|
305991
|
7.5 |
HIGH
Network
|
mod_gnutls_project
|
mod_gnutls
|
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.
|
CWE-254
7PK - Security Features
|
CVE-2009-5144
|
2024-11-21 10:11 |
2018-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305992
|
6.1 |
MEDIUM
Network
|
zope
|
zope
|
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
|
CWE-79
Cross-site Scripting
|
CVE-2009-5145
|
2024-11-21 10:11 |
2017-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305993
|
7.3 |
HIGH
Network
|
ruby-lang
|
ruby
|
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
|
CWE-20
Improper Input Validation
|
CVE-2009-5147
|
2024-11-21 10:11 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305994
|
- |
|
arris
|
na_model_862_gw_mono_firmware
|
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access vi…
|
CWE-255
Credentials Management
|
CVE-2009-5149
|
2024-11-21 10:11 |
2015-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305995
|
- |
|
gehealthcare
|
discovery_530c_firmware
|
GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not cle…
|
CWE-255
Credentials Management
|
CVE-2009-5143
|
2024-11-21 10:11 |
2015-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305996
|
- |
|
binarymoon
prothemedesign
|
timthumb
mimbo_pro
|
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2009-5142
|
2024-11-21 10:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305997
|
- |
|
fail2ban
|
fail2ban
|
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a sym…
|
CWE-59
Link Following
|
CVE-2009-5023
|
2024-11-21 10:11 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305998
|
- |
|
jgaa
|
warftpd
|
Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2009-5141
|
2024-11-21 10:11 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305999
|
- |
|
gnu
|
gnutls
|
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restric…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-5138
|
2024-11-21 10:11 |
2014-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306000
|
- |
|
mini-stream
|
castripper
|
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-20…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-5137
|
2024-11-21 10:11 |
2014-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
