Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-26 | CVE-2008-7084 | Path Traversal vulnerability in Hirschelectronics Velocity Security Management System 1.0 Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-08-25 | CVE-2009-2966 | Resource Management Errors vulnerability in Kaspersky Anti-Virus and Kaspersky Internet Security avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. | 4.3 |
2009-08-25 | CVE-2009-2965 | Cross-Site Scripting vulnerability in Radvision Scopia 5.7 Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2009-08-25 | CVE-2009-2964 | Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php. | 6.8 |
2009-08-25 | CVE-2009-2963 | Unspecified vulnerability in Decomputeur Toolbar Uninstaller 1.0.2 Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers to force the download and execution of arbitrary files via attack vectors related to a "malformed update url and a malformed update website." | 9.3 |
2009-08-25 | CVE-2009-2961 | Buffer Errors vulnerability in Kolmck KOL Player 1.0 Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file. | 9.3 |
2009-08-25 | CVE-2009-2960 | Permissions, Privileges, and Access Controls vulnerability in Cuteflow 2.10.3/2.11.0C CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request. | 7.5 |
2009-08-25 | CVE-2009-2959 | Cross-Site Scripting vulnerability in Buildbot Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-08-25 | CVE-2008-7083 | SQL Injection vulnerability in Revou Micro Blogging Twitter Clone Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | 7.5 |
2009-08-25 | CVE-2008-7082 | Cross-Site Request Forgery (CSRF) vulnerability in Mybboard Mybb 1.4.3 MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header. | 6.8 |