Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-17 | CVE-2008-6157 | Cleartext Storage of Sensitive Information vulnerability in Sepcity Classified ADS SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information. | 7.5 |
| 2009-01-30 | CVE-2009-0034 | Incorrect Authorization vulnerability in multiple products parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | 7.8 |
| 2009-01-26 | CVE-2009-0265 | Unchecked Return Value vulnerability in ISC Bind Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. | 7.5 |
| 2009-01-22 | CVE-2009-0255 | Use of Insufficiently Random Values vulnerability in multiple products The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | 7.5 |
| 2009-01-21 | CVE-2009-0244 | Path Traversal vulnerability in Microsoft Windows Mobile 5.0/6.0 Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. | 8.8 |
| 2009-01-20 | CVE-2009-0182 | Classic Buffer Overflow vulnerability in Vuplayer Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line. | 8.8 |
| 2008-12-29 | CVE-2008-5748 | Path Traversal vulnerability in Bloofox Bloofoxcms 0.3.4 Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters. | 8.1 |
| 2008-12-19 | CVE-2008-4122 | Cleartext Transmission of Sensitive Information vulnerability in Joomla Joomla! 1.5.8 Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 7.5 |
| 2008-12-09 | CVE-2008-4390 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Linksys Wvc54Gc Firmware The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. | 7.5 |
| 2008-11-26 | CVE-2008-5162 | Use of Insufficiently Random Values vulnerability in Freebsd The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator. | 7.0 |