LiveActive security incident?Get immediate response
CVE archive

2009 CVE Archive

Browse CVE records published in 2009 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 4921 matching CVEs · Page 3 of 99.

Unknown · CVSS Not scored

CVE-2009-4593: The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of...

The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.

Published Jan 7, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2009-3339: Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to...

Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Published Sep 24, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2009-2079: Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x befor...

Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names.

Published Jun 16, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2009-2169: Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF...

Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Published Jun 22, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2009-2861: The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200...

The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664.

Published Aug 27, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2009-0654: Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router a...

Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."

Published Feb 20, 2009 · Updated Sep 17, 2024