|
312031
|
3.1 |
LOW
Adjacent
|
redhat
|
enterprise_virtualization_manager
|
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAM…
|
CWE-295
Improper Certificate Validation
|
CVE-2009-3552
|
2024-11-21 10:07 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312032
|
- |
|
vmware
|
hyperic_hq
|
The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments.
|
CWE-200
Information Exposure
|
CVE-2009-2899
|
2024-11-21 10:06 |
2012-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312033
|
- |
|
symantec
|
altiris_deployment_solution
altiris_notification_server
management_platform
|
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x expos…
|
NVD-CWE-Other
|
CVE-2009-3028
|
2024-11-21 10:06 |
2011-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312034
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2802
|
2024-11-21 10:05 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312035
|
- |
|
ibm
|
websphere_application_server
|
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2748
|
2024-11-21 10:05 |
2011-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312036
|
- |
|
ibm
|
websphere_application_server
|
The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict acc…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2747
|
2024-11-21 10:05 |
2011-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312037
|
- |
|
apache
|
tomcat
|
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Lin…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2696
|
2024-11-21 10:05 |
2010-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312038
|
4.3 |
MEDIUM
Network
|
apple
|
safari
|
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.
|
CWE-19
Data Processing Errors
|
CVE-2009-2197
|
2024-11-21 10:04 |
2016-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312039
|
- |
|
apple
|
airport_express_base_station_firmware
airport_extreme_base_station_firmware
airport_express
airport_extreme
time_capsule
|
The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and …
|
CWE-399
Resource Management Errors
|
CVE-2009-2189
|
2024-11-21 10:04 |
2010-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312040
|
8.1 |
HIGH
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and acti…
|
CWE-613
Insufficient Session Expiration
|
CVE-2009-20001
|
2024-11-21 10:03 |
2021-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
