.5 CVE-2009-0676 2009-02-22T17:30:00.967-05:00 2018-10-10T15:30:08.407-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da SUSE SUSE-SA:2009:021 SUSE SUSE-SA:2009:030 SUSE SUSE-SA:2009:031 MLIST [linux-kernel] 20090212 [PATCH] 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2 MLIST [linux-kernel] 20090223 net: amend the fix for SO_BSDCOMPAT gsopt infoleak MLIST [oss-security] 20090220 CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt CONFIRM http://patchwork.kernel.org/patch/6816/ REDHAT RHSA-2009:0459 DEBIAN DSA-1749 DEBIAN DSA-1787 DEBIAN DSA-1794 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6 MANDRIVA MDVSA-2009:071 MLIST [oss-security] 20090224 Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt MLIST [oss-security] 20090302 Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt REDHAT RHSA-2009:0326 REDHAT RHSA-2009:0360 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 33846 UBUNTU USN-751-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-3316 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=486305 XF kernel-sock-information-disclosure(48847) The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. cpe:/a:ravenphpscripts:ravennuke:2.30 CVE-2009-0677 2009-02-22T17:30:00.983-05:00 2018-10-10T15:30:17.047-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://ravenphpscripts.com/postt17156.html&sid=12d1201371612260a42fa846ebce7bad BUGTRAQ 20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0 BID 33787 MISC http://www.waraxe.us/advisory-72.html XF ravennuke-avatarlist-code-execution(48789) EXPLOIT-DB 8068 avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array. cpe:/a:ravenphpscripts:ravennuke:2.30 CVE-2009-0678 2009-02-22T17:30:01.017-05:00 2018-10-10T15:30:17.797-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://ravenphpscripts.com/postt17156.html BUGTRAQ 20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0 MISC http://www.waraxe.us/advisory-72.html XF ravennuke-captcha-info-disclosure(48792) EXPLOIT-DB 8068 images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message. cpe:/a:ravenphpscripts:ravennuke:2.30 CVE-2009-0679 2009-02-22T17:30:01.030-05:00 2017-08-16T21:29:58.757-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://ravenphpscripts.com/postt17156.html XF ravennuke-youraccount-xss(48978) Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/h:netgear:ssl312:- CVE-2009-0680 2009-02-22T17:30:01.047-05:00 2017-09-28T21:33:57.810-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov FULLDISC 20090208 Netgear SSL312 Router - remote DoS MISC http://www.helith.net/txt/netgear_ssl312_remote_dos.txt BID 33675 XF netgear-ssl312-dos(48605) EXPLOIT-DB 8008 cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. cpe:/a:pgp:desktop:8.0::home cpe:/a:pgp:desktop:8.0::pro cpe:/a:pgp:desktop:9.0::home cpe:/a:pgp:desktop:9.0::professional cpe:/a:pgp:desktop:9.0.6:-:home cpe:/a:pgp:desktop:9.0.6:-:pro cpe:/a:pgp:desktop:9.9.0:-:home cpe:/a:pgp:desktop:9.9.0:-:pro CVE-2009-0681 2009-04-15T06:30:00.280-04:00 2018-10-10T15:30:18.313-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://en.securitylab.ru/lab/PT-2009-01 BUGTRAQ 20090413 [Suspected Spam][Positive Technologies SA 2009-01] PGP Desktop Pgpdisk.sys And Pgpwded.sys Multiple Vulnerabilities SECTRACK 1022034 MISC https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1014&p_topview=1 PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys. cpe:/a:ca:internet_security_suite::r3 cpe:/a:ca:internet_security_suite:9.0.0.184:r4:32bit cpe:/a:ca:internet_security_suite:10.0.0.217:r5:32bit CVE-2009-0682 2009-08-19T13:30:00.890-04:00 2018-10-10T15:30:18.670-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov MISC http://en.securitylab.ru/lab/PT-2009-05 BUGTRAQ 20090818 CA20090818-02: Security Notice for CA Internet Security Suite BUGTRAQ 20090826 [PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability CONFIRM https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214673 vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call. cpe:/a:trendmicro:internet_security:2008 cpe:/a:trendmicro:internet_security:2008:-:pro cpe:/a:trendmicro:internet_security:2009 cpe:/a:trendmicro:internet_security:2009:-:pro CVE-2009-0686 2009-04-01T06:30:00.250-04:00 2018-10-10T15:30:19.140-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://en.securitylab.ru/lab/PT-2009-09 MISC http://milw0rm.com/sploits/2009-trendmicro_local_expl_0day.zip BUGTRAQ 20090331 [Positive Technologies SA 2009-09] Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities BID 34304 SECTRACK 1021955 XF trend-tmactmon-privilege-escalation(49513) EXPLOIT-DB 8322 The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory. cpe:/o:midnightbsd:midnightbsd:0.3-current cpe:/o:mirbsd:miros:10 cpe:/o:netbsd:netbsd:5.0 cpe:/o:openbsd:openbsd:4.2 cpe:/o:openbsd:openbsd:4.3 cpe:/o:openbsd:openbsd:4.4 cpe:/o:openbsd:openbsd:4.5 CVE-2009-0687 2009-08-11T06:30:00.217-04:00 2017-09-28T21:33:57.933-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov MISC ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch NETBSD NetBSD-SA2009-001 MISC http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt OPENBSD [4.3] 013: RELIABILITY FIX: April 11, 2009 OPENBSD [4.4] 013: RELIABILITY FIX: April 11, 2009 OPENBSD [4.5] 002: RELIABILITY FIX: April 11, 2009 BUGTRAQ 20090413 OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic) VUPEN ADV-2009-1015 XF openbsd-packetfilter-dos(49837) EXPLOIT-DB 8406 EXPLOIT-DB 8581 The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload. cpe:/a:carnegie_mellon_university:cyrus-sasl:1.4.1 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.0 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.2 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.3 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.5 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.10 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.11 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.13 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.15 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.16 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.20 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.21 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.22 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.23 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.24 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.26 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.27 cpe:/a:carnegie_mellon_university:cyrus-sasl:1.5.28 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.0 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.1 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.2 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.3 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.4 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.0.5 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.0 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.1 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.2 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.3 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.5 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.6 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.7 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.8 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.9 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.10 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.11 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.12 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.13 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.14 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.15 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.16 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.17 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.18 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.19 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.20 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.21 cpe:/a:carnegie_mellon_university:cyrus-sasl:2.1.22 CVE-2009-0688 2009-05-15T11:30:00.187-04:00 2017-09-28T21:33:58.027-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz APPLE APPLE-SA-2010-03-29-1 SUSE SUSE-SR:2009:011 GENTOO GLSA-200907-09 SLACKWARE SSA:2009-134-01 SUNALERT 259148 SUNALERT 264248 SUNALERT 273910 SUNALERT 1020755 SUNALERT 1021699 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091 DEBIAN DSA-1807 CERT-VN VU#238019 MANDRIVA MDVSA-2009:113 CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html REDHAT RHSA-2009:1116 BID 34961 SECTRACK 1022231 UBUNTU USN-790-1 CERT TA10-103B VUPEN ADV-2009-1313 VUPEN ADV-2009-2012 XF solaris-sasl-saslencode64-bo(50554) Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. cpe:/a:k-meleon_project:k-meleon:1.5.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/o:freebsd:freebsd:6.4 cpe:/o:freebsd:freebsd:6.4:release cpe:/o:freebsd:freebsd:6.4:release_p2 cpe:/o:freebsd:freebsd:6.4:release_p3 cpe:/o:freebsd:freebsd:6.4:release_p4 cpe:/o:freebsd:freebsd:6.4:release_p5 cpe:/o:freebsd:freebsd:6.4:stable cpe:/o:freebsd:freebsd:7.2 cpe:/o:freebsd:freebsd:7.2:pre-release cpe:/o:freebsd:freebsd:7.2:stable cpe:/o:netbsd:netbsd:5.0 cpe:/o:openbsd:openbsd:4.5 CVE-2009-0689 2009-07-01T09:00:01.360-04:00 2018-11-02T06:29:00.757-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h APPLE APPLE-SA-2010-03-29-1 APPLE APPLE-SA-2010-06-21-1 SUSE SUSE-SR:2009:018 SUSE SUSE-SR:2010:013 REDHAT RHSA-2014:0311 REDHAT RHSA-2014:0312 SREASONRES 20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun SREASONRES 20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities SREASONRES 20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) SREASONRES 20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) SREASONRES 20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution) SREASONRES 20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) SREASONRES 20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) SREASONRES 20091211 Sunbird 0.9 Array Overrun (code execution) SREASONRES 20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution) SREASONRES 20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow SECTRACK 1022478 SUNALERT 272909 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://support.apple.com/kb/HT4225 MANDRIVA MDVSA-2009:294 MANDRIVA MDVSA-2009:330 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-59.html CONFIRM http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c CONFIRM http://www.opera.com/support/kb/view/942/ REDHAT RHSA-2009:1601 REDHAT RHSA-2010:0153 REDHAT RHSA-2010:0154 BUGTRAQ 20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) BUGTRAQ 20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) BUGTRAQ 20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) BUGTRAQ 20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) BID 35510 UBUNTU USN-915-1 VUPEN ADV-2009-3297 VUPEN ADV-2009-3299 VUPEN ADV-2009-3334 VUPEN ADV-2010-0094 VUPEN ADV-2010-0648 VUPEN ADV-2010-0650 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=516396 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=516862 MLIST [debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. cpe:/a:foxitsoftware:foxit_reader:3.0 cpe:/a:foxitsoftware:foxit_reader:3.0.2009.1301 cpe:/a:foxitsoftware:jpeg2000%2fjbig2_decoder_add-on:2.0.2009.303 CVE-2009-0690 2009-06-23T17:30:00.187-04:00 2009-06-24T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-06-24T08:27:00.000-04:00 SECTRACK 1022425 CONFIRM http://www.foxitsoftware.com/pdf/reader/security.htm#0602 CERT-VN VU#251793 BID 35442 VUPEN ADV-2009-1640 The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read. cpe:/a:foxitsoftware:foxit_reader:3.0 cpe:/a:foxitsoftware:jpeg2000_jbig2_decoder_add-on:2.0.2009.303 CVE-2009-0691 2009-06-23T17:30:00.233-04:00 2009-06-26T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-06-24T08:40:00.000-04:00 SECTRACK 1022425 CONFIRM http://www.foxitsoftware.com/pdf/reader/security.htm#0602 CERT-VN VU#251793 BID 35443 VUPEN ADV-2009-1640 The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access. cpe:/a:isc:dhcp:2.0 cpe:/a:isc:dhcp:3.0 cpe:/a:isc:dhcp:3.1 cpe:/a:isc:dhcp:4.0 cpe:/a:isc:dhcp:4.1.0 CVE-2009-0692 2009-07-14T16:30:00.217-04:00 2017-09-28T21:33:58.310-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov NETBSD NetBSD-SA2009-010 HP SSRT100018 SUSE SUSE-SA:2009:037 GENTOO GLSA-200907-12 SLACKWARE SSA:2009-195-01 DEBIAN DSA-1833 CERT-VN VU#410676 MANDRIVA MDVSA-2009:151 REDHAT RHSA-2009:1136 REDHAT RHSA-2009:1154 BID 35668 SECTRACK 1022548 UBUNTU USN-803-1 VUPEN ADV-2009-1891 VUPEN ADV-2010-1796 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=507717 CONFIRM https://www.isc.org/downloadables/12 CONFIRM https://www.isc.org/node/468 FEDORA FEDORA-2009-8344 FEDORA FEDORA-2009-9075 Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. cpe:/a:dell:wyse_device_manager:4.7.0 cpe:/a:dell:wyse_device_manager:4.7.1 cpe:/a:dell:wyse_device_manager:4.7.2 CVE-2009-0693 2012-06-19T16:55:02.037-04:00 2012-06-20T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-06-20T09:49:00.000-04:00 FULLDISC 20090710 'Secure' Wyse thin clients vulnerable to remote exploit bugs CERT-VN VU#654545 MISC http://www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/ MISC http://www.wyse.com/serviceandsupport/Wyse%20Security%20Bulletin%20WSB09-01.pdf Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe. cpe:/a:dell:wyse_device_manager:4.7.0 cpe:/a:dell:wyse_device_manager:4.7.1 cpe:/a:dell:wyse_device_manager:4.7.2 CVE-2009-0695 2012-06-19T16:55:02.630-04:00 2012-06-26T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-06-20T09:47:00.000-04:00 FULLDISC 20090710 'Secure' Wyse thin clients vulnerable to remote exploit bugs EXPLOIT-DB 19137 CERT-VN VU#654545 MISC http://www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/ MISC http://www.wyse.com/serviceandsupport/Wyse%20Security%20Bulletin%20WSB09-01.pdf hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action. cpe:/a:isc:bind:9.4 cpe:/a:isc:bind:9.4.0 cpe:/a:isc:bind:9.4.0:a1 cpe:/a:isc:bind:9.4.0:a2 cpe:/a:isc:bind:9.4.0:a3 cpe:/a:isc:bind:9.4.0:a4 cpe:/a:isc:bind:9.4.0:a5 cpe:/a:isc:bind:9.4.0:a6 cpe:/a:isc:bind:9.4.0:b1 cpe:/a:isc:bind:9.4.0:b2 cpe:/a:isc:bind:9.4.0:b3 cpe:/a:isc:bind:9.4.0:b4 cpe:/a:isc:bind:9.4.0:rc1 cpe:/a:isc:bind:9.4.0:rc2 cpe:/a:isc:bind:9.4.1 cpe:/a:isc:bind:9.4.2 cpe:/a:isc:bind:9.4.2:rc1 cpe:/a:isc:bind:9.4.2:rc2 cpe:/a:isc:bind:9.4.3 cpe:/a:isc:bind:9.4.3:b1 cpe:/a:isc:bind:9.4.3:b2 cpe:/a:isc:bind:9.4.3:b3 cpe:/a:isc:bind:9.4.3:p2 cpe:/a:isc:bind:9.5 cpe:/a:isc:bind:9.5.0 cpe:/a:isc:bind:9.5.0:a1 cpe:/a:isc:bind:9.5.0:a2 cpe:/a:isc:bind:9.5.0:a3 cpe:/a:isc:bind:9.5.0:a4 cpe:/a:isc:bind:9.5.0:a5 cpe:/a:isc:bind:9.5.0:a6 cpe:/a:isc:bind:9.5.0:a7 cpe:/a:isc:bind:9.5.0:b1 cpe:/a:isc:bind:9.5.0:b2 cpe:/a:isc:bind:9.5.0:b3 cpe:/a:isc:bind:9.5.0:p1 cpe:/a:isc:bind:9.5.0:p2 cpe:/a:isc:bind:9.5.0:p2_w1 cpe:/a:isc:bind:9.5.0:p2_w2 cpe:/a:isc:bind:9.6::~~esv~~~ cpe:/a:isc:bind:9.6:r1:~~esv~~~ cpe:/a:isc:bind:9.6:r2:~~esv~~~ cpe:/a:isc:bind:9.6:r3:~~esv~~~ cpe:/a:isc:bind:9.6:r4:~~esv~~~ cpe:/a:isc:bind:9.6:r4_p1:~~esv~~~ cpe:/a:isc:bind:9.6:r5:~~esv~~~ cpe:/a:isc:bind:9.6:r5_b1:~~esv~~~ cpe:/a:isc:bind:9.6:r5_p1:~~esv~~~ cpe:/a:isc:bind:9.6:r6:~~esv~~~ cpe:/a:isc:bind:9.6:r6_b1:~~esv~~~ cpe:/a:isc:bind:9.6:r6_rc1:~~esv~~~ cpe:/a:isc:bind:9.6:r6_rc2:~~esv~~~ cpe:/a:isc:bind:9.6:r7:~~esv~~~ cpe:/a:isc:bind:9.6:r7_p1:~~esv~~~ cpe:/a:isc:bind:9.6:r7_p2:~~esv~~~ cpe:/a:isc:bind:9.6:r9:~~esv~~~ cpe:/a:isc:bind:9.6:r9_p1:~~esv~~~ cpe:/a:isc:bind:9.6.0 cpe:/a:isc:bind:9.6.0:a1 cpe:/a:isc:bind:9.6.0:b1 cpe:/a:isc:bind:9.6.0:p1 cpe:/a:isc:bind:9.6.0:rc1 cpe:/a:isc:bind:9.6.0:rc2 cpe:/a:isc:bind:9.6.1 cpe:/a:isc:bind:9.6.1:b1 CVE-2009-0696 2009-07-29T13:30:00.920-04:00 2018-10-10T15:30:29.000-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov NETBSD NetBSD-SA2009-013 CONFIRM ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt CONFIRM http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 SUNALERT 264828 SUNALERT 1020788 CONFIRM http://up2date.astaro.com/2009/08/up2date_7505_released.html CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0113 CERT-VN VU#725188 OPENBSD [4.4] 014: RELIABILITY FIX: July 29, 2009 BUGTRAQ 20090729 rPSA-2009-0113-1 bind bind-utils BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components SECTRACK 1022613 SLACKWARE SSA:2009-210-01 UBUNTU USN-808-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-2036 VUPEN ADV-2009-2088 VUPEN ADV-2009-2171 VUPEN ADV-2009-2247 VUPEN ADV-2009-3316 CONFIRM https://www.isc.org/node/474 FEDORA FEDORA-2009-8119 The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. cpe:/a:xine:xine-lib:1.1.16.1 CVE-2009-0698 2009-02-23T10:30:04.110-05:00 2018-10-10T15:30:34.780-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://bugs.xine-project.org/show_bug.cgi?id=205 SUSE SUSE-SR:2009:009 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=660071 MANDRIVA MDVSA-2009:298 MANDRIVA MDVSA-2009:299 BUGTRAQ 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability MISC http://www.trapkit.de/advisories/TKADV2009-004.txt UBUNTU USN-746-1 XF xinelib-4xmdemuxer-code-execution(48954) Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. cpe:/a:plunet:business_manager:4.1 CVE-2009-0699 2009-02-23T10:30:04.127-05:00 2017-08-16T21:29:59.177-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090107 Plunet BusinessManager failure in access controls and multiple stored cross site scripting BUGTRAQ 20090109 Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting MISC http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt BID 33153 XF businessmanager-qub-bez74-xss(47795) Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters. cpe:/a:plunet:business_manager:4.1 CVE-2009-0700 2009-02-23T10:30:04.140-05:00 2017-08-16T21:29:59.240-04:00 4.0 NETWORK LOW SINGLE_INSTANCE PARTIAL NONE NONE http://nvd.nist.gov BUGTRAQ 20090107 Plunet BusinessManager failure in access controls and multiple stored cross site scripting BUGTRAQ 20090109 Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting MISC http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt BID 33153 XF businessmanager-multiple-security-bypass(47794) Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp. cpe:/a:cybershade:cybershadecms:0.2b CVE-2009-0701 2009-02-23T10:30:04.170-05:00 2017-09-28T21:33:58.467-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33101 XF cybershadecms-index-file-include(47725) EXPLOIT-DB 7668 Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters. cpe:/a:phoca:com_phocadocumentation:- CVE-2009-0702 2009-02-23T10:30:04.187-05:00 2017-09-28T21:33:58.527-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33114 VUPEN ADV-2009-0026 EXPLOIT-DB 7670 SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php. cpe:/a:aspthai.net:aspthai.net_webboard:6.0 CVE-2009-0703 2009-02-23T10:30:04.203-05:00 2017-09-28T21:33:58.590-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33084 XF webboard-bview-sql-injection(47722) EXPLOIT-DB 7635 SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:webmastersite:wsn_guest:1.23 CVE-2009-0704 2009-02-23T10:30:04.217-05:00 2017-09-28T21:33:58.637-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33097 XF wsnguest-search-sql-injection(47723) EXPLOIT-DB 7659 SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action. cpe:/a:powerscripts:powernews:2.5.4 CVE-2009-0705 2009-02-23T10:30:04.250-05:00 2017-09-28T21:33:58.687-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33081 XF powernews-news-sql-injection(47701) EXPLOIT-DB 7641 SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter. cpe:/a:simple-review:com_simple_review:1.3.5 CVE-2009-0706 2009-02-23T10:30:04.267-05:00 2017-08-16T21:29:59.520-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov MISC http://packetstormsecurity.org/0901-exploits/joomlasimplereview-sql.txt BID 33102 XF simplereview-index-sql-injection(47726) SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. cpe:/a:powerscripts:powerclan:1.14a CVE-2009-0707 2009-02-23T10:30:04.280-05:00 2017-09-28T21:33:58.747-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33083 XF powerclan-index-sql-injection(47702) EXPLOIT-DB 7642 SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information. cpe:/a:semanticscuttle:semanticscuttle:0.85 cpe:/a:semanticscuttle:semanticscuttle:0.86 cpe:/a:semanticscuttle:semanticscuttle:0.87 cpe:/a:semanticscuttle:semanticscuttle:0.88 cpe:/a:semanticscuttle:semanticscuttle:0.89 cpe:/a:semanticscuttle:semanticscuttle:0.90 CVE-2009-0708 2009-02-23T10:30:04.313-05:00 2012-01-05T00:00:00.000-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-24T10:31:00.000-05:00 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=651587 Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page. cpe:/a:vlad_alexa_mancini:phpfootball:1.6 CVE-2009-0709 2009-02-23T10:30:04.327-05:00 2017-08-16T21:29:59.630-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov XF phpfootball-login-sql-injection(47720) SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:vlad_alexa_mancini:phpfootball:1.6 CVE-2009-0710 2009-02-23T10:30:04.343-05:00 2017-08-16T21:29:59.693-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov XF phpfootball-filter-xss(47719) XF phpfootball-login-xss(47721) Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the user parameter to login.php or (2) the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:vlad_alexa_mancini:phpfootball:1.5 cpe:/a:vlad_alexa_mancini:phpfootball:1.6 CVE-2009-0711 2009-02-23T10:30:04.360-05:00 2017-09-28T21:33:58.793-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov EXPLOIT-DB 7636 filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown. cpe:/a:hp:wmi_mapper CVE-2009-0712 2009-03-11T10:19:15.327-04:00 2009-03-21T01:54:52.327-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS HP SSRT080040 HP HPSBMA02413 BID 34078 SECTRACK 1021835 VUPEN ADV-2009-0671 Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors. cpe:/a:hp:systems_insight_manager:2.5 CVE-2009-0713 2009-03-11T10:19:15.360-04:00 2009-03-21T01:54:52.453-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov HP SSRT080040 HP HPSBMA02413 BID 34078 SECTRACK 1021836 VUPEN ADV-2009-0671 Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors. cpe:/a:hp:data_protector_express:3.5:sp1 cpe:/a:hp:data_protector_express:3.5:sp2 cpe:/a:hp:data_protector_express:3.5:sp2:~~sse~~~ cpe:/a:hp:data_protector_express:4.0:sp1 cpe:/a:hp:data_protector_express:4.0:sp1:~~sse~~~ CVE-2009-0714 2009-05-14T13:30:00.547-04:00 2019-10-09T18:58:01.570-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov HP HPSBMA02417 MISC http://ivizsecurity.com/security-advisory-iviz-sr-09002.html BID 34955 SECTRACK 1022220 VUPEN ADV-2009-1309 EXPLOIT-DB 9006 EXPLOIT-DB 9007 Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets. cpe:/a:hp:storage_essentials:6.0.2 cpe:/a:hp:storage_essentials:6.0.3 cpe:/a:hp:storage_essentials:6.0.4 CVE-2009-0715 2009-04-21T11:30:00.267-04:00 2009-04-29T01:28:39.467-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SECTRACK 1022084 VUPEN ADV-2009-1109 Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors. cpe:/a:hp:storageworks_storage_mirroring:5 cpe:/a:hp:storageworks_storage_mirroring:5.1 CVE-2009-0716 2009-04-21T11:30:00.297-04:00 2009-04-28T01:38:33.267-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov HP HPSBMA02422 SECTRACK 1022085 VUPEN ADV-2009-1108 Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors. cpe:/a:hp:storageworks_storage_mirroring:5 cpe:/a:hp:storageworks_storage_mirroring:5.1 CVE-2009-0717 2009-04-21T11:30:00.313-04:00 2009-04-28T01:38:33.437-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov SECTRACK 1022086 VUPEN ADV-2009-1108 Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors. cpe:/a:hp:storageworks_storage_mirroring:5 cpe:/a:hp:storageworks_storage_mirroring:5.1 CVE-2009-0718 2009-04-21T11:30:00.327-04:00 2009-04-28T01:38:33.670-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov HP HPSBMA02422 SECTRACK 1022087 VUPEN ADV-2009-1108 Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors. cpe:/o:hp:hp-ux:b.11.11 cpe:/o:hp:hp-ux:b.11.23 cpe:/o:hp:hp-ux:b.11.31 CVE-2009-0719 2009-04-29T11:30:00.170-04:00 2017-09-28T21:33:58.903-04:00 6.0 LOCAL MEDIUM SINGLE_INSTANCE COMPLETE COMPLETE NONE http://nvd.nist.gov HP HPSBUX02366 BID 34748 Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660. cpe:/a:hp:openview_network_node_manager:7.01 cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53 CVE-2009-0720 2009-05-05T13:30:00.250-04:00 2009-05-13T01:27:00.890-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov HP SSRT080091 SECTRACK 1022163 VUPEN ADV-2009-1250 Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. cpe:/a:hp:remote_graphics_software:4.0.0 cpe:/a:hp:remote_graphics_software:4.0.1 cpe:/a:hp:remote_graphics_software:4.0.2 cpe:/a:hp:remote_graphics_software:4.0.3 cpe:/a:hp:remote_graphics_software:4.1.3 cpe:/a:hp:remote_graphics_software:4.1.4 cpe:/a:hp:remote_graphics_software:4.2.0 cpe:/a:hp:remote_graphics_software:4.2.1 cpe:/a:hp:remote_graphics_software:4.2.2 cpe:/a:hp:remote_graphics_software:4.2.3 cpe:/a:hp:remote_graphics_software:4.2.4 cpe:/a:hp:remote_graphics_software:5.0 cpe:/a:hp:remote_graphics_software:5.1.1 cpe:/a:hp:remote_graphics_software:5.1.3 cpe:/a:hp:remote_graphics_software:5.1.5 cpe:/a:hp:remote_graphics_software:5.2.0 cpe:/a:hp:remote_graphics_software:5.2.4 CVE-2009-0721 2009-05-18T14:30:00.843-04:00 2019-10-09T18:58:02.180-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SECTRACK 1022221 HP SSRT090069 BID 34980 VUPEN ADV-2009-1323 Unspecified vulnerability in Easy Login in the Sender module in HP Remote Graphics Software (RGS) 4.0.0 through 5.2.4 allows remote attackers to execute arbitrary code via unknown vectors. cpe:/a:potato-scripts:potato_news:1.0.0 CVE-2009-0722 2009-02-24T13:30:00.577-05:00 2017-09-28T21:33:58.950-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33729 EXPLOIT-DB 8032 Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter. cpe:/a:gimp:gimp cpe:/a:littlecms:lcms:1.07 cpe:/a:littlecms:lcms:1.08 cpe:/a:littlecms:lcms:1.09 cpe:/a:littlecms:lcms:1.10 cpe:/a:littlecms:lcms:1.11 cpe:/a:littlecms:lcms:1.12 cpe:/a:littlecms:lcms:1.13 cpe:/a:littlecms:lcms:1.14 cpe:/a:littlecms:lcms:1.15 cpe:/a:littlecms:lcms:1.16 cpe:/a:littlecms:lcms:1.17 cpe:/a:mozilla:firefox:3.1:beta1 cpe:/a:sun:openjdk:7 CVE-2009-0723 2009-03-23T10:19:12.500-04:00 2018-10-10T15:30:35.673-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SR:2009:007 MISC http://scary.beasts.org/security/CESA-2009-003.html MISC http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html GENTOO GLSA-200904-19 SLACKWARE SSA:2009-083-01 DEBIAN DSA-1745 DEBIAN DSA-1769 MANDRIVA MDVSA-2009:121 MANDRIVA MDVSA-2009:137 MANDRIVA MDVSA-2009:162 MISC http://www.ocert.org/advisories/ocert-2009-003.html REDHAT RHSA-2009:0339 BUGTRAQ 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted) BUGTRAQ 20090320 [oCERT-2009-003] LittleCMS integer errors BID 34185 SECTRACK 1021869 UBUNTU USN-744-1 VUPEN ADV-2009-0775 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487508 XF littlecms-unspecified-bo(49326) REDHAT RHSA-2009:0377 FEDORA FEDORA-2009-2903 FEDORA FEDORA-2009-2910 FEDORA FEDORA-2009-2928 FEDORA FEDORA-2009-2970 FEDORA FEDORA-2009-2982 FEDORA FEDORA-2009-2983 FEDORA FEDORA-2009-3034 Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. cpe:/a:gigcalendar:com_gigcalendar:1.0 CVE-2009-0726 2009-02-24T18:30:00.233-05:00 2017-09-28T21:33:59.090-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33241 XF gigcalendar-index-sql-injection(47919) EXPLOIT-DB 7746 SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. cpe:/a:tony_iha_kazungu:taifajobs:1.0 CVE-2009-0727 2009-02-24T18:30:03.797-05:00 2018-10-10T15:30:41.827-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://e-rdc.org/v1/news.php?readmore=126 BUGTRAQ 20090223 [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability BID 33864 EXPLOIT-DB 8098 SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter. cpe:/a:maxdev:my_egallery:- CVE-2009-0728 2009-02-24T18:30:03.813-05:00 2017-09-28T21:33:59.183-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33871 EXPLOIT-DB 8100 SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php. cpe:/a:lingx:page_engine_cms:2.0:-:basic cpe:/a:lingx:page_engine_cms:2.0:-:pro CVE-2009-0729 2009-02-24T18:30:03.827-05:00 2017-08-16T21:29:59.897-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33860 XF pageengine-fprefix-file-include(48856) Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent_poll_include.php, (2) modules/login_include.php, and (3) modules/statistics_include.php and (4) configuration.inc.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:gigcalendar:com_gigcalendar:1.0 CVE-2009-0730 2009-02-24T18:30:03.860-05:00 2018-10-10T15:30:42.327-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BUGTRAQ 20090221 gigCalendar Joomla Component 1.0 SQL Injection BUGTRAQ 20090221 gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection BUGTRAQ 20090221 gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection BID 33859 BID 33863 XF gigcalendar-venuedetails-sql-injection(48865) Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. cpe:/a:freearcadescript:free_arcade_script:1.0 CVE-2009-0731 2009-02-24T18:30:03.877-05:00 2017-09-28T21:33:59.247-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov BID 33869 EXPLOIT-DB 8094 Directory traversal vulnerability in pages/play.php in Free Arcade Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. cpe:/a:lingx:downloadcenter:2.1 CVE-2009-0732 2009-02-24T18:30:03.907-05:00 2017-08-16T21:30:00.007-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov XF downloadcenter-common-info-disclosure(48862) Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:gimp:gimp cpe:/a:littlecms:lcms:1.07 cpe:/a:littlecms:lcms:1.08 cpe:/a:littlecms:lcms:1.09 cpe:/a:littlecms:lcms:1.10 cpe:/a:littlecms:lcms:1.11 cpe:/a:littlecms:lcms:1.12 cpe:/a:littlecms:lcms:1.13 cpe:/a:littlecms:lcms:1.14 cpe:/a:littlecms:lcms:1.15 cpe:/a:littlecms:lcms:1.16 cpe:/a:littlecms:lcms:1.17 cpe:/a:mozilla:firefox:3.1:beta1 cpe:/a:sun:openjdk:7 CVE-2009-0733 2009-03-23T10:19:12.517-04:00 2018-10-10T15:30:43.157-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SR:2009:007 MISC http://scary.beasts.org/security/CESA-2009-003.html MISC http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html GENTOO GLSA-200904-19 SLACKWARE SSA:2009-083-01 DEBIAN DSA-1745 DEBIAN DSA-1769 MANDRIVA MDVSA-2009:121 MANDRIVA MDVSA-2009:137 MANDRIVA MDVSA-2009:162 MISC http://www.ocert.org/advisories/ocert-2009-003.html REDHAT RHSA-2009:0339 BUGTRAQ 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted) BUGTRAQ 20090320 [oCERT-2009-003] LittleCMS integer errors BID 34185 SECTRACK 1021869 UBUNTU USN-744-1 VUPEN ADV-2009-0775 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487512 XF littlecms-readsetofcurves-bo(49330) REDHAT RHSA-2009:0377 FEDORA FEDORA-2009-2903 FEDORA FEDORA-2009-2910 FEDORA FEDORA-2009-2928 FEDORA FEDORA-2009-2970 FEDORA FEDORA-2009-2982 FEDORA FEDORA-2009-2983 FEDORA FEDORA-2009-3034 Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. cpe:/a:nokia:nokia_pc_suite:6.86.9.3 CVE-2009-0734 2009-02-25T15:30:00.267-05:00 2018-10-10T15:30:49.220-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BUGTRAQ 20090203 Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit VUPEN ADV-2009-0318 Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file. cpe:/a:papoo:papoo:3.6 CVE-2009-0735 2009-02-25T15:30:02.453-05:00 2017-09-28T21:33:59.387-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33718 EXPLOIT-DB 8030 Directory traversal vulnerability in lib/classes/message_class.php in Papoo CMS 3.6, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter. NOTE: some of these details are obtained from third party information. cpe:/a:simon_brown:pebble:1.0 cpe:/a:simon_brown:pebble:1.1 cpe:/a:simon_brown:pebble:1.2 cpe:/a:simon_brown:pebble:1.3 cpe:/a:simon_brown:pebble:1.4 cpe:/a:simon_brown:pebble:1.4:beta1 cpe:/a:simon_brown:pebble:1.4:beta2 cpe:/a:simon_brown:pebble:1.4:beta3 cpe:/a:simon_brown:pebble:1.4.1 cpe:/a:simon_brown:pebble:1.4.1_01 cpe:/a:simon_brown:pebble:1.4.2 cpe:/a:simon_brown:pebble:1.4.2_01 cpe:/a:simon_brown:pebble:1.5 cpe:/a:simon_brown:pebble:1.5:beta1 cpe:/a:simon_brown:pebble:1.5:beta2 cpe:/a:simon_brown:pebble:1.5:beta3 cpe:/a:simon_brown:pebble:1.5.1 cpe:/a:simon_brown:pebble:1.6 cpe:/a:simon_brown:pebble:1.6:beta1 cpe:/a:simon_brown:pebble:1.6:beta2 cpe:/a:simon_brown:pebble:1.6:beta3 cpe:/a:simon_brown:pebble:1.6.1 cpe:/a:simon_brown:pebble:1.7 cpe:/a:simon_brown:pebble:1.7:beta1 cpe:/a:simon_brown:pebble:1.7.1 cpe:/a:simon_brown:pebble:1.7.2 cpe:/a:simon_brown:pebble:1.8 cpe:/a:simon_brown:pebble:1.9 cpe:/a:simon_brown:pebble:2.0 cpe:/a:simon_brown:pebble:2.0.0:m1 cpe:/a:simon_brown:pebble:2.0.0:m2 cpe:/a:simon_brown:pebble:2.0.0:m3 cpe:/a:simon_brown:pebble:2.0.0:rc1 cpe:/a:simon_brown:pebble:2.0.0:rc2 cpe:/a:simon_brown:pebble:2.0.1 cpe:/a:simon_brown:pebble:2.1 cpe:/a:simon_brown:pebble:2.1:rc1 cpe:/a:simon_brown:pebble:2.2 cpe:/a:simon_brown:pebble:2.3 cpe:/a:simon_brown:pebble:2.3.1 CVE-2009-0736 2009-02-25T15:30:02.467-05:00 2012-11-08T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-02-25T16:20:00.000-05:00 CONFIRM http://sourceforge.net/forum/forum.php?forum_id=917656 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=660130 BID 33733 Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:mediawiki:mediawiki:1.6.0 cpe:/a:mediawiki:mediawiki:1.6.1 cpe:/a:mediawiki:mediawiki:1.6.2 cpe:/a:mediawiki:mediawiki:1.6.3 cpe:/a:mediawiki:mediawiki:1.6.4 cpe:/a:mediawiki:mediawiki:1.6.5 cpe:/a:mediawiki:mediawiki:1.6.6 cpe:/a:mediawiki:mediawiki:1.6.7 cpe:/a:mediawiki:mediawiki:1.6.8 cpe:/a:mediawiki:mediawiki:1.6.9 cpe:/a:mediawiki:mediawiki:1.6.10 cpe:/a:mediawiki:mediawiki:1.6.11 cpe:/a:mediawiki:mediawiki:1.12.0 cpe:/a:mediawiki:mediawiki:1.12.0:rc1 cpe:/a:mediawiki:mediawiki:1.12.1 cpe:/a:mediawiki:mediawiki:1.12.2 cpe:/a:mediawiki:mediawiki:1.12.3 cpe:/a:mediawiki:mediawiki:1.13.0 cpe:/a:mediawiki:mediawiki:1.13.0:rc1 cpe:/a:mediawiki:mediawiki:1.13.0:rc2 cpe:/a:mediawiki:mediawiki:1.13.1 cpe:/a:mediawiki:mediawiki:1.13.2 cpe:/a:mediawiki:mediawiki:1.13.3 CVE-2009-0737 2009-02-25T15:30:02.483-05:00 2009-10-14T01:22:01.267-04:00 2.6 NETWORK HIGH NONE NONE PARTIAL NONE http://nvd.nist.gov MLIST [MediaWiki-announce] 20090207 MediaWiki releases: security update and new major branch CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_4/phase3/RELEASE-NOTES CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_12/phase3/RELEASE-NOTES DEBIAN DSA-1901 BID 33681 VUPEN ADV-2009-0368 Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:frankmancuso:auth_php:1.0 CVE-2009-0738 2009-02-25T15:30:02.517-05:00 2017-09-28T21:33:59.450-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33723 EXPLOIT-DB 8033 SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. cpe:/a:frankmancuso:mynews:0.10 CVE-2009-0739 2009-02-25T15:30:02.530-05:00 2017-09-28T21:33:59.497-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33728 EXPLOIT-DB 8034 SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. cpe:/a:frankmancuso:bluebird:pre-release CVE-2009-0740 2009-02-25T15:30:02.547-05:00 2017-09-28T21:33:59.543-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33725 EXPLOIT-DB 8035 SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. cpe:/a:craftsilicon:banking%40home:2.1 CVE-2009-0741 2009-02-25T15:30:02.563-05:00 2018-10-10T15:30:49.563-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS FULLDISC 20090210 Craft Silicon Banking at Home SQL Injection BUGTRAQ 20090210 Craft Silicon Banking@Home SQL Injection BID 33721 SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter. cpe:/h:cisco:ace_4710 cpe:/h:cisco:application_control_engine_module CVE-2009-0742 2009-02-26T11:17:20.233-05:00 2009-02-27T00:00:00.000-05:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2009-02-27T11:04:00.000-05:00 CISCO 20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information. cpe:/a:cisco:unified_meetingplace:6.0 cpe:/a:cisco:unified_meetingplace:7.0 CVE-2009-0743 2009-02-27T12:30:09.877-05:00 2017-08-16T21:30:00.147-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov CISCO 20090226 Cisco Unified MeetingPlace Stored Cross-Site Scripting Vulnerability BUGTRAQ 20090225 Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability BID 33915 SECTRACK 1021778 XF cisco-meetingplace-emailaddress-xss(48965) Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. cpe:/a:apple:safari:4.0:beta CVE-2009-0744 2009-02-27T12:30:09.907-05:00 2018-10-10T15:30:49.923-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov BUGTRAQ 20090225 Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of Service Vulnerability BID 33909 XF safari-feedsuri-dos(48943) Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character. cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.27.13 cpe:/o:linux:linux_kernel:2.6.27.14 cpe:/o:linux:linux_kernel:2.6.27.15 cpe:/o:linux:linux_kernel:2.6.27.16 cpe:/o:linux:linux_kernel:2.6.27.17 cpe:/o:linux:linux_kernel:2.6.27.18 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.28.2 cpe:/o:linux:linux_kernel:2.6.28.3 cpe:/o:linux:linux_kernel:2.6.28.4 cpe:/o:linux:linux_kernel:2.6.28.5 cpe:/o:linux:linux_kernel:2.6.28.6 CVE-2009-0745 2009-02-27T12:30:09.920-05:00 2018-10-10T15:30:50.423-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://bugzilla.kernel.org/show_bug.cgi?id=12433 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdff73f094e7220602cc3f8959c7230517976412 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7 REDHAT RHSA-2009:1243 DEBIAN DSA-1749 DEBIAN DSA-1787 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components UBUNTU USN-751-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-0509 VUPEN ADV-2009-3316 The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.27.13 cpe:/o:linux:linux_kernel:2.6.27.14 cpe:/o:linux:linux_kernel:2.6.27.15 cpe:/o:linux:linux_kernel:2.6.27.16 cpe:/o:linux:linux_kernel:2.6.27.17 cpe:/o:linux:linux_kernel:2.6.27.18 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.28.2 cpe:/o:linux:linux_kernel:2.6.28.3 cpe:/o:linux:linux_kernel:2.6.28.4 cpe:/o:linux:linux_kernel:2.6.28.5 cpe:/o:linux:linux_kernel:2.6.28.6 CVE-2009-0746 2009-02-27T12:30:09.937-05:00 2018-10-10T15:30:52.390-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://bugzilla.kernel.org/show_bug.cgi?id=12430 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7 REDHAT RHSA-2009:1243 DEBIAN DSA-1749 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components UBUNTU USN-751-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-0509 VUPEN ADV-2009-3316 XF linux-kernel-makeindexeddir-ext4-dos(48872) The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27:rc1 cpe:/o:linux:linux_kernel:2.6.27:rc2 cpe:/o:linux:linux_kernel:2.6.27:rc3 cpe:/o:linux:linux_kernel:2.6.27:rc4 cpe:/o:linux:linux_kernel:2.6.27:rc5 cpe:/o:linux:linux_kernel:2.6.27:rc6 cpe:/o:linux:linux_kernel:2.6.27:rc7 cpe:/o:linux:linux_kernel:2.6.27:rc8 cpe:/o:linux:linux_kernel:2.6.27:rc9 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.27.13 cpe:/o:linux:linux_kernel:2.6.27.14 cpe:/o:linux:linux_kernel:2.6.27.15 cpe:/o:linux:linux_kernel:2.6.27.16 cpe:/o:linux:linux_kernel:2.6.27.17 cpe:/o:linux:linux_kernel:2.6.27.18 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28:rc1 cpe:/o:linux:linux_kernel:2.6.28:rc2 cpe:/o:linux:linux_kernel:2.6.28:rc3 cpe:/o:linux:linux_kernel:2.6.28:rc4 cpe:/o:linux:linux_kernel:2.6.28:rc5 cpe:/o:linux:linux_kernel:2.6.28:rc6 cpe:/o:linux:linux_kernel:2.6.28:rc7 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.28.2 cpe:/o:linux:linux_kernel:2.6.28.3 cpe:/o:linux:linux_kernel:2.6.28.4 cpe:/o:linux:linux_kernel:2.6.28.5 cpe:/o:linux:linux_kernel:2.6.28.6 CVE-2009-0747 2009-02-27T12:30:09.953-05:00 2018-10-10T15:30:54.470-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://bugzilla.kernel.org/show_bug.cgi?id=12375 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06a279d636734da32bb62dd2f7b0ade666f65d7c CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7 REDHAT RHSA-2009:1243 DEBIAN DSA-1749 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components UBUNTU USN-751-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-0509 VUPEN ADV-2009-3316 The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem. cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27:rc1 cpe:/o:linux:linux_kernel:2.6.27:rc2 cpe:/o:linux:linux_kernel:2.6.27:rc3 cpe:/o:linux:linux_kernel:2.6.27:rc4 cpe:/o:linux:linux_kernel:2.6.27:rc5 cpe:/o:linux:linux_kernel:2.6.27:rc6 cpe:/o:linux:linux_kernel:2.6.27:rc7 cpe:/o:linux:linux_kernel:2.6.27:rc8 cpe:/o:linux:linux_kernel:2.6.27:rc9 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.27.13 cpe:/o:linux:linux_kernel:2.6.27.14 cpe:/o:linux:linux_kernel:2.6.27.15 cpe:/o:linux:linux_kernel:2.6.27.16 cpe:/o:linux:linux_kernel:2.6.27.17 cpe:/o:linux:linux_kernel:2.6.27.18 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28:rc1 cpe:/o:linux:linux_kernel:2.6.28:rc2 cpe:/o:linux:linux_kernel:2.6.28:rc3 cpe:/o:linux:linux_kernel:2.6.28:rc4 cpe:/o:linux:linux_kernel:2.6.28:rc5 cpe:/o:linux:linux_kernel:2.6.28:rc6 cpe:/o:linux:linux_kernel:2.6.28:rc7 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.28.2 cpe:/o:linux:linux_kernel:2.6.28.3 cpe:/o:linux:linux_kernel:2.6.28.4 cpe:/o:linux:linux_kernel:2.6.28.5 cpe:/o:linux:linux_kernel:2.6.28.6 CVE-2009-0748 2009-02-27T12:30:09.983-05:00 2018-10-10T15:30:56.360-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://bugzilla.kernel.org/show_bug.cgi?id=12371 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ec110281379826c5cf6ed14735e47027c3c5765 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7 REDHAT RHSA-2009:1243 DEBIAN DSA-1749 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components UBUNTU USN-751-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-0509 VUPEN ADV-2009-3316 The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem. cpe:/a:cosmin_truta:optipng:0.0 cpe:/a:cosmin_truta:optipng:0.1 cpe:/a:cosmin_truta:optipng:0.2 cpe:/a:cosmin_truta:optipng:0.3 cpe:/a:cosmin_truta:optipng:0.3.1 cpe:/a:cosmin_truta:optipng:0.3.2 cpe:/a:cosmin_truta:optipng:0.4 cpe:/a:cosmin_truta:optipng:0.4.1 cpe:/a:cosmin_truta:optipng:0.4.2 cpe:/a:cosmin_truta:optipng:0.4.3 cpe:/a:cosmin_truta:optipng:0.4.4 cpe:/a:cosmin_truta:optipng:0.4.5 cpe:/a:cosmin_truta:optipng:0.4.6 cpe:/a:cosmin_truta:optipng:0.4.7 cpe:/a:cosmin_truta:optipng:0.4.8 cpe:/a:cosmin_truta:optipng:0.5 cpe:/a:cosmin_truta:optipng:0.5.1 cpe:/a:cosmin_truta:optipng:0.5.2 cpe:/a:cosmin_truta:optipng:0.5.3 cpe:/a:cosmin_truta:optipng:0.5.4 cpe:/a:cosmin_truta:optipng:0.5.5 cpe:/a:cosmin_truta:optipng:0.6 cpe:/a:cosmin_truta:optipng:0.6.1 cpe:/a:cosmin_truta:optipng:0.6.2 CVE-2009-0749 2009-03-02T15:30:00.217-05:00 2017-08-16T21:30:00.350-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUSE SUSE-SR:2009:006 SUSE SUSE-SR:2009:012 CONFIRM http://optipng.sourceforge.net CONFIRM http://sourceforge.net/tracker/index.php?func=detail&aid=2582013&group_id=151404&atid=780913 GENTOO GLSA-200903-12 MLIST [oss-security] 20090224 CVE request: optipng security release MLIST [oss-security] 20090225 Re: CVE request: optipng security release BID 33873 VUPEN ADV-2009-0510 XF optipng-gifreadnextextension-code-execution(48879) Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed. cpe:/a:tombstone:smnews:- CVE-2009-0750 2009-03-02T17:30:00.233-05:00 2017-09-28T21:33:59.997-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS XF smnews-login-sql-injection(48813) EXPLOIT-DB 8076 SQL injection vulnerability in login.php in the smNews example script for txtSQL 2.2 Final allows remote attackers to execute arbitrary SQL commands via the username parameter. cpe:/a:yaws:yaws:1.50 cpe:/a:yaws:yaws:1.51 cpe:/a:yaws:yaws:1.52 cpe:/a:yaws:yaws:1.53 cpe:/a:yaws:yaws:1.54 cpe:/a:yaws:yaws:1.55 cpe:/a:yaws:yaws:1.56 cpe:/a:yaws:yaws:1.57 cpe:/a:yaws:yaws:1.58 cpe:/a:yaws:yaws:1.61 cpe:/a:yaws:yaws:1.62 cpe:/a:yaws:yaws:1.63 cpe:/a:yaws:yaws:1.64 cpe:/a:yaws:yaws:1.65 cpe:/a:yaws:yaws:1.66 cpe:/a:yaws:yaws:1.67 cpe:/a:yaws:yaws:1.68 cpe:/a:yaws:yaws:1.70 cpe:/a:yaws:yaws:1.71 cpe:/a:yaws:yaws:1.72 cpe:/a:yaws:yaws:1.73 cpe:/a:yaws:yaws:1.74 cpe:/a:yaws:yaws:1.75 cpe:/a:yaws:yaws:1.76 cpe:/a:yaws:yaws:1.77 cpe:/a:yaws:yaws:1.78 cpe:/a:yaws:yaws:1.79 CVE-2009-0751 2009-03-02T17:30:00.250-05:00 2017-09-28T21:34:00.060-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov DEBIAN DSA-1740 MLIST [oss-security] 20090219 CVE request for yaws BID 33834 VUPEN ADV-2009-0590 CONFIRM http://yaws.hyber.org/ EXPLOIT-DB 8148 Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers. cpe:/a:sixapart:movable_type:4.0:-:community_solution cpe:/a:sixapart:movable_type:4.0:-:pro cpe:/a:sixapart:movable_type:4.01:-:community_solution cpe:/a:sixapart:movable_type:4.01:-:pro cpe:/a:sixapart:movable_type:4.01:b:community_solution cpe:/a:sixapart:movable_type:4.01:b:pro cpe:/a:sixapart:movable_type:4.2:-:community_solution cpe:/a:sixapart:movable_type:4.2:-:pro cpe:/a:sixapart:movable_type:4.12:-:community_solution cpe:/a:sixapart:movable_type:4.12:-:pro cpe:/a:sixapart:movable_type:4.21:-:community_solution cpe:/a:sixapart:movable_type:4.21:-:pro cpe:/a:sixapart:movable_type:4.23:-:community_solution cpe:/a:sixapart:movable_type:4.23:-:pro CVE-2009-0752 2009-03-02T19:30:00.267-05:00 2009-03-04T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-03-03T12:11:00.000-05:00 ALLOWS_ADMIN_ACCESS CONFIRM http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism. cpe:/a:mldonkey:mldonkey:2.8.4 cpe:/a:mldonkey:mldonkey:2.8.7 cpe:/a:mldonkey:mldonkey:2.9 cpe:/a:mldonkey:mldonkey:2.9.0-r3 cpe:/a:mldonkey:mldonkey:2.9.7 CVE-2009-0753 2009-03-03T11:30:05.203-05:00 2017-09-28T21:34:00.137-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://savannah.nongnu.org/bugs/?25667 DEBIAN DSA-1739 GENTOO GLSA-200903-36 MLIST [oss-security] 20090223 CVE request: mldonkey arbitrary file download vulnerability BID 33865 EXPLOIT-DB 8097 FEDORA FEDORA-2009-2703 FEDORA FEDORA-2009-2758 Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename. cpe:/a:php:php:4.4.4 cpe:/a:php:php:5.1.6 CVE-2009-0754 2009-03-03T11:30:05.233-05:00 2018-10-03T17:58:38.723-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://bugs.php.net/bug.php?id=27421 SUSE SUSE-SR:2009:008 DEBIAN DSA-1789 MLIST [oss-security] 20090130 CVE Request - php (PHP BZ#27421) MLIST [oss-security] 20090203 Re: CVE Request - php (PHP BZ#27421) MLIST [oss-security] 20090225 Re: CVE Request - php (PHP BZ#27421) REDHAT RHSA-2009:0350 SECTRACK 1021979 UBUNTU USN-761-1 FEDORA FEDORA-2009-3768 FEDORA FEDORA-2009-3848 PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. cpe:/a:poppler:poppler:0.1 cpe:/a:poppler:poppler:0.1.1 cpe:/a:poppler:poppler:0.1.2 cpe:/a:poppler:poppler:0.2.0 cpe:/a:poppler:poppler:0.3.0 cpe:/a:poppler:poppler:0.3.1 cpe:/a:poppler:poppler:0.3.2 cpe:/a:poppler:poppler:0.3.3 cpe:/a:poppler:poppler:0.4.0 cpe:/a:poppler:poppler:0.4.1 cpe:/a:poppler:poppler:0.4.2 cpe:/a:poppler:poppler:0.4.3 cpe:/a:poppler:poppler:0.4.4 cpe:/a:poppler:poppler:0.5.0 cpe:/a:poppler:poppler:0.5.1 cpe:/a:poppler:poppler:0.5.2 cpe:/a:poppler:poppler:0.5.3 cpe:/a:poppler:poppler:0.5.4 cpe:/a:poppler:poppler:0.5.9 cpe:/a:poppler:poppler:0.5.90 cpe:/a:poppler:poppler:0.5.91 cpe:/a:poppler:poppler:0.6.0 cpe:/a:poppler:poppler:0.6.1 cpe:/a:poppler:poppler:0.6.2 cpe:/a:poppler:poppler:0.6.3 cpe:/a:poppler:poppler:0.6.4 cpe:/a:poppler:poppler:0.7.0 cpe:/a:poppler:poppler:0.7.1 cpe:/a:poppler:poppler:0.7.2 cpe:/a:poppler:poppler:0.7.3 cpe:/a:poppler:poppler:0.8.4 cpe:/a:poppler:poppler:0.10.1 cpe:/a:poppler:poppler:0.10.2 cpe:/a:poppler:poppler:0.10.3 CVE-2009-0755 2009-03-03T11:30:05.250-05:00 2018-10-10T15:30:58.377-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://bugs.freedesktop.org/show_bug.cgi?id=19790 MLIST [poppler] 20090128 poppler/Form.cc SUSE SUSE-SR:2009:012 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0059 DEBIAN DSA-1941 MLIST [oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities MLIST [oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities BUGTRAQ 20090417 rPSA-2009-0059-1 poppler BID 33749 UBUNTU USN-850-1 The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. cpe:/a:poppler:poppler:0.1 cpe:/a:poppler:poppler:0.1.1 cpe:/a:poppler:poppler:0.1.2 cpe:/a:poppler:poppler:0.2.0 cpe:/a:poppler:poppler:0.3.0 cpe:/a:poppler:poppler:0.3.1 cpe:/a:poppler:poppler:0.3.2 cpe:/a:poppler:poppler:0.3.3 cpe:/a:poppler:poppler:0.4.0 cpe:/a:poppler:poppler:0.4.1 cpe:/a:poppler:poppler:0.4.2 cpe:/a:poppler:poppler:0.4.3 cpe:/a:poppler:poppler:0.4.4 cpe:/a:poppler:poppler:0.5.0 cpe:/a:poppler:poppler:0.5.1 cpe:/a:poppler:poppler:0.5.2 cpe:/a:poppler:poppler:0.5.3 cpe:/a:poppler:poppler:0.5.4 cpe:/a:poppler:poppler:0.5.9 cpe:/a:poppler:poppler:0.5.90 cpe:/a:poppler:poppler:0.5.91 cpe:/a:poppler:poppler:0.6.0 cpe:/a:poppler:poppler:0.6.1 cpe:/a:poppler:poppler:0.6.2 cpe:/a:poppler:poppler:0.6.3 cpe:/a:poppler:poppler:0.6.4 cpe:/a:poppler:poppler:0.7.0 cpe:/a:poppler:poppler:0.7.1 cpe:/a:poppler:poppler:0.7.2 cpe:/a:poppler:poppler:0.7.3 cpe:/a:poppler:poppler:0.8.4 cpe:/a:poppler:poppler:0.10.1 cpe:/a:poppler:poppler:0.10.2 cpe:/a:poppler:poppler:0.10.3 CVE-2009-0756 2009-03-03T11:30:05.267-05:00 2018-10-10T15:30:59.720-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://bugs.freedesktop.org/show_bug.cgi?id=19702 MLIST [poppler] 20090123 poppler/JBIG2Stream.cc SUSE SUSE-SR:2009:012 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0059 MLIST [oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities MLIST [oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities BUGTRAQ 20090417 rPSA-2009-0059-1 poppler BID 33749 The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. cpe:/a:mpfr:gnu_mpfr:2.4.0 CVE-2009-0757 2009-03-03T11:30:05.297-05:00 2009-05-13T01:27:05.420-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://mpfr.loria.fr/mpfr-2.4.1/ MLIST [oss-security] 20090302 CVE Request: mpfr (Buffer Overflow) BID 33945 UBUNTU USN-772-1 Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions. cpe:/a:avahi:avahi-daemon:0.6.23 CVE-2009-0758 2009-03-03T11:30:05.313-05:00 2010-08-12T10:13:50.063-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683 SUSE SUSE-SR:2010:002 DEBIAN DSA-2086 MANDRIVA MDVSA-2009:076 MLIST [oss-security] 20090302 CVE id request: avahi BID 33946 The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm. cpe:/a:znc:znc:0.056 cpe:/a:znc:znc:0.058 cpe:/a:znc:znc:0.062 CVE-2009-0759 2009-03-03T11:30:05.327-05:00 2009-06-09T01:32:57.140-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS DEBIAN DSA-1735 MLIST [oss-security] 20090301 CVE id request: znc CONFIRM http://znc.svn.sourceforge.net/viewvc/znc/trunk/modules/webadmin.cpp?view=log&sortby=rev&sortdir=down&pathrev=1395 CONFIRM http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1395 CONFIRM http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1396 Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors. cpe:/a:team5:team_board:1.0.0 cpe:/a:team5:team_board:2.0.0 CVE-2009-0760 2009-03-06T01:50:20.517-05:00 2017-09-28T21:34:00.263-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov MISC http://packetstorm.linuxsecurity.com/0902-exploits/teamboard-ddxss.txt EXPLOIT-DB 7982 Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb. cpe:/a:team5.team_board:1.0 cpe:/a:team5.team_board:1.0.1 cpe:/a:team5.team_board:1.0.2 cpe:/a:team5.team_board:1.0.3 cpe:/a:team5.team_board:1.0.4 cpe:/a:team5.team_board:1.0.5 CVE-2009-0761 2009-03-06T01:50:20.530-05:00 2017-09-28T21:34:00.327-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33614 EXPLOIT-DB 7982 Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter. cpe:/a:scriptsez:ez_php_comment:- CVE-2009-0762 2009-03-06T01:50:20.563-05:00 2009-03-06T01:50:20.563-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-03-06T09:11:00.000-05:00 BID 33587 Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:bookelves:kipper:2.01 CVE-2009-0763 2009-03-06T01:50:20.577-05:00 2017-09-28T21:34:00.387-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33640 EXPLOIT-DB 7993 Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter. cpe:/a:bookelves:kipper:2.01 CVE-2009-0764 2009-03-06T01:50:20.640-05:00 2009-06-17T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-03-06T09:26:00.000-05:00 Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:bookelves:kipper:2.01 CVE-2009-0765 2009-03-06T01:50:20.687-05:00 2017-09-28T21:34:00.450-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33640 XF kipper-index-file-include(49271) EXPLOIT-DB 7993 Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter. cpe:/a:bookelves:kipper:2.01 CVE-2009-0766 2009-03-06T01:50:20.733-05:00 2009-03-06T01:50:20.733-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-03-06T09:32:00.000-05:00 Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:bookelves:kipper:2.01 CVE-2009-0767 2009-03-06T01:50:20.797-05:00 2017-09-28T21:34:00.497-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov EXPLOIT-DB 7993 Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data. cpe:/a:yapbb:yapbb:1.1 cpe:/a:yapbb:yapbb:1.2 cpe:/a:yapbb:yapbb:1.2:beta2 CVE-2009-0768 2009-03-06T01:50:20.827-05:00 2017-09-28T21:34:00.577-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33620 EXPLOIT-DB 7984 SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action. cpe:/a:qip:qip:2005 CVE-2009-0769 2009-03-06T01:50:20.890-05:00 2018-10-10T15:31:00.673-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov BUGTRAQ 20090204 QIP 2005 Denial of Service Vulnerability BID 33609 QIP 2005 build 8082 allows remote attackers to cause a denial of service (CPU consumption and application hang) via a crafted Rich Text Format (RTF) ICQ message, as demonstrated by an {\rtf\pict\&&} message. NOTE: the vulnerability may be in Sergey Tkachenko TRichView. If so, then this should not be treated as a vulnerability in QIP. cpe:/a:dkim:dkim-milter:2.6.0 cpe:/a:dkim:dkim-milter:2.7.0 cpe:/a:dkim:dkim-milter:2.7.1 cpe:/a:dkim:dkim-milter:2.7.2 cpe:/a:dkim:dkim-milter:2.8.0 CVE-2009-0770 2009-03-06T01:50:20.920-05:00 2017-08-16T21:30:00.537-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://sourceforge.net/project/shownotes.php?release_id=654247 CONFIRM http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358 DEBIAN DSA-1728 MLIST [oss-security] 20090302 CVE id request: dkim-milter BID 33337 XF dkimmilter-p-dos(48085) dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a denial of service (crash) by signing a message with a key that has been revoked in DNS, which triggers an assertion error. cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.20 CVE-2009-0771 2009-03-04T21:30:00.390-05:00 2017-09-28T21:34:00.683-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUSE SUSE-SA:2009:012 SLACKWARE SSA:2009-083-02 SLACKWARE SSA:2009-083-03 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm CONFIRM http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document DEBIAN DSA-1751 DEBIAN DSA-1830 MANDRIVA MDVSA-2009:075 MANDRIVA MDVSA-2009:083 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-07.html REDHAT RHSA-2009:0315 BID 33990 SECTRACK 1021795 VUPEN ADV-2009-0632 CONFIRM https://bugzilla.mozilla.org/buglist.cgi?bug_id=424276,435209,436965,460706,466057,468578,471594,472502 FEDORA FEDORA-2009-3101 The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.20 CVE-2009-0772 2009-03-04T21:30:00.407-05:00 2018-10-03T17:58:40.567-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SA:2009:012 SUSE SUSE-SA:2009:023 SLACKWARE SSA:2009-083-02 SLACKWARE SSA:2009-083-03 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm CONFIRM http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document DEBIAN DSA-1751 DEBIAN DSA-1830 MANDRIVA MDVSA-2009:075 MANDRIVA MDVSA-2009:083 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-07.html REDHAT RHSA-2009:0258 REDHAT RHSA-2009:0315 REDHAT RHSA-2009:0325 BID 33990 SECTRACK 1021795 VUPEN ADV-2009-0632 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=475136 UBUNTU USN-741-1 FEDORA FEDORA-2009-2882 FEDORA FEDORA-2009-2884 FEDORA FEDORA-2009-3101 The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.20 CVE-2009-0773 2009-03-04T21:30:00.420-05:00 2017-09-28T21:34:00.933-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUSE SUSE-SA:2009:012 SLACKWARE SSA:2009-083-02 SLACKWARE SSA:2009-083-03 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm CONFIRM http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document DEBIAN DSA-1751 DEBIAN DSA-1830 MANDRIVA MDVSA-2009:075 MANDRIVA MDVSA-2009:083 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-07.html REDHAT RHSA-2009:0315 BID 33990 SECTRACK 1021795 VUPEN ADV-2009-0632 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=457521 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=467499 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=472787 FEDORA FEDORA-2009-3101 The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.20 CVE-2009-0774 2009-03-04T21:30:00.453-05:00 2018-10-03T17:58:47.163-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov SUSE SUSE-SA:2009:012 SUSE SUSE-SA:2009:023 SLACKWARE SSA:2009-083-02 SLACKWARE SSA:2009-083-03 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm CONFIRM http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document DEBIAN DSA-1751 DEBIAN DSA-1830 MANDRIVA MDVSA-2009:075 MANDRIVA MDVSA-2009:083 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-07.html REDHAT RHSA-2009:0258 REDHAT RHSA-2009:0315 REDHAT RHSA-2009:0325 BID 33990 SECTRACK 1021795 VUPEN ADV-2009-0632 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=473709 UBUNTU USN-741-1 FEDORA FEDORA-2009-2882 FEDORA FEDORA-2009-2884 FEDORA FEDORA-2009-3101 The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.20 CVE-2009-0775 2009-03-04T21:30:00.467-05:00 2017-09-28T21:34:01.217-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUSE SUSE-SA:2009:012 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm CONFIRM http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document DEBIAN DSA-1751 MANDRIVA MDVSA-2009:075 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-08.html REDHAT RHSA-2009:0258 REDHAT RHSA-2009:0315 REDHAT RHSA-2009:0325 BID 33990 SECTRACK 1021796 VUPEN ADV-2009-0632 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=474456 FEDORA FEDORA-2009-2882 FEDORA FEDORA-2009-2884 Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.20 CVE-2009-0776 2009-03-04T21:30:00.483-05:00 2018-10-03T17:58:53.630-04:00 7.1 NETWORK MEDIUM NONE COMPLETE NONE NONE http://nvd.nist.gov SUSE SUSE-SA:2009:012 SUSE SUSE-SA:2009:023 SLACKWARE SSA:2009-083-02 SLACKWARE SSA:2009-083-03 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm CONFIRM http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document DEBIAN DSA-1751 DEBIAN DSA-1830 MANDRIVA MDVSA-2009:075 MANDRIVA MDVSA-2009:083 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-09.html REDHAT RHSA-2009:0258 REDHAT RHSA-2009:0315 REDHAT RHSA-2009:0325 BID 33990 SECTRACK 1021797 VUPEN ADV-2009-0632 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=414540 UBUNTU USN-741-1 FEDORA FEDORA-2009-2882 FEDORA FEDORA-2009-2884 FEDORA FEDORA-2009-3101 nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.20 CVE-2009-0777 2009-03-04T21:30:00.500-05:00 2017-09-28T21:34:01.433-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov SUSE SUSE-SA:2009:012 SECTRACK 1021799 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm CONFIRM http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document MANDRIVA MDVSA-2009:075 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-11.html REDHAT RHSA-2009:0315 BID 33990 VUPEN ADV-2009-0632 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=452979 XF mozilla-invisible-url-spoofing(49087) Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.0:test1 cpe:/o:linux:linux_kernel:2.6.0:test10 cpe:/o:linux:linux_kernel:2.6.0:test11 cpe:/o:linux:linux_kernel:2.6.0:test2 cpe:/o:linux:linux_kernel:2.6.0:test3 cpe:/o:linux:linux_kernel:2.6.0:test4 cpe:/o:linux:linux_kernel:2.6.0:test5 cpe:/o:linux:linux_kernel:2.6.0:test6 cpe:/o:linux:linux_kernel:2.6.0:test7 cpe:/o:linux:linux_kernel:2.6.0:test8 cpe:/o:linux:linux_kernel:2.6.0:test9 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.1:rc1 cpe:/o:linux:linux_kernel:2.6.1:rc2 cpe:/o:linux:linux_kernel:2.6.1:rc3 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.2:rc1 cpe:/o:linux:linux_kernel:2.6.2:rc2 cpe:/o:linux:linux_kernel:2.6.2:rc3 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.3:rc1 cpe:/o:linux:linux_kernel:2.6.3:rc2 cpe:/o:linux:linux_kernel:2.6.3:rc3 cpe:/o:linux:linux_kernel:2.6.3:rc4 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.4:rc1 cpe:/o:linux:linux_kernel:2.6.4:rc2 cpe:/o:linux:linux_kernel:2.6.4:rc3 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.5:rc1 cpe:/o:linux:linux_kernel:2.6.5:rc2 cpe:/o:linux:linux_kernel:2.6.5:rc3 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.6:rc1 cpe:/o:linux:linux_kernel:2.6.6:rc2 cpe:/o:linux:linux_kernel:2.6.6:rc3 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.7:rc1 cpe:/o:linux:linux_kernel:2.6.7:rc2 cpe:/o:linux:linux_kernel:2.6.7:rc3 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.8:rc1 cpe:/o:linux:linux_kernel:2.6.8:rc2 cpe:/o:linux:linux_kernel:2.6.8:rc3 cpe:/o:linux:linux_kernel:2.6.8:rc4 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.9 cpe:/o:linux:linux_kernel:2.6.9:rc1 cpe:/o:linux:linux_kernel:2.6.9:rc2 cpe:/o:linux:linux_kernel:2.6.9:rc3 cpe:/o:linux:linux_kernel:2.6.9:rc4 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.10:rc1 cpe:/o:linux:linux_kernel:2.6.10:rc2 cpe:/o:linux:linux_kernel:2.6.10:rc3 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11:rc1 cpe:/o:linux:linux_kernel:2.6.11:rc2 cpe:/o:linux:linux_kernel:2.6.11:rc3 cpe:/o:linux:linux_kernel:2.6.11:rc4 cpe:/o:linux:linux_kernel:2.6.11:rc5 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12:rc1 cpe:/o:linux:linux_kernel:2.6.12:rc2 cpe:/o:linux:linux_kernel:2.6.12:rc3 cpe:/o:linux:linux_kernel:2.6.12:rc4 cpe:/o:linux:linux_kernel:2.6.12:rc5 cpe:/o:linux:linux_kernel:2.6.12:rc6 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13:rc1 cpe:/o:linux:linux_kernel:2.6.13:rc2 cpe:/o:linux:linux_kernel:2.6.13:rc3 cpe:/o:linux:linux_kernel:2.6.13:rc4 cpe:/o:linux:linux_kernel:2.6.13:rc5 cpe:/o:linux:linux_kernel:2.6.13:rc6 cpe:/o:linux:linux_kernel:2.6.13:rc7 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.6.14:rc5 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.6.15:rc2 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.6.15:rc4 cpe:/o:linux:linux_kernel:2.6.15:rc5 cpe:/o:linux:linux_kernel:2.6.15:rc6 cpe:/o:linux:linux_kernel:2.6.15:rc7 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.15.8 cpe:/o:linux:linux_kernel:2.6.15.9 cpe:/o:linux:linux_kernel:2.6.15.10 cpe:/o:linux:linux_kernel:2.6.15.11 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16:rc1 cpe:/o:linux:linux_kernel:2.6.16:rc2 cpe:/o:linux:linux_kernel:2.6.16:rc3 cpe:/o:linux:linux_kernel:2.6.16:rc4 cpe:/o:linux:linux_kernel:2.6.16:rc5 cpe:/o:linux:linux_kernel:2.6.16:rc6 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17:rc1 cpe:/o:linux:linux_kernel:2.6.17:rc2 cpe:/o:linux:linux_kernel:2.6.17:rc3 cpe:/o:linux:linux_kernel:2.6.17:rc4 cpe:/o:linux:linux_kernel:2.6.17:rc5 cpe:/o:linux:linux_kernel:2.6.17:rc6 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19:rc1 cpe:/o:linux:linux_kernel:2.6.19:rc2 cpe:/o:linux:linux_kernel:2.6.19:rc3 cpe:/o:linux:linux_kernel:2.6.19:rc4 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.20:rc2 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.12 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.21:git1 cpe:/o:linux:linux_kernel:2.6.21:git2 cpe:/o:linux:linux_kernel:2.6.21:git3 cpe:/o:linux:linux_kernel:2.6.21:git4 cpe:/o:linux:linux_kernel:2.6.21:git5 cpe:/o:linux:linux_kernel:2.6.21:git6 cpe:/o:linux:linux_kernel:2.6.21:git7 cpe:/o:linux:linux_kernel:2.6.21:rc3 cpe:/o:linux:linux_kernel:2.6.21:rc4 cpe:/o:linux:linux_kernel:2.6.21:rc5 cpe:/o:linux:linux_kernel:2.6.21:rc6 cpe:/o:linux:linux_kernel:2.6.21:rc7 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22:rc6 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24:rc1 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.24:rc4 cpe:/o:linux:linux_kernel:2.6.24:rc5 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 CVE-2009-0778 2009-03-12T11:20:49.780-04:00 2018-10-10T15:31:01.047-04:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 MLIST [oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 REDHAT RHSA-2009:0326 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 34084 SECTRACK 1021958 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-3316 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=485163 XF linux-kernel-rtcache-dos(49199) The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." cpe:/o:ibm:aix:5.3 cpe:/o:ibm:aix:6.1 CVE-2009-0779 2009-03-04T06:30:00.420-05:00 2009-03-04T06:30:00.420-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-03-04T11:14:00.000-05:00 ALLOWS_ADMIN_ACCESS SECTRACK 1021741 BID 33852 VUPEN ADV-2009-0487 AIXAPAR IZ44199 AIXAPAR IZ44220 AIXAPAR IZ44332 AIXAPAR IZ44388 Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users to gain privileges via a long "input string." cpe:/o:openbsd:openbsd:4.3 cpe:/o:openbsd:openbsd:4.4 CVE-2009-0780 2009-03-04T06:30:00.453-05:00 2017-08-16T21:30:00.803-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov OPENBSD [4.3] 010: RELIABILITY FIX: February 18, 2009 OPENBSD [4.4] 010: RELIABILITY FIX: February 18, 2009 BID 33828 SECTRACK 1021736 XF openbsd-aspathprepend-dos(48812) The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path. cpe:/a:apache:tomcat:4.1.0 cpe:/a:apache:tomcat:4.1.1 cpe:/a:apache:tomcat:4.1.2 cpe:/a:apache:tomcat:4.1.3 cpe:/a:apache:tomcat:4.1.3:beta cpe:/a:apache:tomcat:4.1.4 cpe:/a:apache:tomcat:4.1.5 cpe:/a:apache:tomcat:4.1.6 cpe:/a:apache:tomcat:4.1.7 cpe:/a:apache:tomcat:4.1.8 cpe:/a:apache:tomcat:4.1.9 cpe:/a:apache:tomcat:4.1.9:beta cpe:/a:apache:tomcat:4.1.10 cpe:/a:apache:tomcat:4.1.11 cpe:/a:apache:tomcat:4.1.12 cpe:/a:apache:tomcat:4.1.13 cpe:/a:apache:tomcat:4.1.14 cpe:/a:apache:tomcat:4.1.15 cpe:/a:apache:tomcat:4.1.16 cpe:/a:apache:tomcat:4.1.17 cpe:/a:apache:tomcat:4.1.18 cpe:/a:apache:tomcat:4.1.19 cpe:/a:apache:tomcat:4.1.20 cpe:/a:apache:tomcat:4.1.21 cpe:/a:apache:tomcat:4.1.22 cpe:/a:apache:tomcat:4.1.23 cpe:/a:apache:tomcat:4.1.24 cpe:/a:apache:tomcat:4.1.25 cpe:/a:apache:tomcat:4.1.26 cpe:/a:apache:tomcat:4.1.27 cpe:/a:apache:tomcat:4.1.28 cpe:/a:apache:tomcat:4.1.29 cpe:/a:apache:tomcat:4.1.30 cpe:/a:apache:tomcat:4.1.31 cpe:/a:apache:tomcat:4.1.32 cpe:/a:apache:tomcat:4.1.33 cpe:/a:apache:tomcat:4.1.34 cpe:/a:apache:tomcat:4.1.35 cpe:/a:apache:tomcat:4.1.36 cpe:/a:apache:tomcat:4.1.37 cpe:/a:apache:tomcat:5.5.0 cpe:/a:apache:tomcat:5.5.1 cpe:/a:apache:tomcat:5.5.2 cpe:/a:apache:tomcat:5.5.3 cpe:/a:apache:tomcat:5.5.4 cpe:/a:apache:tomcat:5.5.5 cpe:/a:apache:tomcat:5.5.6 cpe:/a:apache:tomcat:5.5.7 cpe:/a:apache:tomcat:5.5.8 cpe:/a:apache:tomcat:5.5.9 cpe:/a:apache:tomcat:5.5.10 cpe:/a:apache:tomcat:5.5.11 cpe:/a:apache:tomcat:5.5.12 cpe:/a:apache:tomcat:5.5.13 cpe:/a:apache:tomcat:5.5.14 cpe:/a:apache:tomcat:5.5.15 cpe:/a:apache:tomcat:5.5.16 cpe:/a:apache:tomcat:5.5.17 cpe:/a:apache:tomcat:5.5.18 cpe:/a:apache:tomcat:5.5.19 cpe:/a:apache:tomcat:5.5.20 cpe:/a:apache:tomcat:5.5.21 cpe:/a:apache:tomcat:5.5.22 cpe:/a:apache:tomcat:5.5.23 cpe:/a:apache:tomcat:5.5.24 cpe:/a:apache:tomcat:5.5.25 cpe:/a:apache:tomcat:5.5.26 cpe:/a:apache:tomcat:6.0 cpe:/a:apache:tomcat:6.0.0 cpe:/a:apache:tomcat:6.0.1 cpe:/a:apache:tomcat:6.0.2 cpe:/a:apache:tomcat:6.0.3 cpe:/a:apache:tomcat:6.0.4 cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:6.0.10 cpe:/a:apache:tomcat:6.0.11 cpe:/a:apache:tomcat:6.0.12 cpe:/a:apache:tomcat:6.0.13 cpe:/a:apache:tomcat:6.0.14 cpe:/a:apache:tomcat:6.0.15 cpe:/a:apache:tomcat:6.0.16 CVE-2009-0781 2009-03-09T17:30:00.217-04:00 2019-03-25T07:30:46.097-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov APPLE APPLE-SA-2010-03-29-1 SUSE SUSE-SR:2009:012 HP HPSBMA02535 HP HPSBUX02579 HP HPSBOV02762 HP HPSBUX02860 SUNALERT 263529 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://tomcat.apache.org/security-4.html CONFIRM http://tomcat.apache.org/security-5.html CONFIRM http://tomcat.apache.org/security-6.html DEBIAN DSA-2207 MANDRIVA MDVSA-2009:136 MANDRIVA MDVSA-2009:138 BUGTRAQ 20090306 [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-1856 VUPEN ADV-2009-3316 VUPEN ADV-2010-3056 XF tomcat-cal2-xss(49213) MLIST [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ FEDORA FEDORA-2009-11374 FEDORA FEDORA-2009-11352 FEDORA FEDORA-2009-11356 Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." CVE-2009-0782 2009-03-26T06:12:11.577-04:00 2009-03-26T06:12:11.797-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. cpe:/a:apache:tomcat:4.1.0 cpe:/a:apache:tomcat:4.1.1 cpe:/a:apache:tomcat:4.1.2 cpe:/a:apache:tomcat:4.1.3 cpe:/a:apache:tomcat:4.1.3:beta cpe:/a:apache:tomcat:4.1.9:beta cpe:/a:apache:tomcat:4.1.10 cpe:/a:apache:tomcat:4.1.12 cpe:/a:apache:tomcat:4.1.15 cpe:/a:apache:tomcat:4.1.24 cpe:/a:apache:tomcat:4.1.28 cpe:/a:apache:tomcat:4.1.29 cpe:/a:apache:tomcat:4.1.31 cpe:/a:apache:tomcat:4.1.36 cpe:/a:apache:tomcat:5.5.0 cpe:/a:apache:tomcat:5.5.1 cpe:/a:apache:tomcat:5.5.2 cpe:/a:apache:tomcat:5.5.3 cpe:/a:apache:tomcat:5.5.4 cpe:/a:apache:tomcat:5.5.5 cpe:/a:apache:tomcat:5.5.6 cpe:/a:apache:tomcat:5.5.7 cpe:/a:apache:tomcat:5.5.8 cpe:/a:apache:tomcat:5.5.9 cpe:/a:apache:tomcat:5.5.10 cpe:/a:apache:tomcat:5.5.11 cpe:/a:apache:tomcat:5.5.12 cpe:/a:apache:tomcat:5.5.13 cpe:/a:apache:tomcat:5.5.14 cpe:/a:apache:tomcat:5.5.15 cpe:/a:apache:tomcat:5.5.16 cpe:/a:apache:tomcat:5.5.17 cpe:/a:apache:tomcat:5.5.18 cpe:/a:apache:tomcat:5.5.19 cpe:/a:apache:tomcat:5.5.20 cpe:/a:apache:tomcat:5.5.21 cpe:/a:apache:tomcat:5.5.22 cpe:/a:apache:tomcat:5.5.23 cpe:/a:apache:tomcat:5.5.24 cpe:/a:apache:tomcat:5.5.25 cpe:/a:apache:tomcat:5.5.26 cpe:/a:apache:tomcat:5.5.27 cpe:/a:apache:tomcat:6.0.0 cpe:/a:apache:tomcat:6.0.0:alpha cpe:/a:apache:tomcat:6.0.1 cpe:/a:apache:tomcat:6.0.1:alpha cpe:/a:apache:tomcat:6.0.2 cpe:/a:apache:tomcat:6.0.2:alpha cpe:/a:apache:tomcat:6.0.2:beta cpe:/a:apache:tomcat:6.0.3 cpe:/a:apache:tomcat:6.0.4 cpe:/a:apache:tomcat:6.0.4:alpha cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:6.0.6:alpha cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:6.0.7:alpha cpe:/a:apache:tomcat:6.0.7:beta cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:6.0.8:alpha cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:6.0.9:beta cpe:/a:apache:tomcat:6.0.10 cpe:/a:apache:tomcat:6.0.11 cpe:/a:apache:tomcat:6.0.12 cpe:/a:apache:tomcat:6.0.13 cpe:/a:apache:tomcat:6.0.14 cpe:/a:apache:tomcat:6.0.15 cpe:/a:apache:tomcat:6.0.16 cpe:/a:apache:tomcat:6.0.17 cpe:/a:apache:tomcat:6.0.18 CVE-2009-0783 2009-06-05T12:00:00.267-04:00 2019-10-09T18:58:03.930-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2010-03-29-1 SUSE SUSE-SR:2009:012 HP HPSBMA02535 HP HPSBUX02579 HP HPSBUX02860 SUNALERT 263529 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://svn.apache.org/viewvc?rev=652592&view=rev CONFIRM http://svn.apache.org/viewvc?rev=681156&view=rev CONFIRM http://svn.apache.org/viewvc?rev=739522&view=rev CONFIRM http://svn.apache.org/viewvc?rev=781542&view=rev CONFIRM http://svn.apache.org/viewvc?rev=781708&view=rev CONFIRM http://tomcat.apache.org/security-4.html CONFIRM http://tomcat.apache.org/security-5.html CONFIRM http://tomcat.apache.org/security-6.html DEBIAN DSA-2207 MANDRIVA MDVSA-2009:136 MANDRIVA MDVSA-2009:138 MANDRIVA MDVSA-2010:176 BUGTRAQ 20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 35416 SECTRACK 1022336 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-1856 VUPEN ADV-2009-3316 VUPEN ADV-2010-3056 XF tomcat-xml-information-disclosure(51195) CONFIRM https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 CONFIRM https://issues.apache.org/bugzilla/show_bug.cgi?id=45933 MLIST [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ FEDORA FEDORA-2009-11374 FEDORA FEDORA-2009-11352 FEDORA FEDORA-2009-11356 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. cpe:/a:systemtap:systemtap CVE-2009-0784 2009-03-25T19:30:00.187-04:00 2017-09-28T21:34:02.310-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm DEBIAN DSA-1755 REDHAT RHSA-2009:0373 VUPEN ADV-2009-0907 Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors. CVE-2009-0786 2009-05-22T07:53:45.640-04:00 2009-05-22T07:53:45.843-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This was originally intended for a report about TCP Wrappers and the hosts_ctl API function, but further investigation showed that this was documented behavior by that function. Notes: Future CVE identifiers might be assigned to applications that mis-use the API in a security-relevant fashion. cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.28.2 cpe:/o:linux:linux_kernel:2.6.28.3 cpe:/o:linux:linux_kernel:2.6.28.4 cpe:/o:linux:linux_kernel:2.6.28.5 cpe:/o:linux:linux_kernel:2.6.28.6 cpe:/o:linux:linux_kernel:2.6.28.7 cpe:/o:linux:linux_kernel:2.6.28.8 CVE-2009-0787 2009-03-24T21:30:00.453-04:00 2018-10-10T15:31:16.627-04:00 4.9 LOCAL LOW NONE COMPLETE NONE NONE http://nvd.nist.gov CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8faece5f906725c10e7a1f6caf84452abadbdc7b REDHAT RHSA-2009:0473 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 34216 SECTRACK 1022177 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-0802 VUPEN ADV-2009-3316 XF linux-kernel-ecryptfs-information-disclosure(49355) The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory. cpe:/a:redhat:network_satellite_server:5.3 cpe:/a:redhat:network_satellite_server:5.4 CVE-2009-0788 2011-04-18T13:55:00.843-04:00 2017-08-16T21:30:01.117-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov REDHAT RHSA-2011:0434 BID 47316 SECTRACK 1025316 VUPEN ADV-2011-0967 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=491365 XF rhnss-url-security-bypass(66691) Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors. cpe:/a:openssl:openssl:0.9.1c cpe:/a:openssl:openssl:0.9.2b cpe:/a:openssl:openssl:0.9.3 cpe:/a:openssl:openssl:0.9.3a cpe:/a:openssl:openssl:0.9.4 cpe:/a:openssl:openssl:0.9.5 cpe:/a:openssl:openssl:0.9.5:beta1 cpe:/a:openssl:openssl:0.9.5:beta2 cpe:/a:openssl:openssl:0.9.5a cpe:/a:openssl:openssl:0.9.5a:beta1 cpe:/a:openssl:openssl:0.9.5a:beta2 cpe:/a:openssl:openssl:0.9.6 cpe:/a:openssl:openssl:0.9.6:beta1 cpe:/a:openssl:openssl:0.9.6:beta2 cpe:/a:openssl:openssl:0.9.6:beta3 cpe:/a:openssl:openssl:0.9.6a cpe:/a:openssl:openssl:0.9.6a:beta1 cpe:/a:openssl:openssl:0.9.6a:beta2 cpe:/a:openssl:openssl:0.9.6a:beta3 cpe:/a:openssl:openssl:0.9.6b cpe:/a:openssl:openssl:0.9.6c cpe:/a:openssl:openssl:0.9.6d cpe:/a:openssl:openssl:0.9.6e cpe:/a:openssl:openssl:0.9.6f cpe:/a:openssl:openssl:0.9.6g cpe:/a:openssl:openssl:0.9.6h cpe:/a:openssl:openssl:0.9.6i cpe:/a:openssl:openssl:0.9.6j cpe:/a:openssl:openssl:0.9.6k cpe:/a:openssl:openssl:0.9.6l cpe:/a:openssl:openssl:0.9.6m cpe:/a:openssl:openssl:0.9.7 cpe:/a:openssl:openssl:0.9.7:beta1 cpe:/a:openssl:openssl:0.9.7:beta2 cpe:/a:openssl:openssl:0.9.7:beta3 cpe:/a:openssl:openssl:0.9.7:beta4 cpe:/a:openssl:openssl:0.9.7:beta5 cpe:/a:openssl:openssl:0.9.7:beta6 cpe:/a:openssl:openssl:0.9.7a cpe:/a:openssl:openssl:0.9.7b cpe:/a:openssl:openssl:0.9.7c cpe:/a:openssl:openssl:0.9.7d cpe:/a:openssl:openssl:0.9.7e cpe:/a:openssl:openssl:0.9.7f cpe:/a:openssl:openssl:0.9.7g cpe:/a:openssl:openssl:0.9.7h cpe:/a:openssl:openssl:0.9.7i cpe:/a:openssl:openssl:0.9.7j cpe:/a:openssl:openssl:0.9.7k cpe:/a:openssl:openssl:0.9.7l cpe:/a:openssl:openssl:0.9.7m cpe:/a:openssl:openssl:0.9.8 cpe:/a:openssl:openssl:0.9.8a cpe:/a:openssl:openssl:0.9.8b cpe:/a:openssl:openssl:0.9.8c cpe:/a:openssl:openssl:0.9.8d cpe:/a:openssl:openssl:0.9.8e cpe:/a:openssl:openssl:0.9.8f cpe:/a:openssl:openssl:0.9.8g cpe:/a:openssl:openssl:0.9.8h cpe:/a:openssl:openssl:0.9.8i cpe:/a:openssl:openssl:0.9.8j CVE-2009-0789 2009-03-27T12:30:02.140-04:00 2017-08-16T21:30:01.207-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov NETBSD NetBSD-SA2009-008 APPLE APPLE-SA-2009-09-10-2 SUSE SUSE-SR:2009:010 SUSE openSUSE-SU-2011:0845 SUSE SUSE-SU-2011:0847 HP SSRT090059 HP HPSBOV02540 SECTRACK 1021906 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 CONFIRM http://support.apple.com/kb/HT3865 CONFIRM http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html CONFIRM http://www.openssl.org/news/secadv_20090325.txt CONFIRM http://www.php.net/archive/2009.php#id2009-04-08-1 BID 34256 VUPEN ADV-2009-0850 VUPEN ADV-2009-1020 VUPEN ADV-2009-1175 VUPEN ADV-2009-1548 XF openssl-asn1-structure-dos(49433) CONFIRM https://kb.bluecoat.com/index?page=content&id=SA50 OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. cpe:/a:strongswan:strongswan:2.4.0 cpe:/a:strongswan:strongswan:2.4.0a cpe:/a:strongswan:strongswan:2.4.1 cpe:/a:strongswan:strongswan:2.4.2 cpe:/a:strongswan:strongswan:2.4.3 cpe:/a:strongswan:strongswan:2.4.4 cpe:/a:strongswan:strongswan:2.6.0 cpe:/a:strongswan:strongswan:2.6.1 cpe:/a:strongswan:strongswan:2.6.2 cpe:/a:strongswan:strongswan:2.6.3 cpe:/a:strongswan:strongswan:2.6.4 cpe:/a:strongswan:strongswan:2.8.0 cpe:/a:strongswan:strongswan:2.8.1 cpe:/a:strongswan:strongswan:2.8.2 cpe:/a:strongswan:strongswan:2.8.3 cpe:/a:strongswan:strongswan:2.8.4 cpe:/a:strongswan:strongswan:2.8.5 cpe:/a:strongswan:strongswan:2.8.6 cpe:/a:strongswan:strongswan:2.8.7 cpe:/a:strongswan:strongswan:2.8.8 cpe:/a:strongswan:strongswan:4.2.0 cpe:/a:strongswan:strongswan:4.2.1 cpe:/a:strongswan:strongswan:4.2.2 cpe:/a:strongswan:strongswan:4.2.3 cpe:/a:strongswan:strongswan:4.2.4 cpe:/a:strongswan:strongswan:4.2.5 cpe:/a:strongswan:strongswan:4.2.6 cpe:/a:strongswan:strongswan:4.2.7 cpe:/a:strongswan:strongswan:4.2.8 cpe:/a:strongswan:strongswan:4.2.9 cpe:/a:strongswan:strongswan:4.2.10 cpe:/a:strongswan:strongswan:4.2.11 cpe:/a:strongswan:strongswan:4.2.12 cpe:/a:strongswan:strongswan:4.2.13 cpe:/a:xelerance:openswan:2.4.0 cpe:/a:xelerance:openswan:2.4.1 cpe:/a:xelerance:openswan:2.4.2 cpe:/a:xelerance:openswan:2.4.3 cpe:/a:xelerance:openswan:2.4.4 cpe:/a:xelerance:openswan:2.4.5 cpe:/a:xelerance:openswan:2.4.9 cpe:/a:xelerance:openswan:2.4.10 cpe:/a:xelerance:openswan:2.6.03 cpe:/a:xelerance:openswan:2.6.04 cpe:/a:xelerance:openswan:2.6.05 cpe:/a:xelerance:openswan:2.6.06 cpe:/a:xelerance:openswan:2.6.07 cpe:/a:xelerance:openswan:2.6.08 cpe:/a:xelerance:openswan:2.6.09 cpe:/a:xelerance:openswan:2.6.10 cpe:/a:xelerance:openswan:2.6.11 cpe:/a:xelerance:openswan:2.6.12 cpe:/a:xelerance:openswan:2.6.13 cpe:/a:xelerance:openswan:2.6.14 cpe:/a:xelerance:openswan:2.6.15 cpe:/a:xelerance:openswan:2.6.16 cpe:/a:xelerance:openswan:2.6.17 cpe:/a:xelerance:openswan:2.6.18 cpe:/a:xelerance:openswan:2.6.19 cpe:/a:xelerance:openswan:2.6.20 CVE-2009-0790 2009-04-01T06:30:00.267-04:00 2019-07-29T10:24:46.720-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://download.strongswan.org/CHANGES4.txt SUSE SUSE-SR:2009:009 DEBIAN DSA-1759 DEBIAN DSA-1760 CONFIRM http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt REDHAT RHSA-2009:0402 BUGTRAQ 20090330 CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec BID 34296 SECTRACK 1021949 SECTRACK 1021950 VUPEN ADV-2009-0886 XF openswan-strongswan-dpd-dos(49523) The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.3.7 CVE-2009-0791 2009-06-09T13:30:00.267-04:00 2017-09-28T21:34:02.543-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SUSE SUSE-SR:2009:012 SECTRACK 1022326 MANDRIVA MDVSA-2009:334 REDHAT RHSA-2009:1083 BID 35195 VUPEN ADV-2009-1488 VUPEN ADV-2009-2928 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=491840 XF cups-pdftops-filter-bo(50941) REDHAT RHSA-2009:1500 REDHAT RHSA-2009:1501 REDHAT RHSA-2009:1502 REDHAT RHSA-2009:1503 REDHAT RHSA-2009:1512 Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. cpe:/a:argyllcms:argyllcms:0.1.0 cpe:/a:argyllcms:argyllcms:0.2.0 cpe:/a:argyllcms:argyllcms:0.2.1 cpe:/a:argyllcms:argyllcms:0.2.2 cpe:/a:argyllcms:argyllcms:0.3.0 cpe:/a:argyllcms:argyllcms:0.6.0 cpe:/a:argyllcms:argyllcms:0.7.0:beta_8 cpe:/a:argyllcms:argyllcms:1.0.0 cpe:/a:argyllcms:argyllcms:1.0.2 cpe:/a:argyllcms:argyllcms:1.0.3 cpe:/a:ghostscript:ghostscript:5.50 cpe:/a:ghostscript:ghostscript:7.05 cpe:/a:ghostscript:ghostscript:7.07 cpe:/a:ghostscript:ghostscript:8.0.1 cpe:/a:ghostscript:ghostscript:8.15 cpe:/a:ghostscript:ghostscript:8.15.2 cpe:/a:ghostscript:ghostscript:8.54 cpe:/a:ghostscript:ghostscript:8.56 cpe:/a:ghostscript:ghostscript:8.57 cpe:/a:ghostscript:ghostscript:8.61 cpe:/a:ghostscript:ghostscript:8.62 cpe:/a:ghostscript:ghostscript:8.63 cpe:/a:ghostscript:ghostscript:8.64 CVE-2009-0792 2009-04-14T12:26:56.110-04:00 2018-10-10T15:31:20.503-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS SUSE SUSE-SR:2009:009 SUSE SUSE-SR:2009:011 GENTOO GLSA-201412-17 SUNALERT 262288 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0060 MANDRIVA MDVSA-2009:095 MANDRIVA MDVSA-2009:096 REDHAT RHSA-2009:0420 REDHAT RHSA-2009:0421 BUGTRAQ 20090417 rPSA-2009-0060-1 ghostscript VUPEN ADV-2009-1708 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=491853 XF ghostscript-icc-bo(50381) UBUNTU USN-757-1 FEDORA FEDORA-2009-3430 FEDORA FEDORA-2009-3435 FEDORA FEDORA-2009-3709 FEDORA FEDORA-2009-3710 Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583. cpe:/a:littlecms:lcms:1.18 cpe:/a:sun:openjdk:6 CVE-2009-0793 2009-04-09T11:08:35.640-04:00 2017-09-28T21:34:02.717-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov GENTOO GLSA-200904-19 DEBIAN DSA-1769 MANDRIVA MDVSA-2009:121 MANDRIVA MDVSA-2009:137 MANDRIVA MDVSA-2009:162 BID 34411 BID 34420 UBUNTU USN-1043-1 VUPEN ADV-2009-0963 VUPEN ADV-2009-0964 VUPEN ADV-2011-0087 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=492353 REDHAT RHSA-2009:0377 FEDORA FEDORA-2009-3425 FEDORA FEDORA-2009-3426 FEDORA FEDORA-2009-3914 FEDORA FEDORA-2009-3967 cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." cpe:/a:sun:openjdk:1.6.0.0 CVE-2009-0794 2009-04-13T12:30:00.280-04:00 2017-08-16T21:30:01.537-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov MLIST [distro-pkg-dev] 20090211 changeset in /hg/icedtea6: 2009-02-11 Omair Majid <omajid at redh... MANDRIVA MDVSA-2009:137 MANDRIVA MDVSA-2009:162 VUPEN ADV-2009-0965 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=492367 XF pulsejava--pulseaudiotargetdatal-dos(50383) FEDORA FEDORA-2009-3425 FEDORA FEDORA-2009-3426 Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote attackers to cause a denial of service (applet crash) via a crafted Pulse Audio source data line. CVE-2009-0795 2009-04-07T21:30:00.280-04:00 2009-04-07T21:30:00.453-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0796, CVE-2009-1265. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a different issue. Notes: All CVE users should consult CVE-2009-0796 and CVE-2009-1265 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:apache:mod_perl:1 cpe:/a:apache:mod_perl:2 CVE-2009-0796 2009-04-07T19:30:00.233-04:00 2018-10-10T15:31:24.300-04:00 2.6 NETWORK HIGH NONE NONE PARTIAL NONE http://nvd.nist.gov APPLE APPLE-SA-2010-11-10-1 SUNALERT 1021508 SUNALERT 1021709 CONFIRM http://support.apple.com/kb/HT4435 CONFIRM http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=h CONFIRM http://svn.apache.org/viewvc?view=rev&revision=761081 MLIST [modperl] 20090401 [SECURITY] [CVE-2009-0796] Vulnerability found in Apache::Status and Apache2::Status MLIST [modperl-cvs] 20090401 svn commit: r761081 - in /perl/modperl/branches/1.x: Changes lib/Apache/Status.pm MANDRIVA MDVSA-2009:091 BUGTRAQ 20090415 XSS with mod_perl perl_status utility BID 34383 SECTRACK 1021988 VUPEN ADV-2009-0943 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=494402 MISC https://launchpad.net/bugs/cve/2009-0796 Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI. CVE-2009-0797 2017-05-26T17:29:00.217-04:00 2017-05-26T17:29:00.217-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. cpe:/a:tim_hockin:acpid:0.99.0 cpe:/a:tim_hockin:acpid:0.99.1 cpe:/a:tim_hockin:acpid:0.99.4 cpe:/a:tim_hockin:acpid:1.0.0 cpe:/a:tim_hockin:acpid:1.0.1 cpe:/a:tim_hockin:acpid:1.0.2 cpe:/a:tim_hockin:acpid:1.0.3 cpe:/a:tim_hockin:acpid:1.0.4 cpe:/a:tim_hockin:acpid:1.0.6 cpe:/a:tim_hockin:acpid:1.0.8 cpe:/a:tim_hockin:acpid:20010510 CVE-2009-0798 2009-04-24T11:30:00.250-04:00 2017-09-28T21:34:02.857-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov DEBIAN DSA-1786 GENTOO GLSA-200905-06 MANDRIVA MDVSA-2009:107 REDHAT RHSA-2009:0474 BID 34692 SECTRACK 1022182 UBUNTU USN-766-1 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=494443 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=502583 XF acpid-socket-dos(50060) FEDORA FEDORA-2009-5578 FEDORA FEDORA-2009-5608 ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. cpe:/a:apple:cups:1.1 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.4 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.1.6-1 cpe:/a:apple:cups:1.1.6-2 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.1.8 cpe:/a:apple:cups:1.1.9 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.10-1 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.1.12 cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.15 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.1.19 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.21 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.23 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.2.2 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.2.7 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.2.9 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.3.2 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.3.6 cpe:/a:apple:cups:1.3.7 cpe:/a:apple:cups:1.3.8 cpe:/a:apple:cups:1.3.9 cpe:/a:apple:cups:1.3.10 cpe:/a:apple:cups:1.3.11 cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.7a cpe:/a:foolabs:xpdf:0.91a cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.92c cpe:/a:foolabs:xpdf:0.92d cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.93a cpe:/a:foolabs:xpdf:0.93b cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:1.00a cpe:/a:glyphandcog:xpdfreader:0.2 cpe:/a:glyphandcog:xpdfreader:0.3 cpe:/a:glyphandcog:xpdfreader:0.4 cpe:/a:glyphandcog:xpdfreader:0.5 cpe:/a:glyphandcog:xpdfreader:0.6 cpe:/a:glyphandcog:xpdfreader:0.7 cpe:/a:glyphandcog:xpdfreader:0.80 cpe:/a:glyphandcog:xpdfreader:0.90 cpe:/a:glyphandcog:xpdfreader:0.91 cpe:/a:glyphandcog:xpdfreader:0.92 cpe:/a:glyphandcog:xpdfreader:0.93 cpe:/a:glyphandcog:xpdfreader:1.00 cpe:/a:glyphandcog:xpdfreader:1.01 cpe:/a:glyphandcog:xpdfreader:2.00 cpe:/a:glyphandcog:xpdfreader:2.01 cpe:/a:glyphandcog:xpdfreader:2.02 cpe:/a:glyphandcog:xpdfreader:2.03 cpe:/a:glyphandcog:xpdfreader:3.00 cpe:/a:glyphandcog:xpdfreader:3.01 cpe:/a:glyphandcog:xpdfreader:3.02 cpe:/a:poppler:poppler:0.1 cpe:/a:poppler:poppler:0.1.1 cpe:/a:poppler:poppler:0.1.2 cpe:/a:poppler:poppler:0.2.0 cpe:/a:poppler:poppler:0.3.0 cpe:/a:poppler:poppler:0.3.1 cpe:/a:poppler:poppler:0.3.2 cpe:/a:poppler:poppler:0.3.3 cpe:/a:poppler:poppler:0.4.0 cpe:/a:poppler:poppler:0.4.1 cpe:/a:poppler:poppler:0.4.2 cpe:/a:poppler:poppler:0.4.3 cpe:/a:poppler:poppler:0.4.4 cpe:/a:poppler:poppler:0.5.0 cpe:/a:poppler:poppler:0.5.1 cpe:/a:poppler:poppler:0.5.2 cpe:/a:poppler:poppler:0.5.3 cpe:/a:poppler:poppler:0.5.4 cpe:/a:poppler:poppler:0.5.9 cpe:/a:poppler:poppler:0.5.90 cpe:/a:poppler:poppler:0.5.91 cpe:/a:poppler:poppler:0.6.0 cpe:/a:poppler:poppler:0.6.1 cpe:/a:poppler:poppler:0.6.2 cpe:/a:poppler:poppler:0.6.3 cpe:/a:poppler:poppler:0.6.4 cpe:/a:poppler:poppler:0.7.0 cpe:/a:poppler:poppler:0.7.1 cpe:/a:poppler:poppler:0.7.2 cpe:/a:poppler:poppler:0.7.3 cpe:/a:poppler:poppler:0.8.0 cpe:/a:poppler:poppler:0.8.1 cpe:/a:poppler:poppler:0.8.2 cpe:/a:poppler:poppler:0.8.3 cpe:/a:poppler:poppler:0.8.4 cpe:/a:poppler:poppler:0.8.5 cpe:/a:poppler:poppler:0.8.6 cpe:/a:poppler:poppler:0.8.7 cpe:/a:poppler:poppler:0.9.0 cpe:/a:poppler:poppler:0.9.1 cpe:/a:poppler:poppler:0.9.2 cpe:/a:poppler:poppler:0.9.3 cpe:/a:poppler:poppler:0.10.0 cpe:/a:poppler:poppler:0.10.1 cpe:/a:poppler:poppler:0.10.2 cpe:/a:poppler:poppler:0.10.3 cpe:/a:poppler:poppler:0.10.4 cpe:/a:poppler:poppler:0.10.5 CVE-2009-0799 2009-04-23T13:30:01.703-04:00 2019-03-06T11:30:38.330-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886 SUSE SUSE-SA:2009:024 SUSE SUSE-SR:2009:010 SUSE SUSE-SR:2009:012 CONFIRM http://poppler.freedesktop.org/releases.html REDHAT RHSA-2009:0458 SLACKWARE SSA:2009-129-01 DEBIAN DSA-1790 DEBIAN DSA-1793 CERT-VN VU#196617 MANDRIVA MDVSA-2009:101 MANDRIVA MDVSA-2010:087 MANDRIVA MDVSA-2011:175 REDHAT RHSA-2009:0429 REDHAT RHSA-2009:0430 REDHAT RHSA-2009:0431 REDHAT RHSA-2009:0480 BID 34568 SECTRACK 1022072 VUPEN ADV-2009-1065 VUPEN ADV-2009-1066 VUPEN ADV-2009-1076 VUPEN ADV-2009-1077 VUPEN ADV-2010-1040 FEDORA FEDORA-2009-6972 FEDORA FEDORA-2009-6973 FEDORA FEDORA-2009-6982 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. cpe:/a:apple:cups:1.1 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.4 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.1.6-1 cpe:/a:apple:cups:1.1.6-2 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.1.8 cpe:/a:apple:cups:1.1.9 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.10-1 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.1.12 cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.15 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.1.19 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.21 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.23 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.2.2 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.2.7 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.2.9 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.3.2 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.3.6 cpe:/a:apple:cups:1.3.7 cpe:/a:apple:cups:1.3.8 cpe:/a:apple:cups:1.3.9 cpe:/a:apple:cups:1.3.10 cpe:/a:apple:cups:1.3.11 cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.7a cpe:/a:foolabs:xpdf:0.91a cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.92c cpe:/a:foolabs:xpdf:0.92d cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.93a cpe:/a:foolabs:xpdf:0.93b cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:1.00a cpe:/a:glyphandcog:xpdfreader:0.2 cpe:/a:glyphandcog:xpdfreader:0.3 cpe:/a:glyphandcog:xpdfreader:0.4 cpe:/a:glyphandcog:xpdfreader:0.5 cpe:/a:glyphandcog:xpdfreader:0.6 cpe:/a:glyphandcog:xpdfreader:0.7 cpe:/a:glyphandcog:xpdfreader:0.80 cpe:/a:glyphandcog:xpdfreader:0.90 cpe:/a:glyphandcog:xpdfreader:0.91 cpe:/a:glyphandcog:xpdfreader:0.92 cpe:/a:glyphandcog:xpdfreader:0.93 cpe:/a:glyphandcog:xpdfreader:1.00 cpe:/a:glyphandcog:xpdfreader:1.01 cpe:/a:glyphandcog:xpdfreader:2.00 cpe:/a:glyphandcog:xpdfreader:2.01 cpe:/a:glyphandcog:xpdfreader:2.02 cpe:/a:glyphandcog:xpdfreader:2.03 cpe:/a:glyphandcog:xpdfreader:3.00 cpe:/a:glyphandcog:xpdfreader:3.01 cpe:/a:glyphandcog:xpdfreader:3.02 cpe:/a:poppler:poppler:0.1 cpe:/a:poppler:poppler:0.1.1 cpe:/a:poppler:poppler:0.1.2 cpe:/a:poppler:poppler:0.2.0 cpe:/a:poppler:poppler:0.3.0 cpe:/a:poppler:poppler:0.3.1 cpe:/a:poppler:poppler:0.3.2 cpe:/a:poppler:poppler:0.3.3 cpe:/a:poppler:poppler:0.4.0 cpe:/a:poppler:poppler:0.4.1 cpe:/a:poppler:poppler:0.4.2 cpe:/a:poppler:poppler:0.4.3 cpe:/a:poppler:poppler:0.4.4 cpe:/a:poppler:poppler:0.5.0 cpe:/a:poppler:poppler:0.5.1 cpe:/a:poppler:poppler:0.5.2 cpe:/a:poppler:poppler:0.5.3 cpe:/a:poppler:poppler:0.5.4 cpe:/a:poppler:poppler:0.5.9 cpe:/a:poppler:poppler:0.5.90 cpe:/a:poppler:poppler:0.5.91 cpe:/a:poppler:poppler:0.6.0 cpe:/a:poppler:poppler:0.6.1 cpe:/a:poppler:poppler:0.6.2 cpe:/a:poppler:poppler:0.6.3 cpe:/a:poppler:poppler:0.6.4 cpe:/a:poppler:poppler:0.7.0 cpe:/a:poppler:poppler:0.7.1 cpe:/a:poppler:poppler:0.7.2 cpe:/a:poppler:poppler:0.7.3 cpe:/a:poppler:poppler:0.8.0 cpe:/a:poppler:poppler:0.8.1 cpe:/a:poppler:poppler:0.8.2 cpe:/a:poppler:poppler:0.8.3 cpe:/a:poppler:poppler:0.8.4 cpe:/a:poppler:poppler:0.8.5 cpe:/a:poppler:poppler:0.8.6 cpe:/a:poppler:poppler:0.8.7 cpe:/a:poppler:poppler:0.9.0 cpe:/a:poppler:poppler:0.9.1 cpe:/a:poppler:poppler:0.9.2 cpe:/a:poppler:poppler:0.9.3 cpe:/a:poppler:poppler:0.10.0 cpe:/a:poppler:poppler:0.10.1 cpe:/a:poppler:poppler:0.10.2 cpe:/a:poppler:poppler:0.10.3 cpe:/a:poppler:poppler:0.10.4 cpe:/a:poppler:poppler:0.10.5 CVE-2009-0800 2009-04-23T13:30:01.717-04:00 2019-03-06T11:30:38.330-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SUSE SUSE-SA:2009:024 SUSE SUSE-SR:2009:010 SUSE SUSE-SR:2009:012 CONFIRM http://poppler.freedesktop.org/releases.html REDHAT RHSA-2009:0458 SLACKWARE SSA:2009-129-01 DEBIAN DSA-1790 DEBIAN DSA-1793 CERT-VN VU#196617 MANDRIVA MDVSA-2009:101 MANDRIVA MDVSA-2010:087 MANDRIVA MDVSA-2011:175 REDHAT RHSA-2009:0429 REDHAT RHSA-2009:0430 REDHAT RHSA-2009:0431 REDHAT RHSA-2009:0480 BID 34568 SECTRACK 1022073 VUPEN ADV-2009-1065 VUPEN ADV-2009-1066 VUPEN ADV-2009-1076 VUPEN ADV-2009-1077 VUPEN ADV-2010-1040 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=495887 FEDORA FEDORA-2009-6972 FEDORA FEDORA-2009-6973 FEDORA FEDORA-2009-6982 Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. cpe:/a:squid:squid_web_proxy_cache:2.7 cpe:/a:squid:squid_web_proxy_cache:2.7.stable5 cpe:/a:squid:squid_web_proxy_cache:2.7.stable6 cpe:/a:squid:squid_web_proxy_cache:3.0 cpe:/a:squid:squid_web_proxy_cache:3.0_pre1 cpe:/a:squid:squid_web_proxy_cache:3.0_pre2 cpe:/a:squid:squid_web_proxy_cache:3.0_pre3 cpe:/a:squid:squid_web_proxy_cache:3.0_stable1 cpe:/a:squid:squid_web_proxy_cache:3.0_stable2 cpe:/a:squid:squid_web_proxy_cache:3.0_stable3 cpe:/a:squid:squid_web_proxy_cache:3.0_stable4 cpe:/a:squid:squid_web_proxy_cache:3.0_stable5 cpe:/a:squid:squid_web_proxy_cache:3.0_stable6 cpe:/a:squid:squid_web_proxy_cache:3.0_stable7 cpe:/a:squid:squid_web_proxy_cache:3.0_stable12 cpe:/a:squid:squid_web_proxy_cache:3.0_stable13 CVE-2009-0801 2009-03-04T11:30:00.170-05:00 2009-06-18T00:00:00.000-04:00 5.4 NETWORK HIGH NONE COMPLETE NONE NONE http://nvd.nist.gov 2009-03-04T12:38:00.000-05:00 CERT-VN VU#435052 BID 33858 Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. cpe:/a:qbik:wingate:6.0.0 cpe:/a:qbik:wingate:6.0.1_build_993 cpe:/a:qbik:wingate:6.0.1_build_995 cpe:/a:qbik:wingate:6.0.2_build_1000 cpe:/a:qbik:wingate:6.0.2_build_1001 cpe:/a:qbik:wingate:6.0.3_build_1005 cpe:/a:qbik:wingate:6.1 cpe:/a:qbik:wingate:6.1.1.1077 cpe:/a:qbik:wingate:6.1.2 cpe:/a:qbik:wingate:6.1.3 cpe:/a:qbik:wingate:6.1.4 cpe:/a:qbik:wingate:6.2 cpe:/a:qbik:wingate:6.2.1 cpe:/a:qbik:wingate:6.2.2 cpe:/a:qbik:wingate:6.5.2 CVE-2009-0802 2009-03-04T11:30:00.203-05:00 2009-06-18T00:00:00.000-04:00 5.4 NETWORK HIGH NONE COMPLETE NONE NONE http://nvd.nist.gov 2009-03-04T13:12:00.000-05:00 CERT-VN VU#435052 BID 33858 Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. cpe:/a:smoothwall:networkguardian:2008 cpe:/a:smoothwall:schoolguardian:2008 cpe:/a:smoothwall:smoothguardian:2008 CVE-2009-0803 2009-03-04T11:30:00.217-05:00 2009-06-18T00:00:00.000-04:00 5.4 NETWORK HIGH NONE COMPLETE NONE NONE http://nvd.nist.gov 2009-03-04T13:48:00.000-05:00 CERT-VN VU#435052 CONFIRM http://www.kb.cert.org/vuls/id/MAPG-7M6SM7 BID 33858 SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. cpe:/a:ziproxy:ziproxy:2.6.0 CVE-2009-0804 2009-03-04T11:30:00.250-05:00 2009-06-18T00:00:00.000-04:00 5.4 NETWORK HIGH NONE COMPLETE NONE NONE http://nvd.nist.gov 2009-03-04T14:02:00.000-05:00 CERT-VN VU#435052 CONFIRM http://www.kb.cert.org/vuls/id/MAPG-7N9GN8 BID 33858 Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. cpe:/a:mihai_bazon:pical:0.91h CVE-2009-0805 2009-03-04T12:30:02.517-05:00 2009-03-05T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-03-05T08:42:00.000-05:00 JVN JVN#91591874 JVNDB JVNDB-2009-000013 BID 33896 CONFIRM http://xoops.peak.ne.jp/md/news/ CONFIRM http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=476&easiestml_lang=xlang%3Aen Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. cpe:/a:opengoo:opengoo:0.1:alpha cpe:/a:opengoo:opengoo:0.2:alpha cpe:/a:opengoo:opengoo:0.3:alpha cpe:/a:opengoo:opengoo:0.4:alpha cpe:/a:opengoo:opengoo:0.5:beta cpe:/a:opengoo:opengoo:0.5.1:beta cpe:/a:opengoo:opengoo:0.5.2:beta cpe:/a:opengoo:opengoo:0.6.0 cpe:/a:opengoo:opengoo:0.6.2 cpe:/a:opengoo:opengoo:0.6.4 cpe:/a:opengoo:opengoo:0.6.6 cpe:/a:opengoo:opengoo:0.7 cpe:/a:opengoo:opengoo:0.7.1 cpe:/a:opengoo:opengoo:0.8 cpe:/a:opengoo:opengoo:0.9 cpe:/a:opengoo:opengoo:0.9:rc2 cpe:/a:opengoo:opengoo:0.9.1 cpe:/a:opengoo:opengoo:0.9.2 cpe:/a:opengoo:opengoo:1.0 cpe:/a:opengoo:opengoo:1.0:rc1 cpe:/a:opengoo:opengoo:1.0:rc2 cpe:/a:opengoo:opengoo:1.0:rc3 cpe:/a:opengoo:opengoo:1.1 cpe:/a:opengoo:opengoo:1.1:beta cpe:/a:opengoo:opengoo:1.1:rc1 cpe:/a:opengoo:opengoo:1.1:rc2 cpe:/a:opengoo:opengoo:1.2 cpe:/a:opengoo:opengoo:1.2:beta cpe:/a:opengoo:opengoo:1.2:beta_2 cpe:/a:opengoo:opengoo:1.2:rc1 cpe:/a:opengoo:opengoo:1.2:rc2 CVE-2009-0806 2009-03-04T12:30:02.530-05:00 2009-03-05T00:00:00.000-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-03-05T08:53:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://sourceforge.net/project/shownotes.php?release_id=663706 BID 33897 Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors. cpe:/a:zfeeder:zfeeder:1.6 CVE-2009-0807 2009-03-04T12:30:02.547-05:00 2017-09-28T21:34:03.217-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS XF zfeeder-admin-security-bypass(48866) EXPLOIT-DB 8092 zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php. cpe:/a:simple_cmms:simplecmms:0.1.0 CVE-2009-0808 2009-03-04T12:30:02.577-05:00 2017-08-16T21:30:01.757-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS CONFIRM http://sourceforge.net/project/shownotes.php?release_id=661656&group_id=245458 VUPEN ADV-2009-0490 XF simplecmms-unspecified-sql-injection(48883) Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. cpe:/a:3ds:enovia_smarteam:5.18 cpe:/a:ibm:catia:5.16 cpe:/a:ibm:catia:5.17 cpe:/a:ibm:catia:5.18 CVE-2009-0809 2009-03-04T12:30:02.593-05:00 2009-07-22T00:00:00.000-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL NONE NONE http://nvd.nist.gov 2009-03-05T09:20:00.000-05:00 BID 33895 VUPEN ADV-2009-0525 AIXAPAR HD80332 The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object. cpe:/a:xatrix:xguestbook:2.0 CVE-2009-0810 2009-03-04T12:30:02.610-05:00 2017-09-28T21:34:03.263-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33875 VUPEN ADV-2009-0523 XF xguestbook-login-sql-injection(48881) EXPLOIT-DB 8101 SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter. cpe:/a:sopcast:sopcore_activex_control:3.0.3.501 CVE-2009-0811 2009-03-04T12:30:02.640-05:00 2018-10-10T15:31:26.017-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://retrogod.altervista.org/9sg_sopcastia.html BUGTRAQ 20090226 Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc BID 33920 XF sopcast-setexternalplayer-code-execution(48955) Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method. cpe:/a:bpsoft:hex_workshop:1.0 cpe:/a:bpsoft:hex_workshop:2.00 cpe:/a:bpsoft:hex_workshop:2.01 cpe:/a:bpsoft:hex_workshop:2.10 cpe:/a:bpsoft:hex_workshop:2.20 cpe:/a:bpsoft:hex_workshop:2.50 cpe:/a:bpsoft:hex_workshop:2.52 cpe:/a:bpsoft:hex_workshop:2.53 cpe:/a:bpsoft:hex_workshop:2.54 cpe:/a:bpsoft:hex_workshop:3.00 cpe:/a:bpsoft:hex_workshop:3.02 cpe:/a:bpsoft:hex_workshop:3.10 cpe:/a:bpsoft:hex_workshop:3.11 cpe:/a:bpsoft:hex_workshop:4.00 cpe:/a:bpsoft:hex_workshop:4.10 cpe:/a:bpsoft:hex_workshop:4.20 cpe:/a:bpsoft:hex_workshop:4.21 cpe:/a:bpsoft:hex_workshop:4.22 cpe:/a:bpsoft:hex_workshop:4.23 cpe:/a:bpsoft:hex_workshop:5.0 cpe:/a:bpsoft:hex_workshop:5.1 cpe:/a:bpsoft:hex_workshop:5.1.3 cpe:/a:bpsoft:hex_workshop:5.1.4 cpe:/a:bpsoft:hex_workshop:5.02 cpe:/a:bpsoft:hex_workshop:6.0.0 cpe:/a:bpsoft:hex_workshop:6.0.1 CVE-2009-0812 2009-03-04T12:30:02.657-05:00 2018-10-10T15:31:26.457-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS EXPLOIT-DB 9550 BUGTRAQ 20090227 Hex Workshop <= v6 (.hex) File Local Code BID 33932 XF hexworkshop-hex-bo(48970) EXPLOIT-DB 8121 Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained from third party information. cpe:/a:imera:teamlinks:- CVE-2009-0813 2009-03-04T21:30:00.530-05:00 2017-09-28T21:34:03.373-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS VUPEN ADV-2009-0591 XF imera-imeraieplugin-code-execution(49028) EXPLOIT-DB 8144 Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters. cpe:/a:blogsa:blogsa:1.0beta3 CVE-2009-0814 2009-03-04T21:30:00.547-05:00 2018-10-10T15:31:27.110-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090302 Blogsa <= 1.0 Beta 3 XSS Vulnerability BID 33957 XF blogsa-widgets-xss(49024) Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. cpe:/a:typo3:typo3:3.3.x cpe:/a:typo3:typo3:3.5.x cpe:/a:typo3:typo3:3.6.x cpe:/a:typo3:typo3:3.7.x cpe:/a:typo3:typo3:3.8.x cpe:/a:typo3:typo3:4.0 cpe:/a:typo3:typo3:4.1 cpe:/a:typo3:typo3:4.1.0 cpe:/a:typo3:typo3:4.1.2 cpe:/a:typo3:typo3:4.1.3 cpe:/a:typo3:typo3:4.1.4 cpe:/a:typo3:typo3:4.1.5 cpe:/a:typo3:typo3:4.1.6 cpe:/a:typo3:typo3:4.1.7 cpe:/a:typo3:typo3:4.1.8 cpe:/a:typo3:typo3:4.1.9 cpe:/a:typo3:typo3:4.2 cpe:/a:typo3:typo3:4.2.0 cpe:/a:typo3:typo3:4.2.1 cpe:/a:typo3:typo3:4.2.2 cpe:/a:typo3:typo3:4.2.3 cpe:/a:typo3:typo3:4.2.4 cpe:/a:typo3:typo3:4.2.5 cpe:/a:typo3:typo3:4.3:alpha1 CVE-2009-0815 2009-03-04T21:30:00.563-05:00 2010-04-27T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-03-05T12:21:00.000-05:00 CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/ DEBIAN DSA-1720 MLIST [oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002) SECTRACK 1021710 The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request. cpe:/a:typo3:typo3:4.0 cpe:/a:typo3:typo3:4.0.1 cpe:/a:typo3:typo3:4.0.2 cpe:/a:typo3:typo3:4.0.3 cpe:/a:typo3:typo3:4.0.4 cpe:/a:typo3:typo3:4.0.5 cpe:/a:typo3:typo3:4.0.6 cpe:/a:typo3:typo3:4.0.7 cpe:/a:typo3:typo3:4.0.8 cpe:/a:typo3:typo3:4.0.9 cpe:/a:typo3:typo3:4.0.10 cpe:/a:typo3:typo3:4.0.11 cpe:/a:typo3:typo3:4.1 cpe:/a:typo3:typo3:4.1.1 cpe:/a:typo3:typo3:4.1.2 cpe:/a:typo3:typo3:4.1.3 cpe:/a:typo3:typo3:4.1.4 cpe:/a:typo3:typo3:4.1.5 cpe:/a:typo3:typo3:4.1.6 cpe:/a:typo3:typo3:4.1.7 cpe:/a:typo3:typo3:4.1.8 cpe:/a:typo3:typo3:4.1.9 cpe:/a:typo3:typo3:4.2 cpe:/a:typo3:typo3:4.2.1 cpe:/a:typo3:typo3:4.2.2 cpe:/a:typo3:typo3:4.2.3 cpe:/a:typo3:typo3:4.2.4 cpe:/a:typo3:typo3:4.2.5 CVE-2009-0816 2009-03-04T21:30:00.577-05:00 2010-04-27T01:49:50.127-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/ DEBIAN DSA-1720 MLIST [oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002) SECTRACK 1021709 Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. cpe:/a:drupal:protected_node_module:5.x cpe:/a:drupal:protected_node_module:5.x-1.0 cpe:/a:drupal:protected_node_module:5.x-1.2 cpe:/a:drupal:protected_node_module:5.x-1.3 cpe:/a:drupal:protected_node_module:5.x-1.x-dev cpe:/a:drupal:protected_node_module:6.x-1.0 cpe:/a:drupal:protected_node_module:6.x-1.2 cpe:/a:drupal:protected_node_module:6.x-1.3 cpe:/a:drupal:protected_node_module:6.x-1.4 CVE-2009-0817 2009-03-04T21:30:00.610-05:00 2017-08-16T21:30:02.147-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://drupal.org/node/385950 CONFIRM http://drupal.org/node/386604 CONFIRM http://drupal.org/node/386606 MISC http://lampsecurity.org/node/28 VUPEN ADV-2009-0572 XF protectednode-passwordpage-xss(48980) Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module. cpe:/a:drupal:taxonomy_theme_module:5.x-1.1 CVE-2009-0818 2009-03-04T21:30:00.627-05:00 2017-08-16T21:30:02.207-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://drupal.org/node/386940 CONFIRM http://drupal.org/node/386942 BID 33923 XF drupal-taxonomy-name-xss(48979) Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information. cpe:/a:mysql:mysql:5.1 cpe:/a:mysql:mysql:5.1.1 cpe:/a:mysql:mysql:5.1.2 cpe:/a:mysql:mysql:5.1.3 cpe:/a:mysql:mysql:5.1.10 cpe:/a:mysql:mysql:5.1.11 cpe:/a:mysql:mysql:5.1.12 cpe:/a:mysql:mysql:5.1.13 cpe:/a:mysql:mysql:5.1.14 cpe:/a:mysql:mysql:5.1.15 cpe:/a:mysql:mysql:5.1.16 cpe:/a:mysql:mysql:5.1.17 cpe:/a:mysql:mysql:5.1.18 cpe:/a:mysql:mysql:5.1.19 cpe:/a:mysql:mysql:5.1.20 cpe:/a:mysql:mysql:5.1.21 cpe:/a:mysql:mysql:5.1.22 cpe:/a:mysql:mysql:5.1.23 cpe:/a:mysql:mysql:5.1.23:a cpe:/a:mysql:mysql:5.1.23_bk cpe:/a:mysql:mysql:5.1.23a cpe:/a:mysql:mysql:5.1.24 cpe:/a:mysql:mysql:5.1.25 cpe:/a:mysql:mysql:5.1.26 cpe:/a:mysql:mysql:5.1.27 cpe:/a:mysql:mysql:5.1.28 cpe:/a:mysql:mysql:5.1.29 cpe:/a:mysql:mysql:5.1.30 cpe:/a:mysql:mysql:5.1.31 cpe:/a:mysql:mysql:5.1.31:sp1 cpe:/a:mysql:mysql:5.1.32-bzr cpe:/a:mysql:mysql:6.0.0 cpe:/a:mysql:mysql:6.0.1 cpe:/a:mysql:mysql:6.0.2 cpe:/a:mysql:mysql:6.0.3 cpe:/a:mysql:mysql:6.0.4 cpe:/a:mysql:mysql:6.0.9 cpe:/a:mysql:mysql:6.0.10-bzr CVE-2009-0819 2009-03-04T21:30:00.657-05:00 2017-09-28T21:34:03.450-04:00 4.0 NETWORK LOW SINGLE_INSTANCE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://bugs.mysql.com/bug.php?id=42495 CONFIRM http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html CONFIRM http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html BID 33972 SECTRACK 1021786 VUPEN ADV-2009-0594 XF mysql-xpath-dos(49050) sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. cpe:/a:php.brickhost:phpscheduleit:1.0 cpe:/a:php.brickhost:phpscheduleit:1.0.0rc1 cpe:/a:php.brickhost:phpscheduleit:1.0_rc1 cpe:/a:php.brickhost:phpscheduleit:1.2.0 cpe:/a:php.brickhost:phpscheduleit:1.2.0:beta cpe:/a:php.brickhost:phpscheduleit:1.2.0:rc1 cpe:/a:php.brickhost:phpscheduleit:1.2.1 cpe:/a:php.brickhost:phpscheduleit:1.2.2 cpe:/a:php.brickhost:phpscheduleit:1.2.3 cpe:/a:php.brickhost:phpscheduleit:1.2.4 cpe:/a:php.brickhost:phpscheduleit:1.2.5 cpe:/a:php.brickhost:phpscheduleit:1.2.6 cpe:/a:php.brickhost:phpscheduleit:1.2.7 cpe:/a:php.brickhost:phpscheduleit:1.2.8 cpe:/a:php.brickhost:phpscheduleit:1.2.9 cpe:/a:php.brickhost:phpscheduleit:1.2.10 CVE-2009-0820 2009-03-04T21:30:00.687-05:00 2009-03-05T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-03-05T13:43:00.000-05:00 CONFIRM http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/check.php?r1=318&r2=332 CONFIRM http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=662749 VUPEN ADV-2009-0491 Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132. cpe:/a:mozilla:firefox:0.1 cpe:/a:mozilla:firefox:0.2 cpe:/a:mozilla:firefox:0.3 cpe:/a:mozilla:firefox:0.4 cpe:/a:mozilla:firefox:0.5 cpe:/a:mozilla:firefox:0.6 cpe:/a:mozilla:firefox:0.6.1 cpe:/a:mozilla:firefox:0.7 cpe:/a:mozilla:firefox:0.7.1 cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:0.9:rc cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:0.9_rc cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.6::linux cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:1.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0:beta1 cpe:/a:mozilla:firefox:2.0:beta_1 cpe:/a:mozilla:firefox:2.0:rc2 cpe:/a:mozilla:firefox:2.0:rc3 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:2.0_.1 cpe:/a:mozilla:firefox:2.0_.4 cpe:/a:mozilla:firefox:2.0_.5 cpe:/a:mozilla:firefox:2.0_.6 cpe:/a:mozilla:firefox:2.0_.7 cpe:/a:mozilla:firefox:2.0_.9 cpe:/a:mozilla:firefox:2.0_.10 cpe:/a:mozilla:firefox:2.0_8 CVE-2009-0821 2009-03-04T21:30:00.703-05:00 2009-03-05T00:00:00.000-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-03-05T13:58:00.000-05:00 MISC http://downloads.securityfocus.com/vulnerabilities/exploits/33969.html BID 33969 Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element. cpe:/a:slysoft:anydvd:6.5.2.2 cpe:/a:slysoft:clonecd:5.3.1.3 cpe:/a:slysoft:clonedvd:2.9.2.0 cpe:/a:slysoft:virtualclonedrive:5.4.2.3 CVE-2009-0824 2009-03-14T14:30:00.547-04:00 2018-10-10T15:31:27.440-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov MISC http://en.securitylab.ru/lab/PT-2009-11 BUGTRAQ 20090312 [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service BID 34103 CONFIRM http://www.slysoft.com/download/changes_anydvd.txt CONFIRM http://www.slysoft.com/download/changes_clonedvd.txt XF slysoft-elbycdio-dos(49232) Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call. cpe:/a:torben_sorensen:tinx%2fcms:3.0 cpe:/a:torben_sorensen:tinx%2fcms:3.5 CVE-2009-0825 2009-03-09T17:30:00.233-04:00 2018-10-10T15:31:28.457-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS MISC http://en.securitylab.ru/lab/PT-2009-13 CONFIRM http://sourceforge.net/project/showfiles.php?group_id=133415 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540 BUGTRAQ 20090306 [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability BID 34021 XF tinxcms-rss-sql-injection(49115) SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:freedville:bloghelper:- CVE-2009-0826 2009-03-05T15:30:00.577-05:00 2017-09-28T21:34:03.513-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov XF bloghelper-commondb-info-disclosure(47799) EXPLOIT-DB 7689 BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. cpe:/a:freedville:pollhelper:- CVE-2009-0827 2009-03-05T15:30:00.610-05:00 2017-09-28T21:34:03.560-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov XF pollhelper-poll-info-disclosure(47797) EXPLOIT-DB 7690 PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. cpe:/a:freedville:quotebook:- CVE-2009-0828 2009-03-05T15:30:00.627-05:00 2017-09-28T21:34:03.623-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov BID 33166 EXPLOIT-DB 7699 QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request. cpe:/a:andrew_freed:quotebook:- CVE-2009-0829 2009-03-05T15:30:00.640-05:00 2009-03-21T01:55:03.217-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33166 Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:andrew_freed:quotebook:- CVE-2009-0830 2009-03-05T15:30:00.657-05:00 2009-03-21T01:55:03.327-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 33166 Cross-site scripting (XSS) vulnerability in QuoteBook allows remote attackers to inject arbitrary web script or HTML via the (1) QuoteName and (2) QuoteText parameters to quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:php-fusion:members_cv_module:1.0 CVE-2009-0831 2009-03-05T15:30:00.687-05:00 2017-09-28T21:34:03.670-04:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BID 33156 EXPLOIT-DB 7697 SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. cpe:/a:ausimods:e-cart:1.3 CVE-2009-0832 2009-03-05T15:30:00.703-05:00 2018-10-10T15:31:29.097-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BUGTRAQ 20090107 PHP-Fusion Mod E-Cart Sql Injection BID 33155 EXPLOIT-DB 7698 SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter. cpe:/a:myplugins:gen_msn:0.31 CVE-2009-0833 2009-03-05T15:30:00.717-05:00 2017-09-28T21:34:03.793-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 33159 EXPLOIT-DB 7696 Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information. cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.9 cpe:/o:linux:linux_kernel:2.6.9:rc1 cpe:/o:linux:linux_kernel:2.6.9:rc2 cpe:/o:linux:linux_kernel:2.6.9:rc3 cpe:/o:linux:linux_kernel:2.6.9:rc4 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16:rc1 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17:rc1 cpe:/o:linux:linux_kernel:2.6.17:rc2 cpe:/o:linux:linux_kernel:2.6.17:rc3 cpe:/o:linux:linux_kernel:2.6.17:rc4 cpe:/o:linux:linux_kernel:2.6.17:rc5 cpe:/o:linux:linux_kernel:2.6.17:rc6 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.12 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24:rc1 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.24:rc4 cpe:/o:linux:linux_kernel:2.6.24:rc5 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.25.18 cpe:/o:linux:linux_kernel:2.6.25.19 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.26:rc4 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.26.6 cpe:/o:linux:linux_kernel:2.6.26.7 cpe:/o:linux:linux_kernel:2.6.26.8 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27:rc1 cpe:/o:linux:linux_kernel:2.6.27:rc2 cpe:/o:linux:linux_kernel:2.6.27:rc3 cpe:/o:linux:linux_kernel:2.6.27:rc4 cpe:/o:linux:linux_kernel:2.6.27:rc5 cpe:/o:linux:linux_kernel:2.6.27:rc6 cpe:/o:linux:linux_kernel:2.6.27:rc7 cpe:/o:linux:linux_kernel:2.6.27:rc8 cpe:/o:linux:linux_kernel:2.6.27:rc9 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.27.13 cpe:/o:linux:linux_kernel:2.6.27.14 cpe:/o:linux:linux_kernel:2.6.27.15 cpe:/o:linux:linux_kernel:2.6.27.16 cpe:/o:linux:linux_kernel:2.6.27.17 cpe:/o:linux:linux_kernel:2.6.27.18 cpe:/o:linux:linux_kernel:2.6.27.19 cpe:/o:linux:linux_kernel:2.6.27.20 cpe:/o:linux:linux_kernel:2.6.27.21 cpe:/o:linux:linux_kernel:2.6.27.22 cpe:/o:linux:linux_kernel:2.6.27.23 cpe:/o:linux:linux_kernel:2.6.27.24 cpe:/o:linux:linux_kernel:2.6.27.25 cpe:/o:linux:linux_kernel:2.6.27.26 cpe:/o:linux:linux_kernel:2.6.27.27 cpe:/o:linux:linux_kernel:2.6.27.28 cpe:/o:linux:linux_kernel:2.6.27.29 cpe:/o:linux:linux_kernel:2.6.27.30 cpe:/o:linux:linux_kernel:2.6.27.31 cpe:/o:linux:linux_kernel:2.6.27.32 cpe:/o:linux:linux_kernel:2.6.27.33 cpe:/o:linux:linux_kernel:2.6.27.34 cpe:/o:linux:linux_kernel:2.6.27.35 cpe:/o:linux:linux_kernel:2.6.27.36 cpe:/o:linux:linux_kernel:2.6.27.37 cpe:/o:linux:linux_kernel:2.6.27.38 cpe:/o:linux:linux_kernel:2.6.27.39 cpe:/o:linux:linux_kernel:2.6.27.40 cpe:/o:linux:linux_kernel:2.6.27.41 cpe:/o:linux:linux_kernel:2.6.27.42 cpe:/o:linux:linux_kernel:2.6.27.43 cpe:/o:linux:linux_kernel:2.6.27.44 cpe:/o:linux:linux_kernel:2.6.27.45 cpe:/o:linux:linux_kernel:2.6.27.51 cpe:/o:linux:linux_kernel:2.6.27.52 cpe:/o:linux:linux_kernel:2.6.27.53 cpe:/o:linux:linux_kernel:2.6.27.54 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.28.2 cpe:/o:linux:linux_kernel:2.6.28.3 cpe:/o:linux:linux_kernel:2.6.28.4 cpe:/o:linux:linux_kernel:2.6.28.5 cpe:/o:linux:linux_kernel:2.6.28.6 cpe:/o:linux:linux_kernel:2.6.28.7 CVE-2009-0834 2009-03-06T06:30:02.627-05:00 2018-10-10T15:31:29.567-04:00 3.6 LOCAL LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccbe495caa5e604b04d5a31d7459a6f6a76a756c SUSE SUSE-SA:2009:028 SUSE SUSE-SA:2009:030 SUSE SUSE-SA:2009:031 MLIST [linux-kernel] 20090228 [PATCH 0/2] x86-64: 32/64 syscall arch holes MLIST [linux-kernel] 20090228 [PATCH 1/2] x86-64: syscall-audit: fix 32/64 syscall hole MLIST [oss-security] 20090302 CVE request: kernel: x86-64: syscall-audit: 32/64 syscall hole REDHAT RHSA-2009:0459 REDHAT RHSA-2009:0473 MISC http://scary.beasts.org/security/CESA-2009-001.html CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0084 DEBIAN DSA-1787 DEBIAN DSA-1794 DEBIAN DSA-1800 MANDRIVA MDVSA-2009:118 REDHAT RHSA-2009:0451 BUGTRAQ 20090516 rPSA-2009-0084-1 kernel BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BID 33951 SECTRACK 1022153 UBUNTU USN-751-1 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html VUPEN ADV-2009-3316 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=487990 XF linux-kernel-auditsyscallentry-sec-bypass(49061) The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 CVE-2009-0835 2009-03-06T06:30:02.657-05:00 2012-03-19T00:00:00.000-04:00 3.6 LOCAL LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2009-03-06T12:50:00.000-05:00 SUSE SUSE-SA:2009:021 SUSE SUSE-SA:2009:028 SUSE SUSE-SA:2009:030 SUSE SUSE-SA:2009:031 MLIST [linux-kernel] 20090227 Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole MLIST [linux-kernel] 20090228 [PATCH 0/2] x86-64: 32/64 syscall arch holes MLIST [linux-kernel] 20090228 [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole MLIST [oss-security] 20090302 CVE request: kernel: x86-64: seccomp: 32/64 syscall hole MISC http://scary.beasts.org/security/CESA-2009-001.html MISC http://scary.beasts.org/security/CESA-2009-004.html MISC http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-seccomp.html DEBIAN DSA-1800 MANDRIVA MDVSA-2009:118 REDHAT RHSA-2009:0451 BID 33948 UBUNTU USN-751-1 MISC https://bugzilla.redhat.com/show_bug.cgi?id=487255 The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343. cpe:/a:foxitsoftware:reader:2.3 cpe:/a:foxitsoftware:reader:3.0 CVE-2009-0836 2009-03-10T16:30:06.577-04:00 2018-10-10T15:31:39.440-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MISC http://blog.zoller.lu/2009/03/remote-code-execution-in-pdf-still.html MLIST [dailydave] 20100402 0day, it may not be MISC http://www.coresecurity.com/content/foxit-reader-vulnerabilities CONFIRM http://www.foxitsoftware.com/pdf/reader/security.htm#bypass BUGTRAQ 20090309 Foxit Reader Multiple Vulnerabilities (CORE-2009-0218) BID 34035 SECTRACK 1021824 VUPEN ADV-2009-0634 Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action. cpe:/a:foxit:reader3.0 CVE-2009-0837 2009-03-10T16:30:06.593-04:00 2018-10-10T15:31:40.173-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MISC http://www.coresecurity.com/content/foxit-reader-vulnerabilities CONFIRM http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased BUGTRAQ 20090309 Foxit Reader Multiple Vulnerabilities (CORE-2009-0218) BID 34035 SECTRACK 1021824 VUPEN ADV-2009-0634 XF foxitreader-pdf-bo(49136) Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action. cpe:/o:sun:opensolaris:snv_88 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90:x86 cpe:/o:sun:opensolaris:snv_91 cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92 cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_101b cpe:/o:sun:opensolaris:snv_102::sparc cpe:/o:sun:opensolaris:snv_102::x86 cpe:/o:sun:sunos:5.10 CVE-2009-0838 2009-03-06T13:30:00.717-05:00 2018-10-30T12:25:14.200-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov SECTRACK 1021810 CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-139498-04-1 SUNALERT 254088 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-097.htm BID 34000 VUPEN ADV-2009-0606 VUPEN ADV-2009-0815 XF sun-solaris-cryptodriver-dos(49105) The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function. cpe:/a:umn:mapserver:4.0 cpe:/a:umn:mapserver:4.0:beta1 cpe:/a:umn:mapserver:4.0:beta2 cpe:/a:umn:mapserver:4.2:beta1 cpe:/a:umn:mapserver:4.4.0 cpe:/a:umn:mapserver:4.4.0:beta1 cpe:/a:umn:mapserver:4.4.0:beta2 cpe:/a:umn:mapserver:4.4.0:beta3 cpe:/a:umn:mapserver:4.6.0 cpe:/a:umn:mapserver:4.6.0:beta1 cpe:/a:umn:mapserver:4.6.0:beta2 cpe:/a:umn:mapserver:4.6.0:beta3 cpe:/a:umn:mapserver:4.6.0:rc1 cpe:/a:umn:mapserver:4.8:beta1 cpe:/a:umn:mapserver:4.8:beta2 cpe:/a:umn:mapserver:4.8:beta3 cpe:/a:umn:mapserver:4.8:rc1 cpe:/a:umn:mapserver:4.8:rc2 cpe:/a:umn:mapserver:4.10:beta1 cpe:/a:umn:mapserver:4.10:beta2 cpe:/a:umn:mapserver:4.10:beta3 cpe:/a:umn:mapserver:4.10:rc1 cpe:/a:umn:mapserver:4.10.0 cpe:/a:umn:mapserver:4.10.1 cpe:/a:umn:mapserver:4.10.2 cpe:/a:umn:mapserver:4.10.3 cpe:/a:umn:mapserver:5.0.0 cpe:/a:umn:mapserver:5.0.0:beta1 cpe:/a:umn:mapserver:5.0.0:beta2 cpe:/a:umn:mapserver:5.0.0:beta3 cpe:/a:umn:mapserver:5.0.0:beta4 cpe:/a:umn:mapserver:5.0.0:beta5 cpe:/a:umn:mapserver:5.0.0:beta6 cpe:/a:umn:mapserver:5.0.0:rc1 cpe:/a:umn:mapserver:5.0.0:rc2 cpe:/a:umn:mapserver:5.2.0 cpe:/a:umn:mapserver:5.2.0:beta1 cpe:/a:umn:mapserver:5.2.0:beta2 cpe:/a:umn:mapserver:5.2.0:beta3 cpe:/a:umn:mapserver:5.2.0:beta4 cpe:/a:umn:mapserver:5.2.0:rc1 cpe:/a:umn:mapserver:5.2.1 CVE-2009-0839 2009-03-31T14:24:45.827-04:00 2018-10-10T15:31:40.923-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MLIST [mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes CONFIRM http://trac.osgeo.org/mapserver/ticket/2944 DEBIAN DSA-1914 MISC http://www.positronsecurity.com/advisories/2009-000.html BUGTRAQ 20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 BID 34306 SECTRACK 1021952 FEDORA FEDORA-2009-3357 FEDORA FEDORA-2009-3383 Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action. cpe:/a:umn:mapserver:4.0 cpe:/a:umn:mapserver:4.0:beta1 cpe:/a:umn:mapserver:4.0:beta2 cpe:/a:umn:mapserver:4.2:beta1 cpe:/a:umn:mapserver:4.4.0 cpe:/a:umn:mapserver:4.4.0:beta1 cpe:/a:umn:mapserver:4.4.0:beta2 cpe:/a:umn:mapserver:4.4.0:beta3 cpe:/a:umn:mapserver:4.6.0 cpe:/a:umn:mapserver:4.6.0:beta1 cpe:/a:umn:mapserver:4.6.0:beta2 cpe:/a:umn:mapserver:4.6.0:beta3 cpe:/a:umn:mapserver:4.6.0:rc1 cpe:/a:umn:mapserver:4.8:beta1 cpe:/a:umn:mapserver:4.8:beta2 cpe:/a:umn:mapserver:4.8:beta3 cpe:/a:umn:mapserver:4.8:rc1 cpe:/a:umn:mapserver:4.8:rc2 cpe:/a:umn:mapserver:4.10:beta1 cpe:/a:umn:mapserver:4.10:beta2 cpe:/a:umn:mapserver:4.10:beta3 cpe:/a:umn:mapserver:4.10:rc1 cpe:/a:umn:mapserver:4.10.0 cpe:/a:umn:mapserver:4.10.1 cpe:/a:umn:mapserver:4.10.2 cpe:/a:umn:mapserver:4.10.3 cpe:/a:umn:mapserver:5.0.0 cpe:/a:umn:mapserver:5.0.0:beta1 cpe:/a:umn:mapserver:5.0.0:beta2 cpe:/a:umn:mapserver:5.0.0:beta3 cpe:/a:umn:mapserver:5.0.0:beta4 cpe:/a:umn:mapserver:5.0.0:beta5 cpe:/a:umn:mapserver:5.0.0:beta6 cpe:/a:umn:mapserver:5.0.0:rc1 cpe:/a:umn:mapserver:5.0.0:rc2 cpe:/a:umn:mapserver:5.2.0 cpe:/a:umn:mapserver:5.2.0:beta1 cpe:/a:umn:mapserver:5.2.0:beta2 cpe:/a:umn:mapserver:5.2.0:beta3 cpe:/a:umn:mapserver:5.2.0:beta4 cpe:/a:umn:mapserver:5.2.0:rc1 cpe:/a:umn:mapserver:5.2.1 CVE-2009-0840 2009-03-31T14:24:45.860-04:00 2018-10-10T15:31:41.987-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov MLIST [mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes CONFIRM http://trac.osgeo.org/mapserver/ticket/2943 DEBIAN DSA-1914 MISC http://www.positronsecurity.com/advisories/2009-000.html BUGTRAQ 20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 BID 34306 SECTRACK 1021952 XF mapserver-contentlength-bo(49545) FEDORA FEDORA-2009-3357 FEDORA FEDORA-2009-3383 Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header. cpe:/a:umn:mapserver:4.0 cpe:/a:umn:mapserver:4.0:beta1 cpe:/a:umn:mapserver:4.0:beta2 cpe:/a:umn:mapserver:4.2:beta1 cpe:/a:umn:mapserver:4.4.0 cpe:/a:umn:mapserver:4.4.0:beta1 cpe:/a:umn:mapserver:4.4.0:beta2 cpe:/a:umn:mapserver:4.4.0:beta3 cpe:/a:umn:mapserver:4.6.0 cpe:/a:umn:mapserver:4.6.0:beta1 cpe:/a:umn:mapserver:4.6.0:beta2 cpe:/a:umn:mapserver:4.6.0:beta3 cpe:/a:umn:mapserver:4.6.0:rc1 cpe:/a:umn:mapserver:4.8:beta1 cpe:/a:umn:mapserver:4.8:beta2 cpe:/a:umn:mapserver:4.8:beta3 cpe:/a:umn:mapserver:4.8:rc1 cpe:/a:umn:mapserver:4.8:rc2 cpe:/a:umn:mapserver:4.10:beta1 cpe:/a:umn:mapserver:4.10:beta2 cpe:/a:umn:mapserver:4.10:beta3 cpe:/a:umn:mapserver:4.10:rc1 cpe:/a:umn:mapserver:4.10.0 cpe:/a:umn:mapserver:4.10.1 cpe:/a:umn:mapserver:4.10.2 cpe:/a:umn:mapserver:4.10.3 cpe:/a:umn:mapserver:5.0.0 cpe:/a:umn:mapserver:5.0.0:beta1 cpe:/a:umn:mapserver:5.0.0:beta2 cpe:/a:umn:mapserver:5.0.0:beta3 cpe:/a:umn:mapserver:5.0.0:beta4 cpe:/a:umn:mapserver:5.0.0:beta5 cpe:/a:umn:mapserver:5.0.0:beta6 cpe:/a:umn:mapserver:5.0.0:rc1 cpe:/a:umn:mapserver:5.0.0:rc2 cpe:/a:umn:mapserver:5.2.0 cpe:/a:umn:mapserver:5.2.0:beta1 cpe:/a:umn:mapserver:5.2.0:beta2 cpe:/a:umn:mapserver:5.2.0:beta3 cpe:/a:umn:mapserver:5.2.0:beta4 cpe:/a:umn:mapserver:5.2.0:rc1 cpe:/a:umn:mapserver:5.2.1 CVE-2009-0841 2009-03-31T14:24:45.877-04:00 2018-10-10T15:31:43.267-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS MLIST [mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes CONFIRM http://trac.osgeo.org/mapserver/ticket/2942 DEBIAN DSA-1914 MISC http://www.positronsecurity.com/advisories/2009-000.html BUGTRAQ 20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 BID 34306 SECTRACK 1021952 XF mapserver-mapserv-dir-traversal(49548) FEDORA FEDORA-2009-3357 FEDORA FEDORA-2009-3383 Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter. cpe:/a:umn:mapserver:4.0 cpe:/a:umn:mapserver:4.0:beta1 cpe:/a:umn:mapserver:4.0:beta2 cpe:/a:umn:mapserver:4.2:beta1 cpe:/a:umn:mapserver:4.4.0 cpe:/a:umn:mapserver:4.4.0:beta1 cpe:/a:umn:mapserver:4.4.0:beta2 cpe:/a:umn:mapserver:4.4.0:beta3 cpe:/a:umn:mapserver:4.6.0 cpe:/a:umn:mapserver:4.6.0:beta1 cpe:/a:umn:mapserver:4.6.0:beta2 cpe:/a:umn:mapserver:4.6.0:beta3 cpe:/a:umn:mapserver:4.6.0:rc1 cpe:/a:umn:mapserver:4.8:beta1 cpe:/a:umn:mapserver:4.8:beta2 cpe:/a:umn:mapserver:4.8:beta3 cpe:/a:umn:mapserver:4.8:rc1 cpe:/a:umn:mapserver:4.8:rc2 cpe:/a:umn:mapserver:4.10:beta1 cpe:/a:umn:mapserver:4.10:beta2 cpe:/a:umn:mapserver:4.10:beta3 cpe:/a:umn:mapserver:4.10:rc1 cpe:/a:umn:mapserver:4.10.0 cpe:/a:umn:mapserver:4.10.1 cpe:/a:umn:mapserver:4.10.2 cpe:/a:umn:mapserver:4.10.3 cpe:/a:umn:mapserver:5.0.0 cpe:/a:umn:mapserver:5.0.0:beta1 cpe:/a:umn:mapserver:5.0.0:beta2 cpe:/a:umn:mapserver:5.0.0:beta3 cpe:/a:umn:mapserver:5.0.0:beta4 cpe:/a:umn:mapserver:5.0.0:beta5 cpe:/a:umn:mapserver:5.0.0:beta6 cpe:/a:umn:mapserver:5.0.0:rc1 cpe:/a:umn:mapserver:5.0.0:rc2 cpe:/a:umn:mapserver:5.2.0 cpe:/a:umn:mapserver:5.2.0:beta1 cpe:/a:umn:mapserver:5.2.0:beta2 cpe:/a:umn:mapserver:5.2.0:beta3 cpe:/a:umn:mapserver:5.2.0:beta4 cpe:/a:umn:mapserver:5.2.0:rc1 cpe:/a:umn:mapserver:5.2.1 CVE-2009-0842 2009-03-31T14:24:45.907-04:00 2018-10-10T15:31:44.533-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov MLIST [mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes CONFIRM http://trac.osgeo.org/mapserver/ticket/2941 DEBIAN DSA-1914 MISC http://www.positronsecurity.com/advisories/2009-000.html BUGTRAQ 20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 BID 34306 SECTRACK 1021952 FEDORA FEDORA-2009-3357 FEDORA FEDORA-2009-3383 mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink. cpe:/a:umn:mapserver:4.0 cpe:/a:umn:mapserver:4.0:beta1 cpe:/a:umn:mapserver:4.0:beta2 cpe:/a:umn:mapserver:4.2:beta1 cpe:/a:umn:mapserver:4.4.0 cpe:/a:umn:mapserver:4.4.0:beta1 cpe:/a:umn:mapserver:4.4.0:beta2 cpe:/a:umn:mapserver:4.4.0:beta3 cpe:/a:umn:mapserver:4.6.0 cpe:/a:umn:mapserver:4.6.0:beta1 cpe:/a:umn:mapserver:4.6.0:beta2 cpe:/a:umn:mapserver:4.6.0:beta3 cpe:/a:umn:mapserver:4.6.0:rc1 cpe:/a:umn:mapserver:4.8:beta1 cpe:/a:umn:mapserver:4.8:beta2 cpe:/a:umn:mapserver:4.8:beta3 cpe:/a:umn:mapserver:4.8:rc1 cpe:/a:umn:mapserver:4.8:rc2 cpe:/a:umn:mapserver:4.10:beta1 cpe:/a:umn:mapserver:4.10:beta2 cpe:/a:umn:mapserver:4.10:beta3 cpe:/a:umn:mapserver:4.10:rc1 cpe:/a:umn:mapserver:4.10.0 cpe:/a:umn:mapserver:4.10.1 cpe:/a:umn:mapserver:4.10.2 cpe:/a:umn:mapserver:4.10.3 cpe:/a:umn:mapserver:5.0.0 cpe:/a:umn:mapserver:5.0.0:beta1 cpe:/a:umn:mapserver:5.0.0:beta2 cpe:/a:umn:mapserver:5.0.0:beta3 cpe:/a:umn:mapserver:5.0.0:beta4 cpe:/a:umn:mapserver:5.0.0:beta5 cpe:/a:umn:mapserver:5.0.0:beta6 cpe:/a:umn:mapserver:5.0.0:rc1 cpe:/a:umn:mapserver:5.0.0:rc2 cpe:/a:umn:mapserver:5.2.0 cpe:/a:umn:mapserver:5.2.0:beta1 cpe:/a:umn:mapserver:5.2.0:beta2 cpe:/a:umn:mapserver:5.2.0:beta3 cpe:/a:umn:mapserver:5.2.0:beta4 cpe:/a:umn:mapserver:5.2.0:rc1 cpe:/a:umn:mapserver:5.2.1 CVE-2009-0843 2009-03-31T14:24:45.920-04:00 2018-10-10T15:31:45.597-04:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov MLIST [mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes CONFIRM http://trac.osgeo.org/mapserver/ticket/2939 DEBIAN DSA-1914 MISC http://www.positronsecurity.com/advisories/2009-000.html BUGTRAQ 20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 BID 34306 SECTRACK 1021952 FEDORA FEDORA-2009-3357 FEDORA FEDORA-2009-3383 The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists. cpe:/a:mit:kerberos:5 cpe:/a:mit:kerberos:5-1.5 cpe:/a:mit:kerberos:5-1.5.1 cpe:/a:mit:kerberos:5-1.5.2 cpe:/a:mit:kerberos:5-1.5.3 cpe:/a:mit:kerberos:5-1.6 cpe:/a:mit:kerberos:5-1.6.1 cpe:/a:mit:kerberos:5-1.6.2 cpe:/a:mit:kerberos:5-1.6.3 CVE-2009-0844 2009-04-08T20:30:00.250-04:00 2018-10-10T15:31:46.707-04:00 5.8 NETWORK MEDIUM NONE PARTIAL NONE PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 GENTOO GLSA-200904-09 SUNALERT 256728 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm MISC http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html MISC http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0058 MISC http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058 CERT-VN VU#662091 MANDRIVA MDVSA-2009:098 REDHAT RHSA-2009:0408 BUGTRAQ 20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847] BUGTRAQ 20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation BID 34408 SECTRACK 1021867 UBUNTU USN-755-1 CERT TA09-133A VUPEN ADV-2009-0960 VUPEN ADV-2009-0976 VUPEN ADV-2009-1057 VUPEN ADV-2009-1106 VUPEN ADV-2009-1297 VUPEN ADV-2009-2248 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21396120 FEDORA FEDORA-2009-2834 FEDORA FEDORA-2009-2852 The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. cpe:/a:mit:kerberos:5-1.5 cpe:/a:mit:kerberos:5-1.5.1 cpe:/a:mit:kerberos:5-1.5.2 cpe:/a:mit:kerberos:5-1.5.3 cpe:/a:mit:kerberos:5-1.6 cpe:/a:mit:kerberos:5-1.6.1 cpe:/a:mit:kerberos:5-1.6.2 cpe:/a:mit:kerberos:5-1.6.3 CVE-2009-0845 2009-03-27T12:30:02.157-04:00 2018-10-10T15:31:52.237-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402 APPLE APPLE-SA-2009-05-12 GENTOO GLSA-200904-09 CONFIRM http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084 CONFIRM http://src.mit.edu/fisheye/changelog/krb5/?cs=22084 SUNALERT 256728 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm MISC http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html MISC http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0058 MISC http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058 CERT-VN VU#662091 MANDRIVA MDVSA-2009:082 REDHAT RHSA-2009:0408 BUGTRAQ 20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847] BUGTRAQ 20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation BID 34257 SECTRACK 1021867 UBUNTU USN-755-1 CERT TA09-133A VUPEN ADV-2009-0847 VUPEN ADV-2009-0976 VUPEN ADV-2009-1057 VUPEN ADV-2009-1106 VUPEN ADV-2009-1297 VUPEN ADV-2009-2248 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21396120 XF kerberos-spnego-dos(49448) FEDORA FEDORA-2009-2834 FEDORA FEDORA-2009-2852 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. cpe:/a:mit:kerberos:5 cpe:/a:mit:kerberos:5-1.1 cpe:/a:mit:kerberos:5-1.2 cpe:/a:mit:kerberos:5-1.2.1 cpe:/a:mit:kerberos:5-1.2.2 cpe:/a:mit:kerberos:5-1.2.3 cpe:/a:mit:kerberos:5-1.2.4 cpe:/a:mit:kerberos:5-1.2.5 cpe:/a:mit:kerberos:5-1.2.6 cpe:/a:mit:kerberos:5-1.2.7 cpe:/a:mit:kerberos:5-1.2.8 cpe:/a:mit:kerberos:5-1.3 cpe:/a:mit:kerberos:5-1.3:alpha1 cpe:/a:mit:kerberos:5-1.3.1 cpe:/a:mit:kerberos:5-1.3.2 cpe:/a:mit:kerberos:5-1.3.3 cpe:/a:mit:kerberos:5-1.3.4 cpe:/a:mit:kerberos:5-1.3.5 cpe:/a:mit:kerberos:5-1.3.6 cpe:/a:mit:kerberos:5-1.4 cpe:/a:mit:kerberos:5-1.4.1 cpe:/a:mit:kerberos:5-1.4.2 cpe:/a:mit:kerberos:5-1.4.3 cpe:/a:mit:kerberos:5-1.4.4 cpe:/a:mit:kerberos:5-1.5 cpe:/a:mit:kerberos:5-1.5.1 cpe:/a:mit:kerberos:5-1.5.2 cpe:/a:mit:kerberos:5-1.5.3 cpe:/a:mit:kerberos:5-1.6 cpe:/a:mit:kerberos:5-1.6.1 cpe:/a:mit:kerberos:5-1.6.2 cpe:/a:mit:kerberos:5-1.6.3 cpe:/a:mit:kerberos:5_1.0 cpe:/a:mit:kerberos:5_1.0.6 cpe:/a:mit:kerberos:5_1.1 cpe:/a:mit:kerberos:5_1.1.1 cpe:/a:mit:kerberos:5_1.2:beta1 cpe:/a:mit:kerberos:5_1.2:beta2 cpe:/a:mit:kerberos:5_1.3.3 CVE-2009-0846 2009-04-08T20:30:00.267-04:00 2018-10-10T15:31:59.003-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 MLIST [security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5 HP HPSBUX02421 HP SSRT100495 REDHAT RHSA-2009:0409 REDHAT RHSA-2009:0410 GENTOO GLSA-200904-09 SUNALERT 256728 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm MISC http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html MISC http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0058 MISC http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058 MANDRIVA MDVSA-2009:098 REDHAT RHSA-2009:0408 BUGTRAQ 20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846] BUGTRAQ 20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation BUGTRAQ 20090701 VMSA-2009-0008 ESX Service Console update for krb5 BID 34409 SECTRACK 1021994 UBUNTU USN-755-1 CERT TA09-133A CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0008.html VUPEN ADV-2009-0960 VUPEN ADV-2009-0976 VUPEN ADV-2009-1057 VUPEN ADV-2009-1106 VUPEN ADV-2009-1297 VUPEN ADV-2009-2084 VUPEN ADV-2009-2248 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21396120 FEDORA FEDORA-2009-2834 FEDORA FEDORA-2009-2852 The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. cpe:/a:mit:kerberos:5-1.6.3 CVE-2009-0847 2009-04-08T20:30:00.280-04:00 2018-10-10T15:32:07.723-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov APPLE APPLE-SA-2009-05-12 HP HPSBUX02421 GENTOO GLSA-200904-09 SUNALERT 256728 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm MISC http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html MISC http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0058 MISC http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058 MANDRIVA MDVSA-2009:098 BUGTRAQ 20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847] BUGTRAQ 20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation BID 34408 SECTRACK 1021993 UBUNTU USN-755-1 CERT TA09-133A VUPEN ADV-2009-0960 VUPEN ADV-2009-0976 VUPEN ADV-2009-1057 VUPEN ADV-2009-1106 VUPEN ADV-2009-1297 VUPEN ADV-2009-2084 VUPEN ADV-2009-2248 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21396120 FEDORA FEDORA-2009-2834 FEDORA FEDORA-2009-2852 The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic. cpe:/o:opensuse:opensuse:11.0 cpe:/o:opensuse:opensuse:11.1 CVE-2009-0848 2009-03-11T10:19:15.377-04:00 2017-08-16T21:30:03.100-04:00 4.4 LOCAL MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SUSE SUSE-SR:2009:006 XF opensuse-gtk2-code-execution(49228) Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path." cpe:/a:novastor:novanet:12 CVE-2009-0849 2009-03-09T13:30:00.170-04:00 2017-08-16T21:30:03.147-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov MISC http://www.insight-tech.org/index.php?p=NovaNET-12-Remote-Buffer-Oveflow BID 33954 XF novanet-dtbclslogin-bo(49074) Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information. cpe:/a:bitdefender:internet_security:2009 CVE-2009-0850 2009-03-09T13:30:00.187-04:00 2018-10-10T15:32:12.787-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BUGTRAQ 20090226 BitDefender Internet Security XSS BUGTRAQ 20090227 Re: BitDefender Internet Security XSS BID 33921 VUPEN ADV-2009-0557 Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file. cpe:/a:stewart_howe:celerbb:0.0.2 CVE-2009-0851 2009-03-09T13:30:00.217-04:00 2018-10-10T15:32:13.300-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BUGTRAQ 20090305 CelerBB 0.0.2 Multiple Vulnerabilities BID 34014 EXPLOIT-DB 8161 Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php. cpe:/a:stewart_howe:celerbb:0.0.2 CVE-2009-0852 2009-03-09T13:30:00.233-04:00 2018-10-10T15:32:13.630-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov BUGTRAQ 20090305 CelerBB 0.0.2 Multiple Vulnerabilities BID 34014 EXPLOIT-DB 8161 showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter. cpe:/a:stewart_howe:celerbb:0.0.2 CVE-2009-0853 2009-03-09T13:30:00.250-04:00 2018-10-10T15:32:13.957-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov ALLOWS_OTHER_ACCESS BUGTRAQ 20090305 CelerBB 0.0.2 Multiple Vulnerabilities BID 34014 EXPLOIT-DB 8161 login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value. cpe:/a:dash:dash:0.5.4 CVE-2009-0854 2009-03-11T10:19:15.390-04:00 2017-08-16T21:30:03.223-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov ALLOWS_ADMIN_ACCESS BID 34092 UBUNTU USN-732-1 XF dash-profile-code-execution(49216) Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. cpe:/a:ibm:websphere_application_server:6.1 cpe:/a:ibm:websphere_application_server:6.1.0 cpe:/a:ibm:websphere_application_server:6.1.0.0 cpe:/a:ibm:websphere_application_server:6.1.0.1 cpe:/a:ibm:websphere_application_server:6.1.0.2 cpe:/a:ibm:websphere_application_server:6.1.0.3 cpe:/a:ibm:websphere_application_server:6.1.0.4 cpe:/a:ibm:websphere_application_server:6.1.0.5 cpe:/a:ibm:websphere_application_server:6.1.0.6 cpe:/a:ibm:websphere_application_server:6.1.0.7 cpe:/a:ibm:websphere_application_server:6.1.0.8 cpe:/a:ibm:websphere_application_server:6.1.0.9 cpe:/a:ibm:websphere_application_server:6.1.0.10 cpe:/a:ibm:websphere_application_server:6.1.0.11 cpe:/a:ibm:websphere_application_server:6.1.0.12 cpe:/a:ibm:websphere_application_server:6.1.0.13 cpe:/a:ibm:websphere_application_server:6.1.0.14 cpe:/a:ibm:websphere_application_server:6.1.0.15 cpe:/a:ibm:websphere_application_server:6.1.0.16 cpe:/a:ibm:websphere_application_server:6.1.0.17 cpe:/a:ibm:websphere_application_server:6.1.0.18 cpe:/a:ibm:websphere_application_server:6.1.0.19 cpe:/a:ibm:websphere_application_server:6.1.0.20 cpe:/a:ibm:websphere_application_server:6.1.0.21 cpe:/a:ibm:websphere_application_server:6.1.0.22 CVE-2009-0855 2009-03-09T17:30:00.267-04:00 2009-04-01T01:43:07.170-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 34001 BID 34259 VUPEN ADV-2009-0607 VUPEN ADV-2009-0854 AIXAPAR PK77505 AIXAPAR PK81212 AIXAPAR PK82988 Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:ibm:websphere_application_server:6.1 cpe:/a:ibm:websphere_application_server:6.1.0.0 cpe:/a:ibm:websphere_application_server:6.1.0.1 cpe:/a:ibm:websphere_application_server:6.1.0.2 cpe:/a:ibm:websphere_application_server:6.1.0.3 cpe:/a:ibm:websphere_application_server:6.1.0.4 cpe:/a:ibm:websphere_application_server:6.1.0.5 cpe:/a:ibm:websphere_application_server:6.1.0.6 cpe:/a:ibm:websphere_application_server:6.1.0.7 cpe:/a:ibm:websphere_application_server:6.1.0.8 cpe:/a:ibm:websphere_application_server:6.1.0.9 cpe:/a:ibm:websphere_application_server:6.1.0.10 cpe:/a:ibm:websphere_application_server:6.1.0.11 cpe:/a:ibm:websphere_application_server:6.1.0.12 cpe:/a:ibm:websphere_application_server:6.1.0.13 cpe:/a:ibm:websphere_application_server:6.1.0.14 cpe:/a:ibm:websphere_application_server:6.1.0.15 cpe:/a:ibm:websphere_application_server:6.1.0.16 cpe:/a:ibm:websphere_application_server:6.1.0.17 cpe:/a:ibm:websphere_application_server:6.1.0.18 cpe:/a:ibm:websphere_application_server:6.1.0.19 cpe:/a:ibm:websphere_application_server:6.1.0.20 cpe:/a:ibm:websphere_application_server:6.1.0.21 cpe:/a:ibm:websphere_application_server:6.1.0.22 CVE-2009-0856 2009-03-09T17:30:00.280-04:00 2009-06-05T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-03-10T11:59:00.000-04:00 SECTRACK 1021811 BID 34001 VUPEN ADV-2009-0607 VUPEN ADV-2009-1464 AIXAPAR PK81212 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27006876 Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:sun:management_center:3.6.1 cpe:/a:sun:management_center:4.0 CVE-2009-0857 2009-03-09T17:30:00.297-04:00 2017-08-16T21:30:03.303-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov SECTRACK 1021809 CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1 SUNALERT 247046 BID 33999 VUPEN ADV-2009-0605 XF sunmc-performancereportingmodule-xss(49076) Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console. cpe:/a:d.j.bernstein:djbdns:1.05 CVE-2009-0858 2009-03-09T17:30:00.327-04:00 2018-10-10T15:32:14.317-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov MISC http://it.slashdot.org/article.pl?sid=09/03/05/2014249 MLIST [dns] 20090225 djbdns misformats some long response packets; patch and example MLIST [dns] 20090304 djbdns<=1.05 lets AXFRed subdomains overwrite domains MISC http://securityandthe.net/2009/03/05/security-issue-in-djbdns-confirmed/ DEBIAN DSA-1831 BUGTRAQ 20090226 djbdns misformats some long response packets; patch and example attack BUGTRAQ 20090228 Re: djbdns misformats some long response packets; patch and example attack BUGTRAQ 20090305 Re: djbdns misformats some long response packets; patch and example attack BID 33937 XF djbdns-response-packet-spoofing(49003) The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain. cpe:/o:linux:linux_kernel:2.6.28.4 CVE-2009-0859 2009-03-09T17:30:00.343-04:00 2017-08-16T21:30:03.443-04:00 4.7 LOCAL MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a68e61e8ff2d46327a37b69056998b47745db6fa CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5 SUSE SUSE-SA:2009:028 SUSE SUSE-SA:2009:030 SUSE SUSE-SA:2009:031 MLIST [git-commits-head] 20090205 shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM MLIST [linux-kernel] 20080229 [BUG] soft lockup detected with ipcs MLIST [linux-kernel] 20090127 [PATCH 1/2] fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM MLIST [oss-security] 20090306 CVE request: kernel: shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM CONFIRM http://patchwork.kernel.org/patch/6554/ DEBIAN DSA-1787 DEBIAN DSA-1794 DEBIAN DSA-1800 BID 34020 UBUNTU USN-751-1 XF linux-kernel-shmgetstat-dos(49229) The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program. cpe:/a:netcordia:netmri:3.0.1 CVE-2009-0860 2009-03-10T10:30:00.203-04:00 2018-10-10T15:32:15.397-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://connection.netcordia.com/forums/t/731.aspx BUGTRAQ 20090218 DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability BID 33824 Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages. cpe:/a:denorastats:phpdenora:0.9.3 cpe:/a:denorastats:phpdenora:0.9.4 cpe:/a:denorastats:phpdenora:1.0.0 cpe:/a:denorastats:phpdenora:1.0.0:rc1 cpe:/a:denorastats:phpdenora:1.0.0:rc2 cpe:/a:denorastats:phpdenora:1.0.0:rc3 cpe:/a:denorastats:phpdenora:1.0.1 cpe:/a:denorastats:phpdenora:1.1.0 cpe:/a:denorastats:phpdenora:1.1.1 cpe:/a:denorastats:phpdenora:1.2.0 cpe:/a:denorastats:phpdenora:1.2.1 cpe:/a:denorastats:phpdenora:1.2.2 CVE-2009-0861 2009-03-10T10:30:00.233-04:00 2017-08-16T21:30:03.507-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://sourceforge.net/project/shownotes.php?release_id=661189 BID 33822 XF phpdenora-ircchannel-xss(48799) Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via an IRC channel name. NOTE: some of these details are obtained from third party information. cpe:/a:tangocms:tangocms:1.0.6 cpe:/a:tangocms:tangocms:1.0.8 cpe:/a:tangocms:tangocms:1.0.8.1 cpe:/a:tangocms:tangocms:2.0.0 cpe:/a:tangocms:tangocms:2.0.1 cpe:/a:tangocms:tangocms:2.0.2 cpe:/a:tangocms:tangocms:2.0.3 cpe:/a:tangocms:tangocms:2.0.4 cpe:/a:tangocms:tangocms:2.0.5 cpe:/a:tangocms:tangocms:2.0.6 cpe:/a:tangocms:tangocms:2.1.0 cpe:/a:tangocms:tangocms:2.1.1 cpe:/a:tangocms:tangocms:2.1.2 cpe:/a:tangocms:tangocms:2.2.0 cpe:/a:tangocms:tangocms:2.2.1 cpe:/a:tangocms:tangocms:2.2.2 cpe:/a:tangocms:tangocms:2.2.3 CVE-2009-0862 2009-03-10T10:30:00.250-04:00 2009-03-21T01:55:06.110-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM http://tangocms.org/article/view/2.2.4-released CONFIRM http://tangocms.org/changelog BID 33833 Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_output function in modules/page/hooks/listeners.php in the admincp component in TangoCMS 2.2.x (aka Eagle) before 2.2.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. cpe:/a:matteoiammarrone:s-cms:1.1 CVE-2009-0863 2009-03-10T10:30:00.267-04:00 2017-09-28T21:34:04.637-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33799 XF scms-deletepage-sql-injection(48806) EXPLOIT-DB 8071 SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:matteoiammarrone:s-cms:1.1 CVE-2009-0864 2009-03-10T10:30:00.280-04:00 2017-09-28T21:34:04.687-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 33799 XF scms-cookie-security-bypass(48805) EXPLOIT-DB 8071 S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. cpe:/a:geovision:livex_activex_control:8.1.2.0 cpe:/a:geovision:livex_activex_control:8.2.0.0 CVE-2009-0865 2009-03-10T10:30:00.313-04:00 2017-10-18T21:30:18.223-04:00 8.8 NETWORK MEDIUM NONE NONE COMPLETE COMPLETE http://nvd.nist.gov BID 33782 XF geovision-livex-activex-file-overwrite(48773) EXPLOIT-DB 8059 Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods. cpe:/a:phnews:phnews:1:alpha CVE-2009-0866 2009-03-10T10:30:00.327-04:00 2017-09-28T21:34:04.763-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov XF phnews-genbackup-info-disclosure(48801) EXPLOIT-DB 8073 pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php. cpe:/a:fujitsu:enhanced_support_facility:3.0 cpe:/a:fujitsu:enhanced_support_facility:3.0.1 CVE-2009-0867 2009-03-10T10:30:00.343-04:00 2017-08-16T21:30:03.803-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/esf-200901e.html BID 33831 XF fujitsu-enhanced-hrms-info-disclosure(48817) The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection. cpe:/a:fujitsu:jasmine2000::enterprise CVE-2009-0868 2009-03-10T10:30:00.360-04:00 2017-08-16T21:30:03.880-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/jasmine-200901e.html BID 33832 XF jasmine2000-weblink-response-splitting(48818) CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. cpe:/a:ibm:tivoli_storage_manager_hsm:5.3.2.0 cpe:/a:ibm:tivoli_storage_manager_hsm:5.3.5.0 cpe:/a:ibm:tivoli_storage_manager_hsm:5.4.0.0 cpe:/a:ibm:tivoli_storage_manager_hsm:5.4.2.5 cpe:/a:ibm:tivoli_storage_manager_hsm:5.5.0.0 cpe:/a:ibm:tivoli_storage_manager_hsm:5.5.1.4 CVE-2009-0869 2009-03-10T16:30:06.610-04:00 2009-06-17T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-03-11T10:09:00.000-04:00 SECTRACK 1021820 BID 34034 VUPEN ADV-2009-0638 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21329223 Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. cpe:/o:sun:opensolaris:snv_01::sparc cpe:/o:sun:opensolaris:snv_01::x86 cpe:/o:sun:opensolaris:snv_02::sparc cpe:/o:sun:opensolaris:snv_02::x86 cpe:/o:sun:opensolaris:snv_03::sparc cpe:/o:sun:opensolaris:snv_03::x86 cpe:/o:sun:opensolaris:snv_04::sparc cpe:/o:sun:opensolaris:snv_04::x86 cpe:/o:sun:opensolaris:snv_05::sparc cpe:/o:sun:opensolaris:snv_05::x86 cpe:/o:sun:opensolaris:snv_06::sparc cpe:/o:sun:opensolaris:snv_06::x86 cpe:/o:sun:opensolaris:snv_07::sparc cpe:/o:sun:opensolaris:snv_07::x86 cpe:/o:sun:opensolaris:snv_08::sparc cpe:/o:sun:opensolaris:snv_08::x86 cpe:/o:sun:opensolaris:snv_09::sparc cpe:/o:sun:opensolaris:snv_09::x86 cpe:/o:sun:opensolaris:snv_10::sparc cpe:/o:sun:opensolaris:snv_10::x86 cpe:/o:sun:opensolaris:snv_11::sparc cpe:/o:sun:opensolaris:snv_11::x86 cpe:/o:sun:opensolaris:snv_12::sparc cpe:/o:sun:opensolaris:snv_12::x86 cpe:/o:sun:opensolaris:snv_13::sparc cpe:/o:sun:opensolaris:snv_13::x86 cpe:/o:sun:opensolaris:snv_14::sparc cpe:/o:sun:opensolaris:snv_14::x86 cpe:/o:sun:opensolaris:snv_15::sparc cpe:/o:sun:opensolaris:snv_15::x86 cpe:/o:sun:opensolaris:snv_16::sparc cpe:/o:sun:opensolaris:snv_16::x86 cpe:/o:sun:opensolaris:snv_17::sparc cpe:/o:sun:opensolaris:snv_17::x86 cpe:/o:sun:opensolaris:snv_18::sparc cpe:/o:sun:opensolaris:snv_18::x86 cpe:/o:sun:opensolaris:snv_19::sparc cpe:/o:sun:opensolaris:snv_19::x86 cpe:/o:sun:opensolaris:snv_20::sparc cpe:/o:sun:opensolaris:snv_20::x86 cpe:/o:sun:opensolaris:snv_21::sparc cpe:/o:sun:opensolaris:snv_21::x86 cpe:/o:sun:opensolaris:snv_22::sparc cpe:/o:sun:opensolaris:snv_22::x86 cpe:/o:sun:opensolaris:snv_23::sparc cpe:/o:sun:opensolaris:snv_23::x86 cpe:/o:sun:opensolaris:snv_24::sparc cpe:/o:sun:opensolaris:snv_24::x86 cpe:/o:sun:opensolaris:snv_25::sparc cpe:/o:sun:opensolaris:snv_25::x86 cpe:/o:sun:opensolaris:snv_26::sparc cpe:/o:sun:opensolaris:snv_26::x86 cpe:/o:sun:opensolaris:snv_27::sparc cpe:/o:sun:opensolaris:snv_27::x86 cpe:/o:sun:opensolaris:snv_28::sparc cpe:/o:sun:opensolaris:snv_28::x86 cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_102::sparc cpe:/o:sun:opensolaris:snv_102::x86 cpe:/o:sun:opensolaris:snv_103::sparc cpe:/o:sun:opensolaris:snv_103::x86 cpe:/o:sun:opensolaris:snv_104::sparc cpe:/o:sun:opensolaris:snv_104::x86 cpe:/o:sun:opensolaris:snv_105::sparc cpe:/o:sun:opensolaris:snv_105::x86 cpe:/o:sun:opensolaris:snv_106::sparc cpe:/o:sun:opensolaris:snv_106::x86 cpe:/o:sun:opensolaris:snv_107::sparc cpe:/o:sun:opensolaris:snv_107::x86 cpe:/o:sun:opensolaris:snv_108::sparc cpe:/o:sun:opensolaris:snv_108::x86 cpe:/o:sun:opensolaris:snv_109::sparc cpe:/o:sun:opensolaris:snv_109::x86 cpe:/o:sun:opensolaris:snv_110::sparc cpe:/o:sun:opensolaris:snv_110::x86 cpe:/o:sun:solaris:10.0::sparc cpe:/o:sun:solaris:10.0::x86 CVE-2009-0870 2009-03-10T16:30:06.640-04:00 2017-08-16T21:30:03.957-04:00 4.7 LOCAL MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov SECTRACK 1021819 CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 SUNALERT 252469 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-090.htm BID 34031 VUPEN ADV-2009-0635 VUPEN ADV-2009-0765 XF solaris-nfsv4-hsfs-dos(49133) The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function. cpe:/a:digium:asterisk:1.4.22 cpe:/a:digium:asterisk:1.4.23 cpe:/a:digium:asterisk:1.4.23.1 cpe:/a:digium:asterisk:1.6.0 cpe:/a:digium:asterisk:1.6.0:beta1 cpe:/a:digium:asterisk:1.6.0:beta2 cpe:/a:digium:asterisk:1.6.0:beta3 cpe:/a:digium:asterisk:1.6.0:beta4 cpe:/a:digium:asterisk:1.6.0:beta5 cpe:/a:digium:asterisk:1.6.0:beta6 cpe:/a:digium:asterisk:1.6.0:beta7 cpe:/a:digium:asterisk:1.6.0:beta7.1 cpe:/a:digium:asterisk:1.6.0:beta8 cpe:/a:digium:asterisk:1.6.0:beta9 cpe:/a:digium:asterisk:1.6.0:rc4 cpe:/a:digium:asterisk:1.6.0:rc5 cpe:/a:digium:asterisk:1.6.0:rc6 cpe:/a:digium:asterisk:1.6.0.1 cpe:/a:digium:asterisk:1.6.0.2 cpe:/a:digium:asterisk:1.6.0.3 cpe:/a:digium:asterisk:1.6.0.3:rc1 cpe:/a:digium:asterisk:1.6.0.4:rc1 cpe:/a:digium:asterisk:1.6.0.5 cpe:/a:digium:asterisk:1.6.1 cpe:/a:digium:asterisk:1.6.1:beta1 cpe:/a:digium:asterisk:1.6.1:beta2 cpe:/a:digium:asterisk:1.6.1:beta3 cpe:/a:digium:asterisk:1.6.1:beta4 cpe:/a:digium:asterisk:1.6.1:rc1 cpe:/a:digium:asterisk:c.2.3:-:business CVE-2009-0871 2009-03-11T10:19:15.420-04:00 2018-10-10T15:32:15.740-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE NONE PARTIAL http://nvd.nist.gov CONFIRM http://bugs.digium.com/view.php?id=13547 CONFIRM http://bugs.digium.com/view.php?id=14417 CONFIRM http://downloads.digium.com/pub/security/AST-2009-002.html BUGTRAQ 20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver BID 34070 SECTRACK 1021834 VUPEN ADV-2009-0667 The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions. cpe:/o:sun:opensolaris:snv_01::sparc cpe:/o:sun:opensolaris:snv_01::x86 cpe:/o:sun:opensolaris:snv_02::sparc cpe:/o:sun:opensolaris:snv_02::x86 cpe:/o:sun:opensolaris:snv_03::sparc cpe:/o:sun:opensolaris:snv_03::x86 cpe:/o:sun:opensolaris:snv_04::sparc cpe:/o:sun:opensolaris:snv_04::x86 cpe:/o:sun:opensolaris:snv_05::sparc cpe:/o:sun:opensolaris:snv_05::x86 cpe:/o:sun:opensolaris:snv_06::sparc cpe:/o:sun:opensolaris:snv_06::x86 cpe:/o:sun:opensolaris:snv_07::sparc cpe:/o:sun:opensolaris:snv_07::x86 cpe:/o:sun:opensolaris:snv_08::sparc cpe:/o:sun:opensolaris:snv_08::x86 cpe:/o:sun:opensolaris:snv_09::sparc cpe:/o:sun:opensolaris:snv_09::x86 cpe:/o:sun:opensolaris:snv_10::sparc cpe:/o:sun:opensolaris:snv_10::x86 cpe:/o:sun:opensolaris:snv_11::sparc cpe:/o:sun:opensolaris:snv_11::x86 cpe:/o:sun:opensolaris:snv_12::sparc cpe:/o:sun:opensolaris:snv_12::x86 cpe:/o:sun:opensolaris:snv_13::sparc cpe:/o:sun:opensolaris:snv_13::x86 cpe:/o:sun:opensolaris:snv_14::sparc cpe:/o:sun:opensolaris:snv_14::x86 cpe:/o:sun:opensolaris:snv_15::sparc cpe:/o:sun:opensolaris:snv_15::x86 cpe:/o:sun:opensolaris:snv_16::sparc cpe:/o:sun:opensolaris:snv_16::x86 cpe:/o:sun:opensolaris:snv_17::sparc cpe:/o:sun:opensolaris:snv_17::x86 cpe:/o:sun:opensolaris:snv_18::sparc cpe:/o:sun:opensolaris:snv_18::x86 cpe:/o:sun:opensolaris:snv_19::sparc cpe:/o:sun:opensolaris:snv_19::x86 cpe:/o:sun:opensolaris:snv_20::sparc cpe:/o:sun:opensolaris:snv_20::x86 cpe:/o:sun:opensolaris:snv_21::sparc cpe:/o:sun:opensolaris:snv_21::x86 cpe:/o:sun:opensolaris:snv_22::sparc cpe:/o:sun:opensolaris:snv_22::x86 cpe:/o:sun:opensolaris:snv_23::sparc cpe:/o:sun:opensolaris:snv_23::x86 cpe:/o:sun:opensolaris:snv_24::sparc cpe:/o:sun:opensolaris:snv_24::x86 cpe:/o:sun:opensolaris:snv_25::sparc cpe:/o:sun:opensolaris:snv_25::x86 cpe:/o:sun:opensolaris:snv_26::sparc cpe:/o:sun:opensolaris:snv_26::x86 cpe:/o:sun:opensolaris:snv_27::sparc cpe:/o:sun:opensolaris:snv_27::x86 cpe:/o:sun:opensolaris:snv_28::sparc cpe:/o:sun:opensolaris:snv_28::x86 cpe:/o:sun:opensolaris:snv_29::sparc cpe:/o:sun:opensolaris:snv_29::x86 cpe:/o:sun:opensolaris:snv_30::sparc cpe:/o:sun:opensolaris:snv_30::x86 cpe:/o:sun:opensolaris:snv_31::sparc cpe:/o:sun:opensolaris:snv_31::x86 cpe:/o:sun:opensolaris:snv_32::sparc cpe:/o:sun:opensolaris:snv_32::x86 cpe:/o:sun:opensolaris:snv_33::sparc cpe:/o:sun:opensolaris:snv_33::x86 cpe:/o:sun:opensolaris:snv_34::sparc cpe:/o:sun:opensolaris:snv_34::x86 cpe:/o:sun:opensolaris:snv_35::sparc cpe:/o:sun:opensolaris:snv_35::x86 cpe:/o:sun:opensolaris:snv_36::sparc cpe:/o:sun:opensolaris:snv_36::x86 cpe:/o:sun:opensolaris:snv_37::sparc cpe:/o:sun:opensolaris:snv_37::x86 cpe:/o:sun:opensolaris:snv_38::sparc cpe:/o:sun:opensolaris:snv_38::x86 cpe:/o:sun:opensolaris:snv_39::sparc cpe:/o:sun:opensolaris:snv_39::x86 cpe:/o:sun:opensolaris:snv_40::sparc cpe:/o:sun:opensolaris:snv_40::x86 cpe:/o:sun:opensolaris:snv_41::sparc cpe:/o:sun:opensolaris:snv_41::x86 cpe:/o:sun:opensolaris:snv_42::sparc cpe:/o:sun:opensolaris:snv_42::x86 cpe:/o:sun:opensolaris:snv_43::sparc cpe:/o:sun:opensolaris:snv_43::x86 cpe:/o:sun:opensolaris:snv_44::sparc cpe:/o:sun:opensolaris:snv_44::x86 cpe:/o:sun:opensolaris:snv_45::sparc cpe:/o:sun:opensolaris:snv_45::x86 cpe:/o:sun:opensolaris:snv_46::sparc cpe:/o:sun:opensolaris:snv_46::x86 cpe:/o:sun:opensolaris:snv_47::sparc cpe:/o:sun:opensolaris:snv_47::x86 cpe:/o:sun:opensolaris:snv_48::sparc cpe:/o:sun:opensolaris:snv_48::x86 cpe:/o:sun:opensolaris:snv_49::sparc cpe:/o:sun:opensolaris:snv_49::x86 cpe:/o:sun:opensolaris:snv_50::sparc cpe:/o:sun:opensolaris:snv_50::x86 cpe:/o:sun:opensolaris:snv_51::sparc cpe:/o:sun:opensolaris:snv_51::x86 cpe:/o:sun:opensolaris:snv_52::sparc cpe:/o:sun:opensolaris:snv_52::x86 cpe:/o:sun:opensolaris:snv_53::sparc cpe:/o:sun:opensolaris:snv_53::x86 cpe:/o:sun:opensolaris:snv_54::sparc cpe:/o:sun:opensolaris:snv_54::x86 cpe:/o:sun:opensolaris:snv_55::sparc cpe:/o:sun:opensolaris:snv_55::x86 cpe:/o:sun:opensolaris:snv_56::sparc cpe:/o:sun:opensolaris:snv_56::x86 cpe:/o:sun:opensolaris:snv_57::sparc cpe:/o:sun:opensolaris:snv_57::x86 cpe:/o:sun:opensolaris:snv_58::sparc cpe:/o:sun:opensolaris:snv_58::x86 cpe:/o:sun:opensolaris:snv_59::sparc cpe:/o:sun:opensolaris:snv_59::x86 cpe:/o:sun:opensolaris:snv_60::sparc cpe:/o:sun:opensolaris:snv_60::x86 cpe:/o:sun:opensolaris:snv_61::sparc cpe:/o:sun:opensolaris:snv_61::x86 cpe:/o:sun:opensolaris:snv_62::sparc cpe:/o:sun:opensolaris:snv_62::x86 cpe:/o:sun:opensolaris:snv_63::sparc cpe:/o:sun:opensolaris:snv_63::x86 cpe:/o:sun:opensolaris:snv_64::sparc cpe:/o:sun:opensolaris:snv_64::x86 cpe:/o:sun:opensolaris:snv_65::sparc cpe:/o:sun:opensolaris:snv_65::x86 cpe:/o:sun:opensolaris:snv_66::sparc cpe:/o:sun:opensolaris:snv_66::x86 cpe:/o:sun:opensolaris:snv_67::sparc cpe:/o:sun:opensolaris:snv_67::x86 cpe:/o:sun:opensolaris:snv_68::sparc cpe:/o:sun:opensolaris:snv_68::x86 cpe:/o:sun:opensolaris:snv_69::sparc cpe:/o:sun:opensolaris:snv_69::x86 cpe:/o:sun:opensolaris:snv_70::sparc cpe:/o:sun:opensolaris:snv_70::x86 cpe:/o:sun:opensolaris:snv_71::sparc cpe:/o:sun:opensolaris:snv_71::x86 cpe:/o:sun:opensolaris:snv_72::sparc cpe:/o:sun:opensolaris:snv_72::x86 cpe:/o:sun:opensolaris:snv_73::sparc cpe:/o:sun:opensolaris:snv_73::x86 cpe:/o:sun:opensolaris:snv_74::sparc cpe:/o:sun:opensolaris:snv_74::x86 cpe:/o:sun:opensolaris:snv_75::sparc cpe:/o:sun:opensolaris:snv_75::x86 cpe:/o:sun:opensolaris:snv_76::sparc cpe:/o:sun:opensolaris:snv_76::x86 cpe:/o:sun:opensolaris:snv_77::sparc cpe:/o:sun:opensolaris:snv_77::x86 cpe:/o:sun:opensolaris:snv_78::sparc cpe:/o:sun:opensolaris:snv_78::x86 cpe:/o:sun:opensolaris:snv_79::sparc cpe:/o:sun:opensolaris:snv_79::x86 cpe:/o:sun:opensolaris:snv_80::sparc cpe:/o:sun:opensolaris:snv_80::x86 cpe:/o:sun:opensolaris:snv_81::sparc cpe:/o:sun:opensolaris:snv_81::x86 cpe:/o:sun:opensolaris:snv_82::sparc cpe:/o:sun:opensolaris:snv_82::x86 cpe:/o:sun:opensolaris:snv_83::sparc cpe:/o:sun:opensolaris:snv_83::x86 cpe:/o:sun:opensolaris:snv_84::sparc cpe:/o:sun:opensolaris:snv_84::x86 cpe:/o:sun:opensolaris:snv_85::sparc cpe:/o:sun:opensolaris:snv_85::x86 cpe:/o:sun:opensolaris:snv_86::sparc cpe:/o:sun:opensolaris:snv_86::x86 cpe:/o:sun:opensolaris:snv_87::sparc cpe:/o:sun:opensolaris:snv_87::x86 cpe:/o:sun:opensolaris:snv_88::sparc cpe:/o:sun:opensolaris:snv_88::x86 cpe:/o:sun:opensolaris:snv_89::sparc cpe:/o:sun:opensolaris:snv_89::x86 cpe:/o:sun:opensolaris:snv_90::sparc cpe:/o:sun:opensolaris:snv_90::x86 cpe:/o:sun:opensolaris:snv_91::sparc cpe:/o:sun:opensolaris:snv_91::x86 cpe:/o:sun:opensolaris:snv_92::sparc cpe:/o:sun:opensolaris:snv_92::x86 cpe:/o:sun:opensolaris:snv_93::sparc cpe:/o:sun:opensolaris:snv_93::x86 cpe:/o:sun:opensolaris:snv_94::sparc cpe:/o:sun:opensolaris:snv_94::x86 cpe:/o:sun:opensolaris:snv_95::sparc cpe:/o:sun:opensolaris:snv_95::x86 cpe:/o:sun:opensolaris:snv_96::sparc cpe:/o:sun:opensolaris:snv_96::x86 cpe:/o:sun:opensolaris:snv_97::sparc cpe:/o:sun:opensolaris:snv_97::x86 cpe:/o:sun:opensolaris:snv_98::sparc cpe:/o:sun:opensolaris:snv_98::x86 cpe:/o:sun:opensolaris:snv_99::sparc cpe:/o:sun:opensolaris:snv_99::x86 cpe:/o:sun:opensolaris:snv_100::sparc cpe:/o:sun:opensolaris:snv_100::x86 cpe:/o:sun:opensolaris:snv_101::sparc cpe:/o:sun:opensolaris:snv_101::x86 cpe:/o:sun:opensolaris:snv_102::sparc cpe:/o:sun:opensolaris:snv_102::x86 cpe:/o:sun:opensolaris:snv_103::sparc cpe:/o:sun:opensolaris:snv_103::x86 cpe:/o:sun:opensolaris:snv_104::sparc cpe:/o:sun:opensolaris:snv_104::x86 cpe:/o:sun:opensolaris:snv_105::sparc cpe:/o:sun:opensolaris:snv_105::x86 cpe:/o:sun:opensolaris:snv_106::sparc cpe:/o:sun:opensolaris:snv_106::x86 cpe:/o:sun:opensolaris:snv_107::sparc