CVE List - 2009 / March
Showing 1 - 100 of 553 CVEs for March 2009 (Page 1 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2008-6348 | 2009-03-02 | Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and... |
| CVE-2008-6349 | 2009-03-02 | SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-6350 | 2009-03-02 | SQL injection vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to execute arbitrary SQL commands via the r parameter. |
| CVE-2008-6351 | 2009-03-02 | Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to inject arbitrary web script or HTML via the r parameter. |
| CVE-2008-6352 | 2009-03-02 | SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter. |
| CVE-2008-6353 | 2009-03-02 | SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter. |
| CVE-2008-6354 | 2009-03-02 | The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a... |
| CVE-2008-6355 | 2009-03-02 | The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a... |
| CVE-2008-6356 | 2009-03-02 | evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct... |
| CVE-2008-6357 | 2009-03-02 | MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a... |
| CVE-2008-6358 | 2009-03-02 | SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-6359 | 2009-03-02 | Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters. |
| CVE-2008-6360 | 2009-03-02 | Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some... |
| CVE-2008-6361 | 2009-03-02 | Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter. |
| CVE-2008-6362 | 2009-03-02 | SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-6363 | 2009-03-02 | Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0.7 allows remote attackers to execute arbitrary code via a crafted .cct file. NOTE: some of these details are obtained from third... |
| CVE-2008-6364 | 2009-03-02 | SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password... |
| CVE-2008-6365 | 2009-03-02 | SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to... |
| CVE-2008-6366 | 2009-03-02 | SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related... |
| CVE-2008-6367 | 2009-03-02 | Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a... |
| CVE-2008-6368 | 2009-03-02 | SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter. |
| CVE-2008-6369 | 2009-03-02 | SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter. |
| CVE-2008-6370 | 2009-03-02 | Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter. |
| CVE-2008-6371 | 2009-03-02 | SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter). |
| CVE-2008-6372 | 2009-03-02 | SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of... |
| CVE-2008-6373 | 2009-03-02 | Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." |
| CVE-2008-6374 | 2009-03-02 | CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb. |
| CVE-2008-6375 | 2009-03-02 | JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. |
| CVE-2008-6376 | 2009-03-02 | SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter). |
| CVE-2008-6377 | 2009-03-02 | PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. |
| CVE-2008-6378 | 2009-03-02 | SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| CVE-2008-6379 | 2009-03-02 | SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| CVE-2008-6380 | 2009-03-02 | SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. |
| CVE-2008-6381 | 2009-03-02 | SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. |
| CVE-2008-6382 | 2009-03-02 | ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. |
| CVE-2008-6383 | 2009-03-02 | SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to... |
| CVE-2008-6384 | 2009-03-02 | Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. |
| CVE-2008-6385 | 2009-03-02 | Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. |
| CVE-2008-6386 | 2009-03-02 | Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2008-6387 | 2009-03-02 | Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to... |
| CVE-2008-6388 | 2009-03-02 | Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to... |
| CVE-2008-6389 | 2009-03-02 | SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of... |
| CVE-2008-6390 | 2009-03-02 | SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown;... |
| CVE-2008-6391 | 2009-03-02 | SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter). |
| CVE-2008-6392 | 2009-03-02 | SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-0749 | 2009-03-02 | Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that... |
| CVE-2009-0368 | 2009-03-02 | OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated... |
| CVE-2009-0750 | 2009-03-02 | SQL injection vulnerability in login.php in the smNews example script for txtSQL 2.2 Final allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2009-0751 | 2009-03-02 | Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers. |
| CVE-2009-0752 | 2009-03-03 | Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism. |
| CVE-2008-6393 | 2009-03-03 | PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in... |
| CVE-2009-0753 | 2009-03-03 | Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename. |
| CVE-2009-0754 | 2009-03-03 | PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting... |
| CVE-2009-0755 | 2009-03-03 | The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. |
| CVE-2009-0756 | 2009-03-03 | The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly... |
| CVE-2009-0757 | 2009-03-03 | Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions. |
| CVE-2009-0758 | 2009-03-03 | The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to... |
| CVE-2009-0759 | 2009-03-03 | Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message... |
| CVE-2009-0760 | 2009-03-03 | Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request... |
| CVE-2009-0761 | 2009-03-03 | Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter. |
| CVE-2009-0763 | 2009-03-03 | Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter. |
| CVE-2009-0765 | 2009-03-03 | Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter. |
| CVE-2009-0767 | 2009-03-03 | Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data. |
| CVE-2009-0768 | 2009-03-03 | SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action. |
| CVE-2009-0769 | 2009-03-03 | QIP 2005 build 8082 allows remote attackers to cause a denial of service (CPU consumption and application hang) via a crafted Rich Text Format (RTF) ICQ message, as demonstrated by... |
| CVE-2009-0770 | 2009-03-03 | dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a denial of service (crash) by signing a message with a key that has been revoked in DNS, which triggers an... |
| CVE-2009-0762 | 2009-03-03 | Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: the provenance of this information is... |
| CVE-2009-0764 | 2009-03-03 | Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the... |
| CVE-2009-0766 | 2009-03-03 | Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of... |
| CVE-2009-0780 | 2009-03-04 | The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing... |
| CVE-2009-0779 | 2009-03-04 | Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users to gain privileges via a long "input string." |
| CVE-2009-0801 | 2009-03-04 | Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and... |
| CVE-2009-0802 | 2009-03-04 | Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight,... |
| CVE-2009-0803 | 2009-03-04 | SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote... |
| CVE-2009-0804 | 2009-03-04 | Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight,... |
| CVE-2008-6394 | 2009-03-04 | SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter. |
| CVE-2008-6395 | 2009-03-04 | The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST... |
| CVE-2008-6396 | 2009-03-04 | Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are... |
| CVE-2008-6397 | 2009-03-04 | rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| CVE-2008-6398 | 2009-03-04 | sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files. |
| CVE-2009-0807 | 2009-03-04 | zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php. |
| CVE-2009-0808 | 2009-03-04 | Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-0810 | 2009-03-04 | SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter. |
| CVE-2009-0811 | 2009-03-04 | Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer... |
| CVE-2009-0812 | 2009-03-04 | Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex)... |
| CVE-2009-0805 | 2009-03-04 | Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. |
| CVE-2009-0806 | 2009-03-04 | Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors. |
| CVE-2009-0809 | 2009-03-04 | The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card... |
| CVE-2009-0037 | 2009-03-05 | The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to... |
| CVE-2009-0186 | 2009-03-05 | Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to... |
| CVE-2009-0365 | 2009-03-05 | nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets... |
| CVE-2009-0367 | 2009-03-05 | The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an... |
| CVE-2009-0578 | 2009-03-05 | GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary... |
| CVE-2009-0619 | 2009-03-05 | Unspecified vulnerability in the Session Border Controller (SBC) before 3.0(2) for Cisco 7600 series routers allows remote attackers to cause a denial of service (SBC card reload) via crafted packets... |
| CVE-2009-0771 | 2009-03-05 | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via... |
| CVE-2009-0772 | 2009-03-05 | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute... |
| CVE-2009-0773 | 2009-03-05 | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via... |
| CVE-2009-0774 | 2009-03-05 | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute... |
| CVE-2009-0775 | 2009-03-05 | Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked... |
| CVE-2009-0776 | 2009-03-05 | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a... |