| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
5251 |
CVE-2010-3497 |
264 |
|
Exec Code |
2012-08-22 |
2012-08-22 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." |
|
5252 |
CVE-2010-3496 |
264 |
|
Exec Code |
2012-08-22 |
2012-08-22 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. |
|
5253 |
CVE-2010-2387 |
255 |
|
+Priv |
2012-12-21 |
2017-08-17 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. |
|
5254 |
CVE-2010-2021 |
20 |
|
|
2012-06-25 |
2017-08-17 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. |
|
5255 |
CVE-2010-1330 |
79 |
|
XSS |
2012-11-23 |
2021-01-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. |
|
5256 |
CVE-2009-5132 |
|
|
DoS |
2012-08-26 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 106 and 7.x before 7.1 allow remote attackers to cause a denial of service (filtering outage) via a crafted URL. |
|
5257 |
CVE-2009-5131 |
264 |
|
Bypass |
2012-08-26 |
2012-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session. |
|
5258 |
CVE-2009-5130 |
119 |
|
DoS Overflow |
2012-08-26 |
2012-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size. |
|
5259 |
CVE-2009-5129 |
119 |
|
DoS Overflow |
2012-08-26 |
2012-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (intermittent LDAP authentication outage) via a login attempt with an incorrect password. |
|
5260 |
CVE-2009-5128 |
119 |
|
DoS Overflow |
2012-08-26 |
2012-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (memory consumption and process crash) via a large file that is not properly handled during buffering. |
|
5261 |
CVE-2009-5127 |
|
|
DoS |
2012-08-26 |
2012-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Antivirus component in Comodo Internet Security before 3.8.64739.471 allows remote attackers to cause a denial of service (application crash) via a crafted file. |
|
5262 |
CVE-2009-5126 |
|
|
DoS |
2012-08-26 |
2012-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Antivirus component in Comodo Internet Security before 3.8.65951.477 allows remote attackers to cause a denial of service (application crash) via a crafted file. |
|
5263 |
CVE-2009-5125 |
|
|
Bypass |
2012-08-26 |
2012-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Comodo Internet Security before 3.9.95478.509 allows remote attackers to bypass malware detection in an RAR archive via an unspecified manipulation of the archive file format. |
|
5264 |
CVE-2009-5124 |
119 |
|
DoS Overflow |
2012-08-26 |
2012-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (application crash) via a crafted packed file. |
|
5265 |
CVE-2009-5123 |
119 |
|
DoS Overflow |
2012-08-26 |
2012-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (memory consumption) via a crafted compressed file. |
|
5266 |
CVE-2009-5122 |
200 |
|
+Info |
2012-08-23 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Personal Email Manager component in Websense Email Security before 7.2 allows remote attackers to obtain potentially sensitive information from the JBoss status page via an unspecified query. |
|
5267 |
CVE-2009-5121 |
264 |
|
Bypass |
2012-08-23 |
2012-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session. |
|
5268 |
CVE-2009-5120 |
16 |
|
XSS |
2012-08-23 |
2012-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port. |
|
5269 |
CVE-2009-5119 |
16 |
|
+Info |
2012-08-23 |
2012-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. |
|
5270 |
CVE-2009-5118 |
|
|
+Priv |
2012-08-22 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share. |
|
5271 |
CVE-2009-5117 |
200 |
|
+Info |
2012-08-22 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files. |
|
5272 |
CVE-2009-5116 |
287 |
|
|
2012-08-22 |
2012-08-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account. |
|
5273 |
CVE-2009-5115 |
264 |
|
|
2012-08-22 |
2017-08-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object. |
|
5274 |
CVE-2009-5114 |
22 |
|
Dir. Trav. |
2012-03-19 |
2017-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. |
|
5275 |
CVE-2009-5113 |
79 |
|
XSS |
2012-03-19 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the DOC parameter. |
|
5276 |
CVE-2009-5112 |
200 |
|
+Info |
2012-03-19 |
2017-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request. |
|
5277 |
CVE-2009-5067 |
22 |
1
|
DoS Dir. Trav. |
2012-10-10 |
2013-01-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices. |
|
5278 |
CVE-2009-5066 |
255 |
|
|
2012-08-13 |
2015-01-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. |
|
5279 |
CVE-2009-5031 |
79 |
|
XSS Bypass |
2012-07-22 |
2021-02-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. |
|
5280 |
CVE-2009-5030 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-07-18 |
2020-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free." |
|
5281 |
CVE-2009-5026 |
89 |
|
Exec Code Sql |
2012-08-17 |
2019-12-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments. |
|
5282 |
CVE-2009-2899 |
200 |
|
+Info |
2012-12-05 |
2012-12-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments. |
|
5283 |
CVE-2009-0695 |
287 |
1
|
|
2012-06-19 |
2012-06-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action. |
|
5284 |
CVE-2009-0693 |
119 |
|
Exec Code Overflow |
2012-06-19 |
2012-06-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe. |
|
5285 |
CVE-2008-7312 |
20 |
|
Bypass |
2012-08-23 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address. |
|
5286 |
CVE-2008-7311 |
255 |
|
Bypass |
2012-04-05 |
2012-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file. |
|
5287 |
CVE-2008-7310 |
255 |
|
Bypass |
2012-04-05 |
2012-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability. |
|
5288 |
CVE-2008-7309 |
255 |
|
|
2012-04-05 |
2012-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability. |
|
5289 |
CVE-2007-6754 |
189 |
|
Overflow |
2012-07-25 |
2012-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors. |
|
5290 |
CVE-2007-6753 |
|
|
+Priv |
2012-03-28 |
2016-11-28 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. |
|
5291 |
CVE-2007-6752 |
352 |
2
|
CSRF |
2012-03-28 |
2012-03-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off." |
|
5292 |
CVE-2007-6751 |
79 |
|
XSS |
2012-01-04 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
5293 |
CVE-2007-6744 |
200 |
|
+Info |
2012-01-19 |
2012-01-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe. |
|
5294 |
CVE-2006-7252 |
189 |
|
Overflow |
2012-07-25 |
2012-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte. |
|
5295 |
CVE-2006-7250 |
|
|
DoS |
2012-02-29 |
2018-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. |
|
5296 |
CVE-2006-7247 |
89 |
1
|
Exec Code Sql |
2012-09-06 |
2013-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. |
|
5297 |
CVE-2005-4895 |
189 |
|
Overflow |
2012-07-25 |
2012-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. |
