CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2009 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-3832 20 2009-10-30 2018-10-30
5.8
None Remote Medium Not required None Partial Partial
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
2 CVE-2009-3831 94 DoS Exec Code Mem. Corr. 2009-10-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
3 CVE-2009-3830 20 2009-10-30 2018-10-10
5.0
None Remote Low Not required Partial None None
The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
4 CVE-2009-3829 189 DoS Exec Code Overflow 2009-10-30 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
5 CVE-2009-3828 287 Bypass 2009-10-30 2018-10-10
5.0
None Remote Low Not required Partial None None
The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors.
6 CVE-2009-3826 119 Overflow Bypass 2009-10-28 2018-10-10
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL.
7 CVE-2009-3825 22 1 Dir. Trav. 2009-10-28 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php.
8 CVE-2009-3824 22 1 Dir. Trav. 2009-10-28 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter.
9 CVE-2009-3822 94 Exec Code File Inclusion 2009-10-28 2009-10-28
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
10 CVE-2009-3820 89 Exec Code Sql 2009-10-28 2011-12-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
11 CVE-2009-3819 Exec Code 2009-10-28 2011-12-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.
12 CVE-2009-3818 2009-10-28 2009-10-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.
13 CVE-2009-3817 94 Exec Code File Inclusion 2009-10-28 2009-10-28
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14 CVE-2009-3815 200 +Info 2009-10-27 2009-10-28
5.0
None Remote Low Not required Partial None None
RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a call to the preg_match function.
15 CVE-2009-3814 94 Exec Code 2009-10-27 2009-10-28
6.5
None Remote Low ??? Partial Partial Partial
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters.
16 CVE-2009-3813 89 Exec Code Sql 2009-10-27 2009-10-28
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php.
17 CVE-2009-3812 119 2 Exec Code Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.
18 CVE-2009-3811 119 1 Exec Code Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information.
19 CVE-2009-3810 119 1 DoS Exec Code Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
20 CVE-2009-3808 1 DoS Exec Code 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file.
21 CVE-2009-3807 119 1 DoS Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file.
22 CVE-2009-3806 89 Exec Code Sql 2009-10-27 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.
23 CVE-2009-3804 89 Exec Code Sql 2009-10-27 2009-10-28
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter.
24 CVE-2009-3802 20 1 +Info 2009-10-27 2017-08-17
5.0
None Remote Low Not required Partial None None
Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message.
25 CVE-2009-3801 89 Exec Code Sql 2009-10-27 2009-10-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
26 CVE-2009-3790 119 DoS Exec Code Overflow 2009-10-26 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
27 CVE-2009-3788 89 Exec Code Sql 2009-10-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.
28 CVE-2009-3787 22 Dir. Trav. 2009-10-26 2018-10-10
5.0
None Remote Low Not required Partial None None
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
29 CVE-2009-3785 352 CSRF 2009-10-26 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.
30 CVE-2009-3784 352 2009-10-26 2009-10-27
6.8
None Remote Medium Not required Partial Partial Partial
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
31 CVE-2009-3781 264 2009-10-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.
32 CVE-2009-3778 89 Exec Code Sql 2009-10-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
33 CVE-2009-3766 310 2009-10-23 2019-11-07
6.8
None Remote Medium Not required Partial Partial Partial
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
34 CVE-2009-3765 310 2009-10-23 2009-10-29
6.8
None Remote Medium Not required Partial Partial Partial
mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
35 CVE-2009-3760 94 1 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information.
36 CVE-2009-3759 352 1 CSRF 2009-10-22 2017-09-19
6.0
None Remote Medium ??? Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.
37 CVE-2009-3758 89 1 Exec Code Sql 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
38 CVE-2009-3756 200 1 +Info 2009-10-22 2017-09-19
5.0
None Remote Low Not required Partial None None
phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message.
39 CVE-2009-3754 89 1 Exec Code Sql 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php.
40 CVE-2009-3753 20 1 Exec Code 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php.
41 CVE-2009-3752 89 1 Exec Code Sql 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.
42 CVE-2009-3750 89 1 Exec Code Sql 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.
43 CVE-2009-3749 DoS 2009-10-22 2018-10-10
5.0
None Remote Low Not required None None Partial
The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash) by sending a HTTP GET request to TCP port 8181 and closing the socket before the service can send a response.
44 CVE-2009-3744 DoS 2009-10-22 2018-10-10
5.0
None Remote Low Not required None None Partial
rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to TCP port 7144.
45 CVE-2009-3722 264 DoS 2009-10-30 2017-09-19
7.1
None Remote Medium Not required None None Complete
The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.
46 CVE-2009-3718 89 1 Exec Code Sql 2009-10-16 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter.
47 CVE-2009-3717 119 1 DoS Exec Code Overflow 2009-10-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file.
48 CVE-2009-3716 264 1 Exec Code 2009-10-16 2017-09-19
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.
49 CVE-2009-3715 89 1 Exec Code Sql 2009-10-16 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
50 CVE-2009-3713 89 1 Exec Code Sql 2009-10-16 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.
Total number of vulnerabilities : 241   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.