Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.
Published Jun 8, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.
Published Jun 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.
Published Jun 30, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact.
Published Jun 23, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418.
Published Jun 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.
Published Jun 8, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."
Published Jun 16, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.
Published Jun 16, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses.
Published Jun 25, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
Published Jun 23, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.
Published Jun 19, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.
Published Jun 15, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field.
Published Jun 19, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors.
Published Jun 12, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.
Published Jun 26, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page.
Published Jun 16, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.
Published Jun 2, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail.
Published Jun 26, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
Published Jun 25, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
Published Jun 23, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162.
Published Jun 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412.
Published Jun 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Jun 4, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components.
Published Jun 25, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439.
Published Jun 29, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.
Published Jun 3, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with (1) login.php or (2) password_forgotten.php appended as the PATH_INFO, which bypasses a check that uses PHP_SELF, which is not properly handled by (a) includes/application_top.php and (b) admin/includes/application_top.php, as exploited in the wild in 2009.
Published Jun 8, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.
Published Jun 11, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.
Published Jun 11, 2019 · Updated Aug 7, 2024
Unknown · CVSS Not scored
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
Published Jun 30, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.
Published Jun 30, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.
Published Jun 30, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.
Published Jun 30, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.
Published Jun 10, 2014 · Updated Aug 7, 2024
Unknown · CVSS Not scored
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
Published Jun 24, 2011 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Jun 25, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action.
Published Jun 25, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog.
Published Jun 25, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php.
Published Jun 25, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests.
Published Jun 25, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.
Published Jun 1, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to module/admin/files/show_file.php and the (2) path parameter to module/admin/files/show_source.php.
Published Jun 11, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binn_include_path cookie. NOTE: this can also be leveraged to include and execute arbitrary local files.
Published Jun 11, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.
Published Jun 1, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in templates/1/login.php in phpCommunity 2 2.1.8 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
Published Jun 11, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.
Published Jun 11, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi.
Published Jun 2, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.
Published Jun 11, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter.
Published Jun 11, 2010 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) portfolio_genre.php and (2) news_id.php.
Published Jun 11, 2010 · Updated Aug 7, 2024