CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2009 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-0742 310 +Info 2009-02-26 2009-02-27
7.8
None Remote Low Not required Complete None None
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.
2 CVE-2009-0741 89 Exec Code Sql 2009-02-25 2018-10-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Login.asp in Craft Silicon [email protected] 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter.
3 CVE-2009-0740 89 Exec Code Sql 2009-02-25 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
4 CVE-2009-0739 89 Exec Code Sql 2009-02-25 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
5 CVE-2009-0738 89 Exec Code Sql 2009-02-25 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
6 CVE-2009-0734 119 Exec Code Overflow 2009-02-25 2018-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.
7 CVE-2009-0731 22 Dir. Trav. 2009-02-24 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in pages/play.php in Free Arcade Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
8 CVE-2009-0728 89 Exec Code Sql 2009-02-24 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.
9 CVE-2009-0727 89 Exec Code Sql 2009-02-24 2018-10-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
10 CVE-2009-0726 89 Exec Code Sql 2009-02-24 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
11 CVE-2009-0722 22 Dir. Trav. 2009-02-24 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter.
12 CVE-2009-0709 89 Exec Code Sql 2009-02-23 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13 CVE-2009-0707 89 Exec Code Sql 2009-02-23 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
14 CVE-2009-0706 89 1 Exec Code Sql 2009-02-23 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
15 CVE-2009-0704 89 Exec Code Sql 2009-02-23 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action.
16 CVE-2009-0703 89 Exec Code Sql 2009-02-23 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
17 CVE-2009-0702 89 Exec Code Sql 2009-02-23 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
18 CVE-2009-0698 189 DoS Exec Code Overflow 2009-02-23 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.
19 CVE-2009-0680 22 DoS Dir. Trav. 2009-02-22 2017-09-28
7.8
None Remote Low Not required None None Complete
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
20 CVE-2009-0658 119 Exec Code Overflow 2009-02-20 2019-09-27
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
21 CVE-2009-0653 287 2009-02-20 2009-06-25
7.5
None Remote Low Not required Partial Partial Partial
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
22 CVE-2009-0650 119 DoS Exec Code Overflow 2009-02-20 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 and earlier, and possibly 5.02, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a STATS line with a long pwd field. NOTE: some of these details are obtained from third party information.
23 CVE-2009-0649 DoS 2009-02-20 2018-10-10
7.8
None Remote Low Not required None None Complete
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
24 CVE-2009-0646 89 Exec Code Sql 2009-02-18 2018-10-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml.
25 CVE-2009-0641 264 Exec Code Bypass 2009-02-20 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.
26 CVE-2009-0639 94 Exec Code File Inclusion 2009-02-18 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.
27 CVE-2009-0625 94 DoS 2009-02-26 2009-03-03
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.
28 CVE-2009-0623 DoS 2009-02-26 2009-06-19
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.
29 CVE-2009-0622 Exec Code 2009-02-26 2009-02-27
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).
30 CVE-2009-0621 16 2009-02-26 2009-02-27
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.
31 CVE-2009-0620 255 2009-02-26 2009-02-27
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.
32 CVE-2009-0618 DoS +Priv +Info 2009-02-26 2009-03-03
8.5
None Remote Low Not required Partial None Complete
Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading configuration files.
33 CVE-2009-0617 255 Exec Code 2009-02-26 2009-03-03
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files.
34 CVE-2009-0616 255 DoS 2009-02-26 2009-03-03
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation."
35 CVE-2009-0615 22 Dir. Trav. 2009-02-26 2009-03-03
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."
36 CVE-2009-0614 287 Bypass 2009-02-26 2018-11-08
9.0
None Remote Low Not required Partial Partial Complete
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
37 CVE-2009-0610 94 Exec Code 2009-02-17 2009-02-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
38 CVE-2009-0609 20 DoS 2009-02-17 2009-02-18
7.8
None Remote Low Not required None None Complete
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests.
39 CVE-2009-0608 189 Overflow 2009-02-17 2018-10-10
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines.
40 CVE-2009-0607 189 Overflow 2009-02-17 2018-10-10
7.2
Admin Local Low Not required Complete Complete Complete
Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions.
41 CVE-2009-0606 20 2009-02-17 2018-10-10
7.2
Admin Local Low Not required Complete Complete Complete
The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820.
42 CVE-2009-0604 89 Exec Code Sql 2009-02-16 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter.
43 CVE-2009-0602 20 Exec Code 2009-02-16 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
44 CVE-2009-0598 89 Exec Code Sql 2009-02-16 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
45 CVE-2009-0592 22 Dir. Trav. 2009-02-16 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.
46 CVE-2009-0576 DoS 2009-02-13 2017-08-16
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests.
47 CVE-2009-0574 89 Exec Code Sql 2009-02-13 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.
48 CVE-2009-0569 119 Exec Code Overflow 2009-02-12 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request.
49 CVE-2009-0546 119 Exec Code Overflow 2009-02-12 2018-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file.
50 CVE-2009-0545 20 Exec Code 2009-02-12 2018-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
Total number of vulnerabilities : 357   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.