LiveActive security incident?Get immediate response
CVE archive

August 2009

Browse CVE records published in August 2009, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 343 matching CVEs · Page 2 of 7.

Unknown · CVSS Not scored

CVE-2009-5120: The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter...

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.

Published Aug 23, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-5119: The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter...

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.

Published Aug 23, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-3000: The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cach...

The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."

Published Aug 28, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-2914: Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier all...

Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Aug 20, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-2727: Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM...

Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.

Published Aug 10, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-5143: GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user...

GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Published Aug 4, 2015 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-5063: Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-...

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

Published Aug 31, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4896: Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing...

Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.

Published Aug 2, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4269: The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before...

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

Published Aug 16, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-3743: Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71...

Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.

Published Aug 26, 2010 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-3019: Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote at...

Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute.

Published Aug 31, 2009 · Updated Aug 7, 2024