CVE List - 2009 / February
Showing 1 - 100 of 685 CVEs for February 2009 (Page 1 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2009-0378 | 2009-02-02 | Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a... |
| CVE-2009-0379 | 2009-02-02 | SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to... |
| CVE-2009-0380 | 2009-02-02 | SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid... |
| CVE-2009-0381 | 2009-02-02 | SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action... |
| CVE-2009-0383 | 2009-02-02 | delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request. |
| CVE-2009-0384 | 2009-02-02 | SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-0385 | 2009-02-02 | Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large... |
| CVE-2009-0386 | 2009-02-02 | Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time... |
| CVE-2009-0387 | 2009-02-02 | Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and... |
| CVE-2009-0382 | 2009-02-02 | Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via... |
| CVE-2008-6017 | 2009-02-02 | SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter. |
| CVE-2008-6018 | 2009-02-02 | Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. |
| CVE-2008-6019 | 2009-02-02 | SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the... |
| CVE-2008-6020 | 2009-02-02 | SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK... |
| CVE-2008-6021 | 2009-02-02 | Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd party analysis." |
| CVE-2008-6022 | 2009-02-02 | PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path... |
| CVE-2008-6023 | 2009-02-02 | PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path... |
| CVE-2008-6024 | 2009-02-02 | Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and OpenSolaris before snv_37, when automountd is used, allows user-assisted remote attackers to cause a denial... |
| CVE-2009-0389 | 2009-02-02 | Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method,... |
| CVE-2008-4990 | 2009-02-02 | Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file. |
| CVE-2009-0272 | 2009-02-02 | Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration... |
| CVE-2009-0273 | 2009-02-02 | Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1)... |
| CVE-2009-0390 | 2009-02-02 | Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments... |
| CVE-2009-0391 | 2009-02-02 | Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. |
| CVE-2009-0392 | 2009-02-03 | Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter. |
| CVE-2009-0393 | 2009-02-03 | Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter. |
| CVE-2009-0394 | 2009-02-03 | SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter. |
| CVE-2009-0395 | 2009-02-03 | SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
| CVE-2009-0396 | 2009-02-03 | The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed... |
| CVE-2008-6025 | 2009-02-03 | Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter. |
| CVE-2008-6026 | 2009-02-03 | SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-6027 | 2009-02-03 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in BLUEPAGE CMS 2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) whl, (2) var_1, and... |
| CVE-2008-6028 | 2009-02-03 | SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject... |
| CVE-2008-6029 | 2009-02-03 | SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter. |
| CVE-2008-6030 | 2009-02-03 | Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to index.php in the search module or (2)... |
| CVE-2008-6031 | 2009-02-03 | SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34... |
| CVE-2008-6032 | 2009-02-03 | SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-6033 | 2009-02-03 | SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-6034 | 2009-02-03 | Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is... |
| CVE-2008-6035 | 2009-02-03 | Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter. |
| CVE-2008-6036 | 2009-02-03 | PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter. |
| CVE-2008-6037 | 2009-02-03 | SQL injection vulnerability in view.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the v parameter. |
| CVE-2008-6038 | 2009-02-03 | SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dsp_editevent.php. |
| CVE-2008-6039 | 2009-02-03 | Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
| CVE-2008-6040 | 2009-02-03 | SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php. |
| CVE-2008-6042 | 2009-02-03 | SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php. |
| CVE-2008-6043 | 2009-02-03 | Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified... |
| CVE-2008-6044 | 2009-02-03 | Cross-site scripting (XSS) vulnerability in advanced_search_result.php in xt:Commerce 3.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. |
| CVE-2008-6045 | 2009-02-03 | Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter. |
| CVE-2009-0397 | 2009-02-03 | Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute... |
| CVE-2009-0398 | 2009-02-03 | Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file. |
| CVE-2008-6041 | 2009-02-03 | Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (4)... |
| CVE-2008-4914 | 2009-02-03 | Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed... |
| CVE-2009-0183 | 2009-02-03 | Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization... |
| CVE-2009-0184 | 2009-02-03 | Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a... |
| CVE-2009-0399 | 2009-02-03 | Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation... |
| CVE-2009-0400 | 2009-02-03 | SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter. |
| CVE-2009-0401 | 2009-02-03 | SQL injection vulnerability in browsecats.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| CVE-2009-0402 | 2009-02-03 | SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company,... |
| CVE-2009-0403 | 2009-02-03 | SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
| CVE-2009-0404 | 2009-02-03 | Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics htmLawed 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) expressions in the... |
| CVE-2009-0405 | 2009-02-03 | SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter. |
| CVE-2009-0406 | 2009-02-03 | SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-0407 | 2009-02-03 | SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2009-0408 | 2009-02-03 | Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators. |
| CVE-2009-0409 | 2009-02-03 | SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2009-0410 | 2009-02-03 | Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via... |
| CVE-2009-0411 | 2009-02-03 | Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information... |
| CVE-2009-0274 | 2009-02-03 | Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion... |
| CVE-2009-0276 | 2009-02-03 | Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and... |
| CVE-2009-0412 | 2009-02-03 | The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a... |
| CVE-2009-0413 | 2009-02-03 | Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message. |
| CVE-2009-0414 | 2009-02-03 | Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption. |
| CVE-2009-0416 | 2009-02-03 | The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1)... |
| CVE-2009-0415 | 2009-02-03 | Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD... |
| CVE-2008-6048 | 2009-02-04 | Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators. |
| CVE-2008-6050 | 2009-02-04 | SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php. |
| CVE-2008-6051 | 2009-02-04 | MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request. |
| CVE-2008-6052 | 2009-02-04 | PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. |
| CVE-2008-6053 | 2009-02-04 | PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. |
| CVE-2008-6054 | 2009-02-04 | PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. |
| CVE-2008-6056 | 2009-02-04 | Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to emailrecipe.aspx, (2) id parameter to... |
| CVE-2008-6057 | 2009-02-04 | Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. |
| CVE-2008-6046 | 2009-02-04 | SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) opt_in_out.php.inc, (2) confirmation.php.inc, and (3) renewal.php.inc in mailinglist/. |
| CVE-2008-6047 | 2009-02-04 | Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) subscribing and (2) unsubscribing. |
| CVE-2008-6055 | 2009-02-04 | PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. |
| CVE-2009-0352 | 2009-02-04 | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash)... |
| CVE-2009-0353 | 2009-02-04 | Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or... |
| CVE-2009-0354 | 2009-02-04 | Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site... |
| CVE-2009-0355 | 2009-02-04 | components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client... |
| CVE-2009-0356 | 2009-02-04 | Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same... |
| CVE-2009-0357 | 2009-02-04 | Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers... |
| CVE-2009-0358 | 2009-02-04 | Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back... |
| CVE-2009-0388 | 2009-02-04 | Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or... |
| CVE-2009-0418 | 2009-02-04 | The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a... |
| CVE-2009-0419 | 2009-02-04 | Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP... |
| CVE-2008-4419 | 2009-02-05 | Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9;... |
| CVE-2008-6059 | 2009-02-05 | xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to... |
| CVE-2009-0058 | 2009-02-05 | The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2... |
| CVE-2009-0059 | 2009-02-05 | The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0... |