Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-04 | CVE-2009-0802 | Permissions, Privileges, and Access Controls vulnerability in Qbik Wingate Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.4 |
| 2009-03-04 | CVE-2009-0801 | Permissions, Privileges, and Access Controls vulnerability in Squid web Proxy Cache Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.4 |
| 2009-03-04 | CVE-2009-0780 | Remote Denial of Service vulnerability in OpenBSD bgpd The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path. | 5.0 |
| 2009-03-03 | CVE-2009-0759 | Code Injection vulnerability in ZNC Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors. | 6.5 |
| 2009-03-03 | CVE-2009-0756 | Denial of Service vulnerability in Poppler The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. | 5.0 |
| 2009-03-03 | CVE-2009-0755 | Denial of Service vulnerability in Poppler The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. | 5.0 |
| 2009-03-03 | CVE-2009-0753 | Path Traversal vulnerability in Mldonkey Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename. | 5.0 |
| 2009-03-02 | CVE-2009-0751 | Resource Management Errors vulnerability in Yaws Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers. | 5.0 |
| 2009-03-02 | CVE-2008-6388 | Permissions, Privileges, and Access Controls vulnerability in 4U2Ges Rapid Classified 3.1/3.15 Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. | 5.0 |
| 2009-03-02 | CVE-2008-6387 | Information Exposure vulnerability in Activewebsoftwares Quick Tree View .Net 3.1 Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb. | 5.0 |