CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2009-0301 2009-01-27 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods.
52 CVE-2009-0299 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
53 CVE-2009-0298 119 Exec Code Overflow 2009-01-27 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property.
54 CVE-2009-0297 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
55 CVE-2009-0296 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
56 CVE-2009-0295 89 Exec Code Sql 2009-01-27 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
57 CVE-2009-0294 94 Exec Code File Inclusion 2009-01-27 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288.
58 CVE-2009-0293 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
59 CVE-2009-0292 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.
60 CVE-2009-0291 22 Dir. Trav. 2009-01-27 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
61 CVE-2009-0290 22 Exec Code Dir. Trav. 2009-01-27 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
62 CVE-2009-0289 20 DoS 2009-01-27 2018-10-11
5.0
None Remote Low Not required None None Partial
k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request.
63 CVE-2009-0288 22 Dir. Trav. 2009-01-27 2018-10-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request.
64 CVE-2009-0287 89 Exec Code Sql 2009-01-27 2009-02-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.
65 CVE-2009-0286 22 Dir. Trav. 2009-01-27 2017-09-29
2.6
None Remote High Not required Partial None None
Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.
66 CVE-2009-0285 79 XSS 2009-01-27 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.
67 CVE-2009-0284 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
68 CVE-2009-0283 79 XSS 2009-01-27 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.
69 CVE-2009-0282 189 DoS Exec Code Overflow 2009-01-27 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.
70 CVE-2009-0281 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
71 CVE-2009-0280 287 Bypass 2009-01-27 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.
72 CVE-2009-0279 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
73 CVE-2009-0278 200 +Info 2009-01-27 2017-08-08
5.0
None Remote Low Not required Partial None None
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.
74 CVE-2009-0277 DoS 2009-01-27 2017-08-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors.
75 CVE-2009-0275 94 2009-01-26 2009-01-26
6.5
None Remote Low ??? Partial Partial Partial
Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
76 CVE-2009-0271 22 Dir. Trav. 2009-01-26 2011-03-08
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the TFTP service in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
77 CVE-2009-0270 119 Exec Code Overflow 2009-01-26 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.
78 CVE-2009-0269 399 DoS Mem. Corr. 2009-01-26 2018-10-11
4.9
None Local Low Not required None None Complete
fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.
79 CVE-2009-0268 362 DoS 2009-01-26 2017-09-29
4.9
None Local Low Not required None None Complete
Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.
80 CVE-2009-0267 20 DoS 2009-01-26 2017-09-29
5.0
None Remote Low Not required None None Partial
libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989.
81 CVE-2009-0266 119 Exec Code Overflow 2009-01-26 2009-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
82 CVE-2009-0265 287 Bypass 2009-01-26 2018-10-30
5.0
None Remote Low Not required Partial None None
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
83 CVE-2009-0264 119 Overflow 2009-01-26 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors.
84 CVE-2009-0263 119 DoS Exec Code Overflow 2009-01-23 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
85 CVE-2009-0262 119 Exec Code Overflow 2009-01-23 2017-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
86 CVE-2009-0261 119 Exec Code Overflow 2009-01-23 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\DefaultSkin\DefaultSkin.ini file with a large ColumnHeaderSpan value.
87 CVE-2009-0260 79 XSS 2009-01-23 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
88 CVE-2009-0259 399 DoS Exec Code Mem. Corr. 2009-01-22 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
89 CVE-2009-0258 20 Exec Code 2009-01-22 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
90 CVE-2009-0257 79 XSS 2009-01-22 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.
91 CVE-2009-0256 287 2009-01-22 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
92 CVE-2009-0255 310 2009-01-22 2017-08-08
5.0
None Remote Low Not required Partial None None
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
93 CVE-2009-0254 119 Exec Code Overflow 2009-01-22 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Flexible Image Transport System (FITS) file. NOTE: some of these details are obtained from third party information.
94 CVE-2009-0253 2009-01-22 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.
95 CVE-2009-0252 89 Exec Code Sql 2009-01-22 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.
96 CVE-2009-0251 94 2009-01-22 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information.
97 CVE-2009-0250 264 2009-01-22 2017-09-29
5.0
None Remote Low Not required Partial None None
Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password.
98 CVE-2009-0249 264 2009-01-22 2017-09-29
5.0
None Remote Low Not required Partial None None
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.
99 CVE-2009-0248 79 XSS 2009-01-22 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.
100 CVE-2009-0247 79 XSS 2009-01-22 2018-10-11
4.3
None Remote Medium Not required None Partial None
The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable.
Total number of vulnerabilities : 467   Page : 1 2 (This Page)3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.