|
305601
|
- |
|
turbogears
|
turbogears2
|
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authoriz…
|
CWE-310
Cryptographic Issues
|
CVE-2009-5014
|
2024-11-21 10:10 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305602
|
- |
|
g.rodola
|
pyftpdlib
|
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during…
|
CWE-399
Resource Management Errors
|
CVE-2009-5013
|
2024-11-21 10:10 |
2010-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305603
|
- |
|
g.rodola
|
pyftpdlib
|
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-5012
|
2024-11-21 10:10 |
2010-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305604
|
- |
|
g.rodola
|
pyftpdlib
|
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TC…
|
CWE-362
Race Condition
|
CVE-2009-5011
|
2024-11-21 10:10 |
2010-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305605
|
- |
|
g.rodola
|
pyftpdlib
|
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TC…
|
CWE-362
Race Condition
|
CVE-2009-5010
|
2024-11-21 10:10 |
2010-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305606
|
- |
|
apache
redhat
|
qpid
enterprise_mrg
|
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and o…
|
NVD-CWE-Other
|
CVE-2009-5006
|
2024-11-21 10:10 |
2010-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305607
|
- |
|
apache
redhat
|
qpid
enterprise_mrg
|
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daem…
|
NVD-CWE-Other
|
CVE-2009-5005
|
2024-11-21 10:10 |
2010-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305608
|
- |
|
infradead
|
openconnect
|
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a cra…
|
CWE-399
Resource Management Errors
|
CVE-2009-5009
|
2024-11-21 10:10 |
2010-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305609
|
- |
|
cisco
|
secure_desktop
|
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a m…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-5008
|
2024-11-21 10:10 |
2010-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305610
|
- |
|
cisco
|
anyconnect_ssl_vpn
|
The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.
|
CWE-59
Link Following
|
CVE-2009-5007
|
2024-11-21 10:10 |
2010-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
