Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2009-08-26 CVE-2008-7084 Path Traversal vulnerability in Hirschelectronics Velocity Security Management System 1.0
Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a ..
network
low complexity
hirschelectronics CWE-22
5.0
2009-08-25 CVE-2009-2966 Resource Management Errors vulnerability in Kaspersky Anti-Virus and Kaspersky Internet Security
avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.
network
kaspersky CWE-399
4.3
2009-08-25 CVE-2009-2965 Cross-Site Scripting vulnerability in Radvision Scopia 5.7
Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
network
radvision CWE-79
4.3
2009-08-25 CVE-2009-2964 Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.
6.8
2009-08-25 CVE-2009-2963 Unspecified vulnerability in Decomputeur Toolbar Uninstaller 1.0.2
Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers to force the download and execution of arbitrary files via attack vectors related to a "malformed update url and a malformed update website."
network
decomputeur
critical
9.3
2009-08-25 CVE-2009-2961 Buffer Errors vulnerability in Kolmck KOL Player 1.0
Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file.
network
kolmck CWE-119
critical
9.3
2009-08-25 CVE-2009-2960 Permissions, Privileges, and Access Controls vulnerability in Cuteflow 2.10.3/2.11.0C
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
network
low complexity
cuteflow CWE-264
7.5
2009-08-25 CVE-2009-2959 Cross-Site Scripting vulnerability in Buildbot
Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
buildbot CWE-79
4.3
2009-08-25 CVE-2008-7083 SQL Injection vulnerability in Revou Micro Blogging Twitter Clone
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
network
low complexity
revou CWE-89
7.5
2009-08-25 CVE-2008-7082 Cross-Site Request Forgery (CSRF) vulnerability in Mybboard Mybb 1.4.3
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
network
mybboard CWE-352
6.8