CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2008-6437 79 XSS 2009-03-06 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php.
452 CVE-2008-6436 79 XSS 2009-03-06 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
453 CVE-2008-6435 79 XSS 2009-03-06 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to cms/includes/header.inc.php; and the (4) lang[login_username] and (5) lang[login_password] parameters to cms/includes/login.inc.php.
454 CVE-2008-6434 89 Exec Code Sql 2009-03-06 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter.
455 CVE-2008-6433 79 XSS 2009-03-06 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
456 CVE-2008-6431 79 XSS 2009-03-06 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php.
457 CVE-2008-6430 89 Exec Code Sql 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
458 CVE-2008-6429 89 Exec Code Sql 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.
459 CVE-2008-6428 79 XSS 2009-03-06 2017-08-16
4.3
None Remote Medium Not required None Partial None
The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
460 CVE-2008-6427 89 Exec Code Sql 2009-03-06 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
461 CVE-2008-6425 89 Exec Code Sql 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456.
462 CVE-2008-6424 22 Dir. Trav. 2009-03-06 2017-08-16
8.8
None Remote Medium Not required None Complete Complete
Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot).
463 CVE-2008-6423 22 Dir. Trav. 2009-03-06 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter.
464 CVE-2008-6422 89 Exec Code Sql 2009-03-06 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.
465 CVE-2008-6421 94 Exec Code File Inclusion 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
466 CVE-2008-6420 200 +Info 2009-03-06 2017-09-28
5.0
None Remote Low Not required Partial None None
Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php.
467 CVE-2008-6419 89 Exec Code Sql 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php.
468 CVE-2008-6418 89 Exec Code Sql 2009-03-06 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
469 CVE-2008-6417 2009-03-06 2017-08-16
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the "installation directory" via unknown vectors.
470 CVE-2008-6416 79 XSS 2009-03-06 2017-08-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages."
471 CVE-2008-6415 119 Exec Code Overflow 2009-03-06 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname.
472 CVE-2008-6414 89 Exec Code Sql 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
473 CVE-2008-6413 79 XSS 2009-03-06 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.
474 CVE-2008-6412 +Priv 2009-03-06 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors.
475 CVE-2008-6411 287 Bypass 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.
476 CVE-2008-6410 22 Dir. Trav. 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
477 CVE-2008-6409 89 Exec Code Sql 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.
478 CVE-2008-6408 94 Exec Code File Inclusion 2009-03-06 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter.
479 CVE-2008-6407 22 Dir. Trav. 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.
480 CVE-2008-6406 79 XSS 2009-03-06 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
481 CVE-2008-6405 89 Exec Code Sql 2009-03-06 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter.
482 CVE-2008-6404 79 XSS 2009-03-06 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
483 CVE-2008-6403 94 Exec Code File Inclusion 2009-03-06 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter.
484 CVE-2008-6402 94 Exec Code File Inclusion 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter.
485 CVE-2008-6401 89 Exec Code Sql 2009-03-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter.
486 CVE-2008-6400 79 XSS 2009-03-05 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information.
487 CVE-2008-6399 264 2009-03-05 2009-03-06
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.
488 CVE-2008-6398 59 2009-03-04 2017-08-16
6.9
Admin Local Medium Not required Complete Complete Complete
sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files.
489 CVE-2008-6397 59 2009-03-04 2017-08-16
4.4
None Local Medium Not required Partial Partial Partial
rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
490 CVE-2008-6396 79 1 XSS 2009-03-04 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
491 CVE-2008-6395 134 DoS 2009-03-04 2017-08-16
7.8
None Remote Low Not required None None Complete
The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request.
492 CVE-2008-6394 89 Exec Code Sql 2009-03-04 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.
493 CVE-2008-6393 189 DoS Exec Code Overflow Bypass 2009-03-03 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow.
494 CVE-2008-6392 89 1 Exec Code Sql 2009-03-02 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter.
495 CVE-2008-6391 89 Exec Code Sql 2009-03-02 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter).
496 CVE-2008-6390 89 Exec Code Sql 2009-03-02 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
497 CVE-2008-6389 89 Exec Code Sql 2009-03-02 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
498 CVE-2008-6388 264 2009-03-02 2017-09-28
5.0
None Remote Low Not required Partial None None
Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb.
499 CVE-2008-6387 200 +Info 2009-03-02 2017-09-28
5.0
None Remote Low Not required Partial None None
Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb.
500 CVE-2008-6386 79 1 XSS 2009-03-02 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Total number of vulnerabilities : 554   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.