Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-05-07 | CVE-2009-1441 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel. | 9.3 |
| 2009-05-07 | CVE-2008-6796 | SQL Injection vulnerability in Preprojects PRE Real Estate Listings SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field). | 7.5 |
| 2009-05-07 | CVE-2008-6795 | SQL Injection vulnerability in Niclor Vibro-School-Cms SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter. | 7.5 |
| 2009-05-07 | CVE-2008-6794 | SQL Injection vulnerability in SFS EZ PUB FSF EX PUB SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2009-05-07 | CVE-2008-6793 | Improper Input Validation vulnerability in Dflabs PTK 0.1/0.2/1.0 The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. | 6.8 |
| 2009-05-07 | CVE-2008-6792 | Cryptographic Issues vulnerability in Ubuntu Linux 8.10 system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks. | 5.0 |
| 2009-05-06 | CVE-2009-1576 | Unspecified vulnerability in Drupal Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. network drupal | 4.3 |
| 2009-05-06 | CVE-2009-1575 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7. | 4.3 |
| 2009-05-06 | CVE-2009-1574 | Remote Denial Of Service vulnerability in IPsec-Tools Prior to 0.7.2 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. | 5.0 |
| 2009-05-06 | CVE-2009-1573 | Permissions, Privileges, and Access Controls vulnerability in multiple products xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | 4.6 |