270531
|
- |
|
softbiz
|
faq
|
SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.p…
|
NVD-CWE-Other
|
CVE-2005-3938
|
2009-10-9 13:33 |
2005-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270532
|
- |
|
inotify
|
incron
|
incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-3589
|
2009-10-9 00:30 |
2009-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270533
|
- |
|
dave_reid gabor_hojtsy
|
commentrss
|
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the nod…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-3568
|
2009-10-8 13:00 |
2009-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270534
|
- |
|
openbsd
|
openbsd
|
OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2009-3572
|
2009-10-8 13:00 |
2009-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270535
|
- |
|
openbsd
|
openbsd
|
Per: http://marc.info/?l=openbsd-security-announce&m=125474331811594
XMM exceptions are incorrectly handled in the OpenBSD/i386 kernel, resulting
in a kernel panic that can be triggered by a loca…
|
NVD-CWE-Other
|
CVE-2009-3572
|
2009-10-8 13:00 |
2009-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270536
|
- |
|
freebsd
|
freebsd
|
Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use …
|
CWE-362
Race Condition
|
CVE-2009-3527
|
2009-10-7 13:00 |
2009-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270537
|
- |
|
sun
|
java_system_identity_manager
|
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the netwo…
|
CWE-310
Cryptographic Issues
|
CVE-2009-1074
|
2009-10-6 13:00 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270538
|
- |
|
sun
|
java_system_identity_manager
|
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to…
|
CWE-255
Credentials Management
|
CVE-2009-1075
|
2009-10-6 13:00 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270539
|
- |
|
sun
|
java_system_identity_manager
|
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote aut…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1077
|
2009-10-6 13:00 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270540
|
- |
|
sun
|
java_system_identity_manager
|
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authentica…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1078
|
2009-10-6 13:00 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|