CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-2651 399 DoS 2009-07-30 2009-08-06
5.0
None Remote Low Not required None None Partial
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
2 CVE-2009-2650 119 1 DoS Exec Code Overflow 2009-07-30 2009-08-27
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.
3 CVE-2009-2649 264 DoS 2009-07-30 2009-08-12
4.7
None Local Medium Not required None None Complete
The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value.
4 CVE-2009-2648 264 1 +Info 2009-07-30 2009-07-31
5.0
None Remote Low Not required Partial None None
FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function.
5 CVE-2009-2647 2009-07-30 2009-07-31
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script."
6 CVE-2009-2646 DoS Exec Code Mem. Corr. 2009-07-30 2009-08-06
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.
7 CVE-2009-2644 362 DoS 2009-07-29 2010-08-21
4.9
None Local Low Not required None None Complete
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."
8 CVE-2009-2643 DoS Exec Code Mem. Corr. 2009-07-28 2009-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.
9 CVE-2009-2642 287 1 Bypass 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
10 CVE-2009-2641 94 1 Exec Code File Inclusion 2009-07-28 2009-07-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
11 CVE-2009-2640 89 1 Exec Code Sql 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action.
12 CVE-2009-2639 89 1 Exec Code Sql 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
13 CVE-2009-2638 89 1 Exec Code Sql 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
14 CVE-2009-2637 94 1 Exec Code File Inclusion 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
15 CVE-2009-2636 79 XSS 2009-07-28 2009-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
16 CVE-2009-2635 94 1 Exec Code File Inclusion 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
17 CVE-2009-2634 94 1 Exec Code File Inclusion 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
18 CVE-2009-2633 94 1 Exec Code File Inclusion 2009-07-28 2009-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
19 CVE-2009-2622 20 DoS 2009-07-28 2009-08-12
5.0
None Remote Low Not required None None Partial
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
20 CVE-2009-2621 119 DoS Overflow 2009-07-28 2009-08-12
5.0
None Remote Low Not required None None Partial
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
21 CVE-2009-2620 20 1 DoS 2009-07-29 2009-09-04
5.0
None Remote Low Not required None None Partial
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.
22 CVE-2009-2619 89 Exec Code Sql 2009-07-27 2009-07-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
23 CVE-2009-2618 89 1 Exec Code Sql 2009-07-27 2009-07-27
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.
24 CVE-2009-2617 119 Exec Code Overflow 2009-07-27 2009-07-27
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.
25 CVE-2009-2616 89 Exec Code Sql 2009-07-27 2009-07-27
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
26 CVE-2009-2615 79 XSS 2009-07-27 2009-07-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions SitePal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_admin_login.asp, (2) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
27 CVE-2009-2614 89 Exec Code Sql 2009-07-27 2009-07-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
28 CVE-2009-2613 79 XSS 2009-07-27 2009-07-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions LinkPal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_loginfailed.asp, (2) z_admin_login.asp, (3) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
29 CVE-2009-2612 89 Exec Code Sql 2009-07-27 2009-07-27
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
30 CVE-2009-2611 22 1 Dir. Trav. 2009-07-27 2009-07-27
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter.
31 CVE-2009-2610 79 XSS 2009-07-27 2009-07-27
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.
32 CVE-2009-2609 89 1 Exec Code Sql 2009-07-27 2009-07-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
33 CVE-2009-2608 89 2 Exec Code Sql 2009-07-27 2012-09-12
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
34 CVE-2009-2607 89 1 Exec Code Sql 2009-07-27 2009-07-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
35 CVE-2009-2606 264 1 2009-07-27 2009-07-27
5.0
None Remote Low Not required Partial None None
ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb.
36 CVE-2009-2605 89 1 Exec Code Sql 2009-07-27 2009-07-27
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
37 CVE-2009-2604 89 1 Exec Code Sql 2009-07-27 2009-07-27
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
38 CVE-2009-2603 89 1 Exec Code Sql 2009-07-27 2009-07-27
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.
39 CVE-2009-2602 264 1 2009-07-27 2009-07-27
5.0
None Remote Low Not required Partial None None
R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.
40 CVE-2009-2601 89 1 Exec Code Sql 2009-07-27 2009-07-27
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.
41 CVE-2009-2600 22 1 Dir. Trav. 2009-07-27 2009-07-27
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
42 CVE-2009-2599 89 1 Exec Code Sql 2009-07-27 2009-07-27
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.
43 CVE-2009-2598 89 1 Exec Code Sql 2009-07-27 2009-07-27
6.5
User Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
44 CVE-2009-2597 DoS 2009-07-27 2009-07-27
7.8
None Remote Low Not required None None Complete
The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request.
45 CVE-2009-2596 DoS 2009-07-27 2009-07-27
4.7
None Local Medium Not required None None Complete
Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members.
46 CVE-2009-2595 79 XSS 2009-07-24 2009-08-26
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action.
47 CVE-2009-2594 79 1 XSS 2009-07-24 2009-07-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action.
48 CVE-2009-2593 89 1 Exec Code Sql 2009-07-24 2009-07-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.
49 CVE-2009-2592 89 1 Exec Code Sql 2009-07-24 2009-07-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter.
50 CVE-2009-2591 89 1 Exec Code Sql 2009-07-24 2009-07-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php.
Total number of vulnerabilities : 446   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.