Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Max CVSS
5.0
EPSS Score
0.37%
Published
2009-03-25
Updated
2009-03-25
The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection.
Max CVSS
5.0
EPSS Score
0.36%
Published
2009-03-10
Updated
2017-08-17
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.
Max CVSS
5.0
EPSS Score
0.39%
Published
2009-03-09
Updated
2018-10-10
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.
Max CVSS
4.3
EPSS Score
1.09%
Published
2009-03-31
Updated
2021-06-07

CVE-2009-0815

Public exploit
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
Max CVSS
5.0
EPSS Score
18.39%
Published
2009-03-05
Updated
2010-04-27
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Max CVSS
7.1
EPSS Score
0.72%
Published
2009-03-05
Updated
2018-10-03
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.
Max CVSS
9.0
EPSS Score
2.12%
Published
2009-03-27
Updated
2017-09-29
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.
Max CVSS
7.5
EPSS Score
0.74%
Published
2009-03-16
Updated
2017-08-08
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
Max CVSS
4.3
EPSS Score
0.36%
Published
2009-03-14
Updated
2018-11-08
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.
Max CVSS
1.9
EPSS Score
0.04%
Published
2009-03-31
Updated
2017-08-17
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
Max CVSS
5.0
EPSS Score
3.14%
Published
2009-03-30
Updated
2017-09-29
index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote attackers to obtain sensitive information via an invalid File parameter, which reveals the installation path in an error message.
Max CVSS
7.8
EPSS Score
0.30%
Published
2009-03-25
Updated
2018-10-11
Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php.
Max CVSS
5.0
EPSS Score
2.30%
Published
2009-03-06
Updated
2017-09-29
Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb.
Max CVSS
5.0
EPSS Score
0.99%
Published
2009-03-02
Updated
2017-09-29
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!