CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

DEBIAN-CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

CVE-2009-4105

TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service crash by sending an APPE append command immediately followed by a DELE delete command without sending file data in between these two commands...

CVE-2009-4105

CVE-2009-4105 affects TYPSoft FTP Server 1.10. Remote authenticated users can crash the server by issuing APPE followed immediately by DELE without file data, causing a denial of service. The connected sources describe the DoS impact and CVSS base score 3.5, but remediation details are not provid...

CVE-2009-3898

Directory traversal vulnerability in src/http/modules/ngxhttpdavmodule.c in nginx aka Engine X before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. dot dot in the Destination HTTP header for the WebDAV 1 COPY or 2 MOVE method...

CVE-2009-4053

Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to 1 create arbitrary directories via directory traversal sequences in an MKD command or 2 create files with any contents in arbitrary directories via directory traversal sequences in a fil...

CVE-2009-3921

The Smartqueueog module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation message...

Design/Logic Flaw

Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors...

CVE-2009-3298

Mahara up to version 1.0.12 and 1.1.x up to 1.1.6 is affected: remote authenticated institutional administrators can reset the site administrator's password via unspecified vectors, enabling privilege escalation. Affects Mahara core components handling admin authentication. Remediation per source...

CVE-2009-3814

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

MySQL CREATE FUNCTION Table Arbitrary Library Injection (CVE-2005-0710)

MySQL is an open-source implementation of a relational database management system supporting the SQL Structured Query Language database query language. MySQL allows users to create user-defined functions UDF through the CREATE FUNCTION command. A vulnerability exists in the user-defined function...

Design/Logic Flaw

Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS030000.WWVEXECUTEIMMEDIATE...

CVE-2009-1964

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

Everfocus <= 1.4 EDSR Remote Authentication Bypass

No description provided by source. Product: Everfocus EDSR series Version affected: 1.4 and older Website: http://www.everfocus.com/ Discovered By: Andrea Fabrizi Email: andrea.fabrizi gmail com Web: http://www.andreafabrizi.it Vuln: remote DVR applet authentication bypass The EDSR firmware don't...

Everfocus 1.4 - EDSR Remote Authentication Bypass

Everfocus 1.4 - EDSR Remote Authentication Bypass Product: Everfocus EDSR series Version affected: 1.4 and older Website: http://www.everfocus.com/ Discovered By: Andrea Fabrizi Email: andrea.fabrizi gmail com Web: http://www.andreafabrizi.it Vuln: remote DVR applet authentication bypass The EDSR...

Everfocus <= 1.4 EDSR Remote Authentication Bypass

Exploit for unknown platform in category web applications ================================================== Everfocus = 1.4 EDSR Remote Authentication Bypass ================================================== Product: Everfocus EDSR series Version affected: 1.4 and older Website:...

CVE-2009-3528

SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action...

Mandriva Linux Security Advisory : postgresql8.2 (MDVSA-2009:251-1)

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service backend shutdown by re-LOAD-ing libraries from a certain plugins directory CVE-2009-3229. The core server component in PostgreSQL 8.4...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via 1 the JEXECOUTID parameter in a JEXECMODERELAYOUTPUT action to the jexec program; the 2 act, 3 refresh-time, or 4 ifid...