CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-1593 59 DoS 2009-01-15 2020-01-10
7.6
None Remote High Not required Complete Complete Complete
Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.
2 CVE-2003-1566 16 +Info 2009-01-15 2017-08-08
5.0
None Remote Low Not required None Partial None
Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.
3 CVE-2003-1567 200 Bypass +Info 2009-01-15 2009-01-16
5.8
None Remote Medium Not required Partial Partial None
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
4 CVE-2004-2761 310 2009-01-05 2018-10-19
5.0
None Remote Low Not required None Partial None
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
5 CVE-2006-7236 16 Exec Code 2009-01-02 2018-10-03
9.3
None Remote Medium Not required Complete Complete Complete
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
6 CVE-2007-2795 119 Exec Code Overflow 2009-01-27 2009-01-28
9.0
None Remote Low ??? Complete Complete Complete
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
7 CVE-2007-6720 DoS 2009-01-20 2016-10-04
4.3
None Remote Medium Not required None None Partial
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.
8 CVE-2008-0067 119 Exec Code Overflow 2009-01-08 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.
9 CVE-2008-2367 264 2009-01-20 2017-08-08
2.1
None Local Low Not required Partial None None
Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.
10 CVE-2008-2368 255 2009-01-20 2017-08-08
2.1
None Local Low Not required Partial None None
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.
11 CVE-2008-2381 89 Exec Code Sql 2009-01-02 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.
12 CVE-2008-2383 94 Exec Code 2009-01-02 2018-10-03
9.3
None Remote Medium Not required Complete Complete Complete
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
13 CVE-2008-2384 89 Exec Code Sql 2009-01-22 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
14 CVE-2008-2623 2009-01-14 2012-10-23
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.
15 CVE-2008-3358 79 XSS 2009-01-28 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.
16 CVE-2008-3818 20 DoS 2009-01-16 2017-08-08
7.8
None Remote Low Not required None None Complete
Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session.
17 CVE-2008-3819 DoS 2009-01-08 2017-08-08
5.0
None Remote Low Not required None None Partial
dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093.
18 CVE-2008-3820 2009-01-22 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.
19 CVE-2008-3821 79 XSS 2009-01-16 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
20 CVE-2008-3864 20 DoS 2009-01-21 2018-10-11
5.0
None Remote Low Not required None None Partial
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
21 CVE-2008-3865 119 Exec Code Overflow 2009-01-21 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
22 CVE-2008-3866 287 Bypass 2009-01-21 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
23 CVE-2008-3973 2009-01-14 2012-10-23
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.
24 CVE-2008-3974 2009-01-14 2012-10-23
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.0.2.8 and 9.2.0.8DV allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.
25 CVE-2008-3978 2009-01-14 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
26 CVE-2008-3979 +Priv Sql 2009-01-14 2018-10-11
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.
27 CVE-2008-3981 2009-01-14 2013-01-03
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.
28 CVE-2008-3997 2009-01-14 2012-10-23
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO.
29 CVE-2008-3999 2009-01-14 2012-10-23
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.
30 CVE-2008-4006 2009-01-14 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
31 CVE-2008-4007 2009-01-14 2012-10-23
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
32 CVE-2008-4014 2009-01-14 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
33 CVE-2008-4015 2009-01-14 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_STREAMS_AUTH.
34 CVE-2008-4016 2009-01-14 2012-10-23
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.
35 CVE-2008-4017 2009-01-14 2012-10-23
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors.
36 CVE-2008-4307 362 DoS 2009-01-13 2018-10-11
4.0
None Local High Not required None None Complete
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.
37 CVE-2008-4388 20 Exec Code 2009-01-20 2009-05-18
9.3
None Remote Medium Not required Complete Complete Complete
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.
38 CVE-2008-4444 20 DoS Exec Code 2009-01-16 2018-10-11
7.1
None Remote Medium Not required None None Complete
Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers.
39 CVE-2008-4770 20 Exec Code 2009-01-16 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
40 CVE-2008-4827 119 Exec Code Overflow 2009-01-08 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.
41 CVE-2008-4834 119 Exec Code Overflow 2009-01-14 2019-02-26
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
42 CVE-2008-4835 94 Exec Code 2009-01-14 2019-02-26
10.0
None Remote Low Not required Complete Complete Complete
SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
43 CVE-2008-5077 20 Bypass 2009-01-07 2018-10-11
5.8
None Remote Medium Not required None Partial Partial
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
44 CVE-2008-5082 287 Bypass 2009-01-30 2017-08-08
6.0
None Remote Medium ??? Partial Partial Partial
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.
45 CVE-2008-5260 119 Exec Code Overflow 2009-01-26 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value.
46 CVE-2008-5262 119 Exec Code Overflow 2009-01-13 2009-03-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file.
47 CVE-2008-5436 2009-01-14 2012-10-23
5.5
None Remote Low ??? None Partial Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors.
48 CVE-2008-5437 2009-01-14 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB.
49 CVE-2008-5438 2009-01-14 2021-07-13
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.
50 CVE-2008-5439 2009-01-14 2012-10-23
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors.
Total number of vulnerabilities : 467   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.