Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-24 | CVE-2009-3390 | Local Security vulnerability in OpenSolaris Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 10, and OpenSolaris snv_28 through snv_109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library. | 7.2 |
| 2009-09-24 | CVE-2009-2817 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file. | 9.3 |
| 2009-09-24 | CVE-2009-2682 | Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux B.11.23/B.11.31 Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors. | 7.2 |
| 2009-09-24 | CVE-2009-3369 | Permissions, Privileges, and Access Controls vulnerability in Craig Barratt Backuppc 3.1.0 CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore. | 8.5 |
| 2009-09-24 | CVE-2009-3368 | Cross-Site Scripting vulnerability in Joomlahbs COM Hbssearch Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php. | 4.3 |
| 2009-09-24 | CVE-2009-3367 | Cross-Site Scripting vulnerability in Plohni AN Image Gallery 1.0 Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. | 4.3 |
| 2009-09-24 | CVE-2009-3366 | Path Traversal vulnerability in Plohni AN Image Gallery 1.0 Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. | 5.0 |
| 2009-09-24 | CVE-2009-3365 | Code Injection vulnerability in Traza Aurora 1.0.2 PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter. | 7.5 |
| 2009-09-24 | CVE-2009-3364 | Buffer Errors vulnerability in Ftpshell 4.1 Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | 9.3 |
| 2009-09-24 | CVE-2009-3363 | Cross-Site Scripting vulnerability in Ufku Bayburt Bueditor Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor." | 4.3 |