|
260261
|
- |
|
cisco
|
wvc54gca
|
Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files vi…
|
CWE-22
Path Traversal
|
CVE-2009-1559
|
2017-08-17 10:30 |
2009-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260262
|
- |
|
cisco
|
wvc54gc
|
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remot…
|
CWE-310
Cryptographic Issues
|
CVE-2009-1560
|
2017-08-17 10:30 |
2009-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260263
|
- |
|
quagga
|
quagga
|
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expe…
|
NVD-CWE-Other
|
CVE-2009-1572
|
2017-08-17 10:30 |
2009-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260264
|
- |
|
debian
redhat
ubuntu
branden_robinson
|
debian_linux
fedora
linux
xvfb-run
|
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listin…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1573
|
2017-08-17 10:30 |
2009-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260265
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted U…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1575
|
2017-08-17 10:30 |
2009-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260266
|
- |
|
cgi_rescue
|
cgi_rescue_minibbs
|
Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t before 8.95t, 8 before 8.95, 9 before 9.08, and 10 before 10.32 allows remote attackers to inject arbitrary web script or HTML via un…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1588
|
2017-08-17 10:30 |
2009-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260267
|
- |
|
igniterealtime
|
openfire
|
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified usernam…
|
CWE-287
Improper Authentication
|
CVE-2009-1595
|
2017-08-17 10:30 |
2009-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260268
|
- |
|
ubuntu
|
linux
|
The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local u…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1601
|
2017-08-17 10:30 |
2009-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260269
|
- |
|
ubuntu
|
linux
|
Per https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/365823
A clean install of clamav-milter (0.95.1+dfsg-1ubuntu1.1) causes the root directory to become owned by the clamav user.
This was…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1601
|
2017-08-17 10:30 |
2009-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260270
|
- |
|
dafolo
|
dafolocontrol
|
Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1606
|
2017-08-17 10:30 |
2009-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
