CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2008-5959 89 Exec Code Sql 2009-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.
252 CVE-2008-5958 89 Exec Code Sql 2009-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
253 CVE-2008-5957 89 Exec Code Sql 2009-01-23 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php.
254 CVE-2008-5956 264 +Info 2009-01-23 2017-09-29
5.0
None Remote Low Not required Partial None None
Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.
255 CVE-2008-5955 89 Exec Code Sql 2009-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
256 CVE-2008-5954 89 Exec Code Sql 2009-01-23 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
257 CVE-2008-5953 22 Dir. Trav. 2009-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI.
258 CVE-2008-5952 89 Exec Code Sql 2009-01-23 2017-09-29
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.
259 CVE-2008-5951 264 2009-01-23 2017-09-29
5.0
None Remote Low Not required Partial None None
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.
260 CVE-2008-5950 89 Exec Code Sql 2009-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
261 CVE-2008-5949 94 Exec Code File Inclusion 2009-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
262 CVE-2008-5948 22 Dir. Trav. 2009-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter.
263 CVE-2008-5947 94 1 Exec Code File Inclusion 2009-01-22 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter.
264 CVE-2008-5946 89 Exec Code Sql 2009-01-22 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
265 CVE-2008-5945 287 Bypass 2009-01-22 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
266 CVE-2008-5944 79 XSS 2009-01-22 2017-08-08
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter.
267 CVE-2008-5943 22 Dir. Trav. 2009-01-22 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to (1) admin_modules.php and (2) modules.php.
268 CVE-2008-5942 79 XSS 2009-01-22 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939.
269 CVE-2008-5941 352 CSRF 2009-01-22 2009-01-22
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.
270 CVE-2008-5940 89 Exec Code Sql 2009-01-22 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information.
271 CVE-2008-5939 79 XSS 2009-01-22 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.
272 CVE-2008-5938 94 Exec Code File Inclusion 2009-01-22 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter.
273 CVE-2008-5937 20 DoS 2009-01-22 2017-09-29
7.8
None Remote Low Not required None None Complete
AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.
274 CVE-2008-5936 200 +Info 2009-01-22 2017-09-29
5.0
None Remote Low Not required Partial None None
front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.
275 CVE-2008-5935 264 +Info 2009-01-21 2018-10-11
5.0
None Remote Low Not required Partial None None
Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information.
276 CVE-2008-5934 89 Exec Code Sql 2009-01-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter.
277 CVE-2008-5933 79 XSS 2009-01-21 2017-09-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information.
278 CVE-2008-5932 264 +Info 2009-01-21 2017-09-29
5.0
None Remote Low Not required Partial None None
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information.
279 CVE-2008-5931 264 +Info 2009-01-21 2017-09-29
5.0
None Remote Low Not required Partial None None
The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information.
280 CVE-2008-5930 89 Exec Code Sql 2009-01-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter.
281 CVE-2008-5929 264 +Info 2009-01-21 2017-09-29
5.0
None Remote Low Not required Partial None None
VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information.
282 CVE-2008-5928 89 Exec Code Sql 2009-01-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
283 CVE-2008-5927 89 Exec Code Sql 2009-01-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.
284 CVE-2008-5926 89 Exec Code Sql 2009-01-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information.
285 CVE-2008-5925 264 1 2009-01-21 2009-01-23
5.0
None Remote Low Not required Partial None None
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb.
286 CVE-2008-5924 89 Exec Code Sql 2009-01-21 2009-02-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
287 CVE-2008-5923 89 1 Exec Code Sql 2009-01-21 2009-01-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.
288 CVE-2008-5922 94 Exec Code File Inclusion 2009-01-21 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.
289 CVE-2008-5921 89 Exec Code Sql 2009-01-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
290 CVE-2008-5920 94 Exec Code 2009-01-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
291 CVE-2008-5919 22 Dir. Trav. 2009-01-21 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.
292 CVE-2008-5918 79 XSS 2009-01-21 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
293 CVE-2008-5917 79 XSS 2009-01-21 2009-04-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
294 CVE-2008-5916 264 Exec Code 2009-01-21 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.
295 CVE-2008-5915 2009-01-20 2021-11-15
2.1
None Remote High ??? None Partial None
An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
296 CVE-2008-5914 2009-01-20 2009-01-23
2.1
None Remote High ??? None Partial None
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
297 CVE-2008-5913 2009-01-20 2017-09-29
4.9
None Remote Medium ??? Partial Partial None
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."
298 CVE-2008-5912 2009-01-20 2017-08-08
2.1
None Remote High ??? None Partial None
An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
299 CVE-2008-5911 119 DoS Exec Code Overflow 2009-01-20 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request.
300 CVE-2008-5910 2009-01-16 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in txzonemgr in Sun OpenSolaris has unknown impact and local attack vectors, related to a "Temporary file vulnerability," aka Bug ID 6653462.
Total number of vulnerabilities : 467   Page : 1 2 3 4 5 6 (This Page)7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.