CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2008-6009 287 Bypass 2009-01-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1.
202 CVE-2008-6008 264 2009-01-30 2018-10-11
5.0
None Remote Low Not required Partial None None
hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb.
203 CVE-2008-6007 89 Exec Code Sql 2009-01-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_group.php in QuidaScript BookMarks Favourites Script (APB) allows remote attackers to execute arbitrary SQL commands via the id parameter.
204 CVE-2008-6006 94 Exec Code File Inclusion 2009-01-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/.
205 CVE-2008-6005 119 Exec Code Overflow 2009-01-28 2009-02-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via "duplicated" attribute value inputs.
206 CVE-2008-6004 79 XSS 2009-01-28 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
207 CVE-2008-6003 89 Exec Code Sql 2009-01-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.
208 CVE-2008-6002 22 Dir. Trav. 2009-01-28 2017-09-29
7.1
None Remote Medium Not required Complete None None
Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter.
209 CVE-2008-6001 264 Bypass 2009-01-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string.
210 CVE-2008-6000 399 DoS +Priv 2009-01-28 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents.
211 CVE-2008-5999 79 XSS 2009-01-28 2017-08-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.
212 CVE-2008-5998 89 Exec Code Sql 2009-01-28 2018-10-11
6.0
None Remote Medium ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.
213 CVE-2008-5997 22 1 Dir. Trav. 2009-01-28 2017-08-08
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter.
214 CVE-2008-5996 79 XSS 2009-01-28 2017-08-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.
215 CVE-2008-5995 79 XSS 2009-01-28 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
216 CVE-2008-5994 79 XSS 2009-01-28 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
217 CVE-2008-5993 22 Exec Code Dir. Trav. 2009-01-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter.
218 CVE-2008-5992 89 Exec Code Sql 2009-01-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php.
219 CVE-2008-5991 22 Dir. Trav. 2009-01-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter.
220 CVE-2008-5990 22 Exec Code Dir. Trav. 2009-01-28 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in connect/init.inc in emergecolab 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sitecode parameter to connect/index.php.
221 CVE-2008-5989 22 Dir. Trav. 2009-01-28 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
222 CVE-2008-5988 89 Exec Code Sql 2009-01-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter.
223 CVE-2008-5987 Exec Code 2009-01-28 2009-04-16
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
224 CVE-2008-5986 Exec Code 2009-01-28 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
225 CVE-2008-5985 Exec Code 2009-01-28 2009-03-19
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
226 CVE-2008-5984 Exec Code 2009-01-28 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
227 CVE-2008-5983 Exec Code 2009-01-28 2013-05-15
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
228 CVE-2008-5982 134 Exec Code 2009-01-27 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.
229 CVE-2008-5981 264 2009-01-27 2017-09-29
5.0
None Remote Low Not required Partial None None
PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb.
230 CVE-2008-5980 264 2009-01-27 2017-09-29
5.0
None Remote Low Not required Partial None None
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
231 CVE-2008-5979 79 XSS 2009-01-27 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.
232 CVE-2008-5978 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
233 CVE-2008-5977 89 Exec Code Sql 2009-01-27 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action.
234 CVE-2008-5976 79 XSS 2009-01-27 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field.
235 CVE-2008-5975 89 Exec Code Sql 2009-01-27 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
236 CVE-2008-5974 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
237 CVE-2008-5973 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
238 CVE-2008-5972 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
239 CVE-2008-5971 79 XSS 2009-01-27 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.
240 CVE-2008-5970 89 Exec Code Sql 2009-01-27 2017-08-08
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
241 CVE-2008-5969 89 Exec Code Sql 2009-01-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter.
242 CVE-2008-5968 22 Dir. Trav. 2009-01-26 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.
243 CVE-2008-5967 287 2009-01-26 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
244 CVE-2008-5966 20 2009-01-26 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.
245 CVE-2008-5965 22 Dir. Trav. 2009-01-26 2017-09-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter.
246 CVE-2008-5964 287 2009-01-23 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
247 CVE-2008-5963 20 Exec Code 2009-01-23 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.
248 CVE-2008-5962 22 Dir. Trav. 2009-01-23 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname parameter.
249 CVE-2008-5961 79 XSS 2009-01-23 2012-10-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
250 CVE-2008-5960 89 Exec Code Sql 2009-01-23 2012-10-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Total number of vulnerabilities : 467   Page : 1 2 3 4 5 (This Page)6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.