CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-3812 119 2 Exec Code Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.
2 CVE-2009-3535 22 2 Dir. Trav. File Inclusion 2009-10-02 2017-09-19
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.
3 CVE-2009-3531 89 2 Exec Code Sql 2009-10-02 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
4 CVE-2009-3825 22 1 Dir. Trav. 2009-10-28 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php.
5 CVE-2009-3824 22 1 Dir. Trav. 2009-10-28 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter.
6 CVE-2009-3823 22 1 Dir. Trav. 2009-10-28 2017-09-19
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter.
7 CVE-2009-3811 119 1 Exec Code Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information.
8 CVE-2009-3810 119 1 DoS Exec Code Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
9 CVE-2009-3809 119 1 DoS Overflow 2009-10-27 2017-09-19
4.3
None Remote Medium Not required None None Partial
Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file.
10 CVE-2009-3808 1 DoS Exec Code 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file.
11 CVE-2009-3807 119 1 DoS Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file.
12 CVE-2009-3805 1 DoS 2009-10-27 2017-08-17
4.3
None Remote Medium Not required None None Partial
gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.
13 CVE-2009-3803 79 1 XSS 2009-10-27 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message parameter to (6) forum.php, (7) discussion.php, (8) guestbook.php, (9) blog.php, (10) news.php, (11) srv_updates.php, (12) srv_backups.php, (13) srv_twist_prevention.php, (14) srv_tags.php, (15) srv_tags_reindex.php, (16) google_sitemap.php, (17) sitemap_history.php, (18) srv_options.php, (19) locales.php and (20) plugins_wizard.php in _admin/; a crafted IMG BBcode tag in the message body of a (21) forum, (22) guestbook, or (23) comment; (24) the content of an avatar file, which is not properly handled by Internet Explorer; and (25) the loginname parameter (aka username) in _admin/index.php.
14 CVE-2009-3802 20 1 +Info 2009-10-27 2017-08-17
5.0
None Remote Low Not required Partial None None
Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message.
15 CVE-2009-3760 94 1 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information.
16 CVE-2009-3759 352 1 CSRF 2009-10-22 2017-09-19
6.0
None Remote Medium ??? Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.
17 CVE-2009-3758 89 1 Exec Code Sql 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
18 CVE-2009-3757 79 1 XSS 2009-10-22 2017-09-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information.
19 CVE-2009-3756 200 1 +Info 2009-10-22 2017-09-19
5.0
None Remote Low Not required Partial None None
phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message.
20 CVE-2009-3755 79 1 XSS 2009-10-22 2017-09-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) tabledefs_options.php, and (5) adminsettings.php in phpbms\modules\base\.
21 CVE-2009-3754 89 1 Exec Code Sql 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php.
22 CVE-2009-3753 20 1 Exec Code 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php.
23 CVE-2009-3752 89 1 Exec Code Sql 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.
24 CVE-2009-3751 79 1 XSS 2009-10-22 2017-09-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter.
25 CVE-2009-3750 89 1 Exec Code Sql 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.
26 CVE-2009-3747 79 1 XSS 2009-10-22 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. NOTE: this was originally reported for tbmnet.php, but that program does not exist in the TBmnetCMS 1.0 distribution.
27 CVE-2009-3719 79 1 XSS 2009-10-16 2017-09-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment.
28 CVE-2009-3718 89 1 Exec Code Sql 2009-10-16 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter.
29 CVE-2009-3717 119 1 DoS Exec Code Overflow 2009-10-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file.
30 CVE-2009-3716 264 1 Exec Code 2009-10-16 2017-09-19
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.
31 CVE-2009-3715 89 1 Exec Code Sql 2009-10-16 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
32 CVE-2009-3714 79 1 XSS 2009-10-16 2017-09-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter.
33 CVE-2009-3713 89 1 Exec Code Sql 2009-10-16 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.
34 CVE-2009-3712 89 1 Exec Code Sql 2009-10-16 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php; and the item_id parameter to (2) view_full_size.php, (3) classifide_ad.php, and (4) crosspromoteitems.php.
35 CVE-2009-3711 119 1 DoS Exec Code Overflow 2009-10-16 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
36 CVE-2009-3710 255 1 +Priv 2009-10-16 2009-10-19
10.0
None Remote Low Not required Complete Complete Complete
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.
37 CVE-2009-3709 119 1 Exec Code Overflow 2009-10-16 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.
38 CVE-2009-3705 94 1 Exec Code File Inclusion 2009-10-16 2021-04-07
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
39 CVE-2009-3704 1 DoS 2009-10-16 2017-08-17
5.0
None Remote Low Not required None None Partial
ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service (crash) via a SIP INVITE request with an empty Call-Info header.
40 CVE-2009-3670 119 1 Exec Code Overflow 2009-10-11 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.
41 CVE-2009-3669 89 1 Exec Code Sql 2009-10-11 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
42 CVE-2009-3668 79 1 XSS 2009-10-11 2009-10-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest 1.8 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
43 CVE-2009-3667 89 1 Exec Code Sql 2009-10-11 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username.
44 CVE-2009-3666 79 1 XSS 2009-10-11 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action.
45 CVE-2009-3665 89 1 Exec Code Sql 2009-10-11 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action.
46 CVE-2009-3664 22 1 Dir. Trav. 2009-10-11 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a .. (dot dot) in the (1) p and (2) s parameters.
47 CVE-2009-3663 134 1 DoS Exec Code 2009-10-11 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
48 CVE-2009-3661 89 1 Exec Code Sql 2009-10-11 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
49 CVE-2009-3660 94 1 Exec Code File Inclusion 2009-10-11 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
50 CVE-2009-3659 89 1 Exec Code Sql 2009-10-11 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Total number of vulnerabilities : 352   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.