Total
3699 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3814 | 1 Runcms | 1 Runcms | 2024-11-21 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters. | |||||
| CVE-2009-3796 | 1 Adobe | 2 Adobe Air, Flash Player | 2024-11-21 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability." | |||||
| CVE-2009-3760 | 1 Citrix | 1 Xencenterweb | 2024-11-21 | 7.5 HIGH | N/A |
| Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3737 | 2 Microsoft, Oracle | 2 Internet Explorer, Siebel Option Pack Ie Activex Control | 2024-11-21 | 9.3 HIGH | N/A |
| The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. | |||||
| CVE-2009-3735 | 1 Panda | 1 Panda Activescan | 2024-11-21 | 9.3 HIGH | N/A |
| The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method. | |||||
| CVE-2009-3705 | 1 Achievo | 1 Achievo | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | |||||
| CVE-2009-3677 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
| The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." | |||||
| CVE-2009-3673 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2009-3672 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054. | |||||
| CVE-2009-3660 | 1 Efrontlearning | 1 Efront | 2024-11-21 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | |||||
| CVE-2009-3631 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 8.5 HIGH | N/A |
| The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2009-3578 | 1 Autodesk | 2 Alias Wavefront Maya, Autodesk Maya | 2024-11-21 | 9.3 HIGH | N/A |
| Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes." | |||||
| CVE-2009-3577 | 1 Autodesk | 1 3ds Max | 2024-11-21 | 9.3 HIGH | N/A |
| Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks." | |||||
| CVE-2009-3576 | 1 Autodesk | 2 Autodesk Softimage, Autodesk Softimage Xsi | 2024-11-21 | 9.3 HIGH | N/A |
| Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control. | |||||
| CVE-2009-3541 | 1 Phpgenealogy | 1 Phpgenealogy | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter. | |||||
| CVE-2009-3518 | 1 Ibm | 1 Installation Manager | 2024-11-21 | 9.3 HIGH | N/A |
| Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname. | |||||
| CVE-2009-3511 | 1 Fh54 | 1 Justvisual | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php. | |||||
| CVE-2009-3492 | 1 Gotdns | 1 Loggix Project | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to (1) Calendar.php, (2) Comment.php, (3) Rss.php and (4) Trackback.php in lib/Loggix/Module/; and (5) modules/downloads/lib/LM_Downloads.php. | |||||
| CVE-2009-3478 | 2 Mozilla, Nightlight | 2 Firefox, Fireftp | 2024-11-21 | 6.0 MEDIUM | N/A |
| Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe. | |||||
| CVE-2009-3465 | 1 Adobe | 1 Shockwave Player | 2024-11-21 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. | |||||