LiveActive security incident?Get immediate response
CVE archive

June 2009

Browse CVE records published in June 2009, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 476 matching CVEs · Page 2 of 10.

Unknown · CVSS Not scored

CVE-2009-2083: Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1....

Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."

Published Jun 16, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-1906: The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a...

The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.

Published Jun 3, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-5076: CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authe...

CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with (1) login.php or (2) password_forgotten.php appended as the PATH_INFO, which bypasses a check that uses PHP_SELF, which is not properly handled by (a) includes/application_top.php and (b) admin/includes/application_top.php, as exploited in the wild in 2009.

Published Jun 8, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-5081: The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in...

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

Published Jun 30, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-5080: The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic...

The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

Published Jun 30, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4907: Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the au...

Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog.

Published Jun 25, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4908: Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web...

Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php.

Published Jun 25, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4880: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 a...

Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.

Published Jun 1, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4881: Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GN...

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

Published Jun 1, 2010 · Updated Aug 7, 2024