Total
5464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0345 | 1 Sun | 2 Fire X2100 M2, Fire X2200 M2 | 2025-04-09 | N/A |
| Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717. | ||||
| CVE-2009-0355 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element. | ||||
| CVE-2009-0357 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. | ||||
| CVE-2009-0361 | 1 Eyrie | 1 Pam-krb5 | 2025-04-09 | N/A |
| Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations. | ||||
| CVE-2009-0365 | 2 Redhat, Ubuntu | 2 Enterprise Linux, Ubuntu Linux | 2025-04-09 | N/A |
| nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. | ||||
| CVE-2009-0367 | 1 Wesnoth | 1 Wesnoth | 2025-04-09 | N/A |
| The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module. | ||||
| CVE-2009-0382 | 1 Drupal | 2 Drupal, Internationalization | 2025-04-09 | N/A |
| Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. | ||||
| CVE-2009-0383 | 1 Mzbservices | 1 Max.blog | 2025-04-09 | N/A |
| delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request. | ||||
| CVE-2009-0399 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2025-04-09 | N/A |
| Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions. | ||||
| CVE-2009-0411 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. | ||||
| CVE-2009-0419 | 1 Microsoft | 1 Xml Core Services | 2025-04-09 | N/A |
| Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. | ||||
| CVE-2009-0436 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors. | ||||
| CVE-2009-0438 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. | ||||
| CVE-2009-0439 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | N/A |
| Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. | ||||
| CVE-2009-0469 | 1 Futomis Cgi Cafe | 1 Fulltext Search Cgi | 2025-04-09 | N/A |
| Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors. | ||||
| CVE-2009-0477 | 1 Sun | 1 Opensolaris | 2025-04-09 | N/A |
| Unspecified vulnerability in the process (aka proc) filesystem in Sun OpenSolaris snv_85 through snv_100 allows local users to gain privileges via vectors related to the contract filesystem. | ||||
| CVE-2009-0498 | 1 Minitdesign | 1 Virtual Guestbook | 2025-04-09 | N/A |
| Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb. | ||||
| CVE-2009-0536 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges. | ||||
| CVE-2009-0568 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows Server and 3 more | 2025-04-09 | N/A |
| The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." | ||||
| CVE-2009-0571 | 1 Ninjadesigns | 1 Mailist | 2025-04-09 | N/A |
| admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory. | ||||