CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2008-6961 200 +Info 2009-08-13 2018-10-30
4.3
None Remote Medium Not required Partial None None
mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.
452 CVE-2008-6960 264 2009-08-12 2017-09-28
5.0
None Remote Low Not required Partial None None
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
453 CVE-2008-6959 2009-08-12 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method. NOTE: this might be related to CVE-2008-1647.
454 CVE-2008-6958 94 Exec Code 2009-08-12 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
455 CVE-2008-6957 264 2009-08-12 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
456 CVE-2008-6956 94 Exec Code 2009-08-12 2017-09-28
6.5
None Remote Low Single system Partial Partial Partial
Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from third party information.
457 CVE-2008-6955 200 +Info 2009-08-12 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini.
458 CVE-2008-6954 264 Exec Code 2009-08-12 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
459 CVE-2008-6953 119 DoS Exec Code Overflow 2009-08-12 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.
460 CVE-2008-6952 89 Exec Code Sql 2009-08-12 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
461 CVE-2008-6951 287 2009-08-12 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request.
462 CVE-2008-6950 89 Exec Code Sql 2009-08-12 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
463 CVE-2008-6949 352 CSRF 2009-08-12 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. NOTE: these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication.
464 CVE-2008-6948 20 Exec Code 2009-08-12 2018-10-11
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature.
465 CVE-2008-6947 287 Bypass 2009-08-12 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
466 CVE-2008-6946 79 XSS 2009-08-12 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php.
467 CVE-2008-6945 79 XSS 2009-08-12 2017-08-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature.
468 CVE-2008-6944 20 Exec Code 2009-08-12 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
469 CVE-2008-6943 20 Exec Code 2009-08-12 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
470 CVE-2008-6942 20 Exec Code 2009-08-12 2017-09-28
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
471 CVE-2008-6941 89 Exec Code Sql 2009-08-12 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
472 CVE-2008-6940 264 +Info 2009-08-12 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.
473 CVE-2008-6939 287 +Priv Bypass 2009-08-12 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.
474 CVE-2008-6938 20 DoS 2009-08-11 2017-09-28
4.3
None Remote Medium Not required None None Partial
Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.
475 CVE-2008-6937 94 DoS 2009-08-11 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
476 CVE-2008-6936 94 DoS 2009-08-11 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935.
477 CVE-2008-6935 94 DoS 2009-08-11 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI.
478 CVE-2008-6934 94 Exec Code 2009-08-11 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information.
479 CVE-2008-6933 22 Dir. Trav. 2009-08-11 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a .. (dot dot) in the list parameter.
480 CVE-2008-6932 264 Exec Code 2009-08-11 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/.
481 CVE-2008-6931 264 Exec Code 2009-08-11 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images.
482 CVE-2008-6930 264 Exec Code 2009-08-11 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/.
483 CVE-2008-6929 264 Exec Code 2009-08-11 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/.
484 CVE-2008-6928 264 Exec Code 2009-08-11 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/.
485 CVE-2008-6927 79 XSS 2009-08-10 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
486 CVE-2008-6926 22 Exec Code Dir. Trav. 2009-08-10 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
487 CVE-2008-6925 79 XSS 2009-08-10 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
488 CVE-2008-6924 79 XSS 2009-08-10 2017-08-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters.
489 CVE-2008-6923 89 Exec Code Sql 2009-08-10 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
490 CVE-2008-6922 119 Exec Code Overflow 2009-08-10 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp.
491 CVE-2008-6921 264 Exec Code 2009-08-10 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/.
492 CVE-2008-6920 264 Exec Code 2009-08-10 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/.
493 CVE-2008-6919 287 Bypass 2009-08-10 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin."
494 CVE-2008-6918 264 Exec Code 2009-08-10 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/.
495 CVE-2008-6917 89 Exec Code Sql 2009-08-07 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter).
496 CVE-2008-6916 287 Bypass 2009-08-07 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
497 CVE-2008-6915 79 XSS 2009-08-07 2017-09-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter.
498 CVE-2008-6914 264 Exec Code 2009-08-07 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/.
499 CVE-2008-6913 20 Exec Code 2009-08-07 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to jobseekers/logos/.
500 CVE-2008-6912 287 +Priv Bypass 2009-08-07 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.
Total number of vulnerabilities : 527   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.