CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2009 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-3023 119 2 Exec Code Overflow Mem. Corr. 2009-08-31 2019-07-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
2 CVE-2009-3020 1 DoS 2009-08-31 2017-09-18
7.1
None Remote Medium Not required None None Complete
win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
3 CVE-2009-3000 399 DoS 2009-08-28 2009-08-31
7.1
None Remote Medium Not required None None Complete
The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."
4 CVE-2009-2978 89 Exec Code Sql 2009-08-27 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
5 CVE-2009-2976 310 2009-08-27 2009-08-28
7.8
None Remote Low Not required Complete None None
Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network.
6 CVE-2009-2972 399 DoS 2009-08-27 2017-09-18
7.8
None Remote Low Not required None None Complete
in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb."
7 CVE-2009-2963 2009-08-25 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers to force the download and execution of arbitrary files via attack vectors related to a "malformed update url and a malformed update website."
8 CVE-2009-2961 119 1 DoS Exec Code Overflow 2009-08-25 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file.
9 CVE-2009-2960 264 2009-08-25 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
10 CVE-2009-2951 310 2009-08-24 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.
11 CVE-2009-2935 264 Exec Code Bypass +Info 2009-08-27 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.
12 CVE-2009-2934 119 1 Exec Code Overflow 2009-08-21 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D allow remote attackers to execute arbitrary code via a long string in a (1) .pls or (2) .pl playlist file.
13 CVE-2009-2933 89 Exec Code Sql 2009-08-21 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.
14 CVE-2009-2931 22 Dir. Trav. 2009-08-21 2018-10-10
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter.
15 CVE-2009-2929 89 1 Exec Code Sql 2009-08-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions.
16 CVE-2009-2927 89 1 Exec Code Sql 2009-08-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.
17 CVE-2009-2926 89 1 Exec Code Sql 2009-08-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.
18 CVE-2009-2925 22 1 Dir. Trav. 2009-08-21 2017-09-18
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter.
19 CVE-2009-2924 89 1 Exec Code Sql 2009-08-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php.
20 CVE-2009-2922 22 1 Dir. Trav. 2009-08-21 2017-09-18
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter.
21 CVE-2009-2921 89 1 Exec Code Sql 2009-08-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).
22 CVE-2009-2916 134 Exec Code 2009-08-21 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname.
23 CVE-2009-2915 89 1 Exec Code Sql 2009-08-21 2009-08-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
24 CVE-2009-2896 119 1 DoS Exec Code Overflow 2009-08-20 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.
25 CVE-2009-2895 89 1 Exec Code Sql 2009-08-20 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
26 CVE-2009-2894 89 1 Exec Code Sql 2009-08-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.
27 CVE-2009-2892 89 1 Exec Code Sql 2009-08-20 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.
28 CVE-2009-2891 89 1 Exec Code Sql 2009-08-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
29 CVE-2009-2888 89 1 Exec Code Sql 2009-08-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
30 CVE-2009-2886 89 1 Exec Code Sql 2009-08-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.
31 CVE-2009-2885 89 1 Exec Code Sql 2009-08-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter.
32 CVE-2009-2881 89 1 Exec Code Sql 2009-08-20 2017-09-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.
33 CVE-2009-2861 DoS 2009-08-27 2009-08-28
7.3
None Local Network Medium Not required None Complete Complete
The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664.
34 CVE-2009-2853 264 +Priv 2009-08-18 2017-11-16
10.0
None Remote Low Not required Complete Complete Complete
Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.
35 CVE-2009-2850 119 Exec Code Overflow 2009-08-18 2009-08-21
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, and other errors in the (2) SearchForRecord_r_64, (3) LastRecord64, (4) CDFsel64, and other unspecified functions.
36 CVE-2009-2846 264 Bypass 2009-08-18 2017-08-16
7.8
None Remote Low Not required Complete None None
The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function.
37 CVE-2009-2844 399 DoS 2009-08-18 2012-03-19
7.8
None Remote Low Not required None None Complete
cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability.
38 CVE-2009-2792 22 1 Dir. Trav. 2009-08-17 2017-09-18
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter.
39 CVE-2009-2791 94 1 Exec Code File Inclusion 2009-08-17 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter.
40 CVE-2009-2790 89 1 Exec Code Sql 2009-08-17 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.
41 CVE-2009-2789 89 Exec Code Sql 2009-08-17 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
42 CVE-2009-2788 89 1 Exec Code Sql 2009-08-17 2017-09-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php.
43 CVE-2009-2786 89 1 Exec Code Sql 2009-08-17 2017-09-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter.
44 CVE-2009-2784 22 1 Dir. Trav. File Inclusion 2009-08-17 2017-09-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors.
45 CVE-2009-2782 89 1 Exec Code Sql 2009-08-17 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
46 CVE-2009-2779 89 1 Exec Code Sql 2009-08-17 2009-08-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.
47 CVE-2009-2777 89 1 Exec Code Sql 2009-08-14 2017-09-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
48 CVE-2009-2776 89 1 Exec Code Sql 2009-08-14 2009-08-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter.
49 CVE-2009-2775 89 1 Exec Code Sql 2009-08-14 2017-09-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
50 CVE-2009-2774 89 1 Exec Code Sql 2009-08-14 2017-09-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Total number of vulnerabilities : 249   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.