CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2009 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-0373 89 Exec Code Sql 2009-01-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
2 CVE-2009-0370 2009-01-30 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."
3 CVE-2009-0351 119 Exec Code Overflow 2009-01-29 2017-09-29
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remote authenticated users to execute arbitrary code via a long LIST argument beginning with an * (asterisk) character.
4 CVE-2009-0350 119 Exec Code Overflow 2009-01-29 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Merak Media Player 3.2 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file, related to the status bar icon's tooltip. NOTE: some of these details are obtained from third party information.
5 CVE-2009-0349 119 DoS Exec Code Overflow 2009-01-29 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file.
6 CVE-2009-0345 264 Exec Code 2009-01-29 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717.
7 CVE-2009-0344 264 Exec Code 2009-01-29 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717.
8 CVE-2009-0343 264 Bypass 2009-01-29 2018-10-11
7.2
None Local Low Not required Complete Complete Complete
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.
9 CVE-2009-0342 264 Bypass 2009-01-29 2018-10-11
7.2
None Local Low Not required Complete Complete Complete
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
10 CVE-2009-0341 119 Exec Code Overflow 2009-01-29 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
11 CVE-2009-0339 89 Exec Code Sql 2009-01-29 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
12 CVE-2009-0337 89 Exec Code Sql 2009-01-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13 CVE-2009-0334 89 Exec Code Sql 2009-01-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
14 CVE-2009-0333 89 Exec Code Sql 2009-01-29 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
15 CVE-2009-0332 89 Exec Code Sql 2009-01-29 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components.
16 CVE-2009-0331 22 Dir. Trav. 2009-01-29 2017-09-29
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG.
17 CVE-2009-0329 89 Exec Code Sql 2009-01-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
18 CVE-2009-0327 89 Exec Code Sql 2009-01-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter.
19 CVE-2009-0326 89 Exec Code Sql 2009-01-29 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
20 CVE-2009-0324 89 Exec Code Sql 2009-01-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php.
21 CVE-2009-0323 119 Exec Code Overflow 2009-01-28 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.
22 CVE-2009-0311 20 Exec Code 2009-01-27 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer.
23 CVE-2009-0304 DoS 2009-01-27 2017-09-29
7.8
None Remote Low Not required None None Complete
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
24 CVE-2009-0299 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
25 CVE-2009-0298 119 Exec Code Overflow 2009-01-27 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property.
26 CVE-2009-0297 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
27 CVE-2009-0296 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
28 CVE-2009-0293 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
29 CVE-2009-0292 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.
30 CVE-2009-0291 22 Dir. Trav. 2009-01-27 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
31 CVE-2009-0287 89 Exec Code Sql 2009-01-27 2009-02-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.
32 CVE-2009-0284 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
33 CVE-2009-0282 189 DoS Exec Code Overflow 2009-01-27 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.
34 CVE-2009-0281 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
35 CVE-2009-0280 287 Bypass 2009-01-27 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.
36 CVE-2009-0279 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
37 CVE-2009-0277 DoS 2009-01-27 2017-08-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors.
38 CVE-2009-0270 119 Exec Code Overflow 2009-01-26 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.
39 CVE-2009-0266 119 Exec Code Overflow 2009-01-26 2009-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
40 CVE-2009-0264 119 Overflow 2009-01-26 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors.
41 CVE-2009-0263 119 DoS Exec Code Overflow 2009-01-23 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
42 CVE-2009-0262 119 Exec Code Overflow 2009-01-23 2017-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
43 CVE-2009-0261 119 Exec Code Overflow 2009-01-23 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\DefaultSkin\DefaultSkin.ini file with a large ColumnHeaderSpan value.
44 CVE-2009-0259 399 DoS Exec Code Mem. Corr. 2009-01-22 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
45 CVE-2009-0258 20 Exec Code 2009-01-22 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
46 CVE-2009-0256 287 2009-01-22 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
47 CVE-2009-0254 119 Exec Code Overflow 2009-01-22 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Flexible Image Transport System (FITS) file. NOTE: some of these details are obtained from third party information.
48 CVE-2009-0252 89 Exec Code Sql 2009-01-22 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.
49 CVE-2009-0246 119 Exec Code Overflow 2009-01-22 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file.
50 CVE-2009-0244 22 Exec Code Dir. Trav. 2009-01-21 2018-10-11
8.5
None Remote Medium ??? Complete Complete Complete
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Total number of vulnerabilities : 217   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.