Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-26 | CVE-2009-3784 | Cross-Site Request Forgery (CSRF) vulnerability in Sjoerd Arendsen Simplenews Statistics Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2009-10-26 | CVE-2009-3783 | Cross-Site Scripting vulnerability in Sjoerd Arendsen Simplenews Statistics Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. | 4.3 |
| 2009-10-26 | CVE-2009-3782 | Information Exposure vulnerability in 2Bits Userpoints 6.X1.0/6.X1.Xdev Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. | 3.5 |
| 2009-10-26 | CVE-2009-3780 | Cross-Site Scripting vulnerability in Ashok Modi Abuse 5.X1.0/5.X1.Xdev/5.X2.Xdev Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-10-26 | CVE-2009-3779 | Cross-Site Scripting vulnerability in Stefan Auditor Vcard Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. | 4.3 |
| 2009-10-26 | CVE-2009-3778 | SQL Injection vulnerability in Adam Gerson Moodle Courselist 6.X1.2 SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2009-10-26 | CVE-2009-3611 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. | 7.1 |
| 2009-10-23 | CVE-2009-3767 | Cryptographic Issues vulnerability in Openldap libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.8 |
| 2009-10-23 | CVE-2009-3766 | Cryptographic Issues vulnerability in Mutt 1.5.16/1.5.17/1.5.18 mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 6.8 |
| 2009-10-23 | CVE-2009-3765 | Cryptographic Issues vulnerability in Mutt 1.5.19/1.5.20 mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.8 |