CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2009 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-1178 2009-03-31 2009-04-01
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."
2 CVE-2009-1177 119 Overflow 2009-03-31 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors.
3 CVE-2009-1176 119 Overflow 2009-03-31 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.
4 CVE-2009-1174 310 2009-03-31 2016-09-07
10.0
Admin Remote Low Not required Complete Complete Complete
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.
5 CVE-2009-1172 20 2009-03-31 2014-10-24
10.0
None Remote Low Not required Complete Complete Complete
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
6 CVE-2009-1170 Exec Code 2009-03-30 2017-08-16
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 allows local users, with privileges in a non-global zone, to execute arbitrary code in the global zone when a global-zone user is using mdb on a non-global zone process.
7 CVE-2009-1169 399 DoS Exec Code 2009-03-26 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
8 CVE-2009-1152 DoS 2009-03-26 2017-09-28
7.3
None Local Network Medium Not required None Complete Complete
Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly other versions, allows remote attackers to cause a denial of service (device restart and loss of configuration) by connecting to TCP port 53, then closing the connection.
9 CVE-2009-1151 94 2009-03-26 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
10 CVE-2009-1149 20 Http R.Spl. 2009-03-26 2009-04-16
7.5
None Remote Low Not required Partial Partial Partial
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
11 CVE-2009-1106 20 Bypass 2009-03-25 2018-10-10
6.4
None Remote Low Not required None Partial Partial
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
12 CVE-2009-1105 2009-03-25 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
13 CVE-2009-1103 Exec Code 2009-03-25 2018-10-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
14 CVE-2009-1102 94 Exec Code 2009-03-25 2018-10-10
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
15 CVE-2009-1099 189 Exec Code Overflow Bypass 2009-03-25 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.
16 CVE-2009-1098 119 Exec Code Overflow 2009-03-25 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
17 CVE-2009-1097 119 Exec Code Overflow Mem. Corr. 2009-03-25 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
18 CVE-2009-1096 119 Exec Code Overflow 2009-03-25 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
19 CVE-2009-1095 189 Exec Code Overflow 2009-03-25 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
20 CVE-2009-1094 Exec Code 2009-03-25 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
21 CVE-2009-1092 399 Exec Code 2009-03-25 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments.
22 CVE-2009-1090 22 Dir. Trav. 2009-03-25 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uploaded parameter.
23 CVE-2009-1088 94 Exec Code 2009-03-25 2018-10-10
9.0
None Remote Low Single system Complete Complete Complete
Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime.
24 CVE-2009-1087 20 Exec Code 2009-03-25 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1.9.21 and earlier allow remote attackers to execute arbitrary code via a UNC share pathname in the LoadModule argument to the (1) synacast, (2) Play, (3) pplsv, or (4) ppvod URI handler. NOTE: some of these details are obtained from third party information.
25 CVE-2009-1086 399 DoS Exec Code Overflow Mem. Corr. 2009-03-25 2009-05-15
6.4
None Remote Low Not required None Partial Partial
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.
26 CVE-2009-1084 264 2009-03-25 2017-08-16
6.4
None Remote Low Not required Partial Partial None
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.
27 CVE-2009-1083 94 Exec Code 2009-03-25 2009-10-06
9.0
None Remote Low Single system Complete Complete Complete
Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters."
28 CVE-2009-1082 20 +Priv 2009-03-25 2009-03-25
9.0
Admin Remote Low Single system Complete Complete Complete
Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.
29 CVE-2009-1077 264 2009-03-25 2009-10-06
6.5
None Remote Low Single system Partial Partial Partial
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.
30 CVE-2009-1071 119 DoS Exec Code Overflow 2009-03-26 2017-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.
31 CVE-2009-1068 119 DoS Exec Code Overflow 2009-03-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
32 CVE-2009-1066 89 Exec Code Sql 2009-03-26 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.
33 CVE-2009-1065 89 Exec Code Sql 2009-03-26 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
34 CVE-2009-1063 119 Exec Code Overflow 2009-03-26 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file.
35 CVE-2009-1062 20 Exec Code Mem. Corr. 2009-03-24 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.
36 CVE-2009-1061 20 Exec Code 2009-03-24 2018-11-08
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.
37 CVE-2009-1060 Exec Code 2009-03-24 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009.
38 CVE-2009-1059 119 Exec Code Overflow 2009-03-24 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
39 CVE-2009-1058 119 Exec Code Overflow 2009-03-24 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. NOTE: it is possible that this overlaps CVE-2005-3317. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
40 CVE-2009-1057 119 Exec Code Overflow Mem. Corr. 2009-03-24 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
41 CVE-2009-1054 Exec Code 2009-03-24 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009.
42 CVE-2009-1050 287 Bypass 2009-03-24 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.
43 CVE-2009-1049 89 Exec Code Sql 2009-03-24 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.
44 CVE-2009-1044 399 Exec Code 2009-03-23 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
45 CVE-2009-1043 Exec Code 2009-03-23 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
46 CVE-2009-1042 Exec Code 2009-03-23 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
47 CVE-2009-1041 119 Overflow 2009-03-26 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.
48 CVE-2009-1040 119 Exec Code Overflow 2009-03-20 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file.
49 CVE-2009-1039 119 Exec Code Overflow 2009-03-20 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file.
50 CVE-2009-1038 89 Exec Code Sql 2009-03-20 2017-09-28
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
Total number of vulnerabilities : 330   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.