CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2008-6130 79 XSS 2009-02-13 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters.
552 CVE-2008-6129 22 Dir. Trav. 2009-02-13 2017-08-16
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
553 CVE-2008-6128 287 2009-02-13 2017-08-16
6.8
User Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
554 CVE-2008-6127 79 XSS 2009-02-13 2017-08-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.
555 CVE-2008-6126 22 Dir. Trav. 2009-02-13 2017-08-16
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589.
556 CVE-2008-6125 264 +Priv 2009-02-12 2018-11-08
6.5
User Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.
557 CVE-2008-6124 89 Exec Code Sql 2009-02-12 2018-11-08
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.
558 CVE-2008-6123 20 Bypass 2009-02-12 2017-09-28
5.0
None Remote Low Not required Partial None None
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
559 CVE-2008-6122 20 DoS 2009-02-11 2017-08-07
7.8
None Remote Low Not required None None Complete
The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?").
560 CVE-2008-6121 20 Http R.Spl. 2009-02-11 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie.
561 CVE-2008-6120 89 Exec Code Sql 2009-02-11 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter.
562 CVE-2008-6119 20 2009-02-11 2017-08-07
7.5
None Remote Low Not required Partial Partial Partial
Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
563 CVE-2008-6118 287 Bypass 2009-02-11 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
564 CVE-2008-6117 89 Exec Code Sql 2009-02-11 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action.
565 CVE-2008-6116 89 Exec Code Sql 2009-02-11 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.
566 CVE-2008-6115 89 Exec Code Sql 2009-02-11 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
567 CVE-2008-6114 89 Exec Code Sql 2009-02-11 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
568 CVE-2008-6113 79 XSS 2009-02-11 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.90 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the (1) username and (2) profile page.
569 CVE-2008-6112 22 Dir. Trav. 2009-02-11 2017-09-28
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/.
570 CVE-2008-6111 89 Exec Code Sql 2009-02-11 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter.
571 CVE-2008-6110 2009-02-10 2009-02-11
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SemanticScuttle before 0.90 has unknown impact and attack vectors related to improper validation of parameters to profile.php.
572 CVE-2008-6109 264 Bypass 2009-02-10 2017-08-07
4.6
User Local Low Not required Partial Partial Partial
Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the "double click selector bug"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to "change permissions" and the "new UI."
573 CVE-2008-6108 79 XSS 2009-02-10 2017-09-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter.
574 CVE-2008-6107 399 DoS 2009-02-10 2017-08-07
4.9
None Local Low Not required None None Complete
The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel before 2.6.25.4, omit some virtual-address range (aka span) checks when the mremap MREMAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mremap calls, a related issue to CVE-2008-2137.
575 CVE-2008-6106 352 CSRF 2009-02-10 2009-08-08
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. NOTE: some of these details are obtained from third party information.
576 CVE-2008-6105 79 XSS 2009-02-10 2009-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
577 CVE-2008-6104 89 Exec Code Sql 2009-02-10 2009-02-26
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php.
578 CVE-2008-6103 94 1 Exec Code File Inclusion 2009-02-10 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter.
579 CVE-2008-6102 89 Exec Code Sql 2009-02-10 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ratelink.php in Link Trader Script allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.
580 CVE-2008-6101 89 Exec Code Sql 2009-02-10 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
581 CVE-2008-6100 89 Exec Code Sql 2009-02-10 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php.
582 CVE-2008-6099 94 Exec Code File Inclusion 2009-02-10 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter.
583 CVE-2008-6098 264 Bypass 2009-02-09 2017-08-07
4.0
None Remote Low Single system None None Partial
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."
584 CVE-2008-6097 79 XSS 2009-02-09 2017-08-07
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php.
585 CVE-2008-6096 79 XSS 2009-02-09 2009-02-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page.
586 CVE-2008-6095 79 XSS 2009-02-09 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
587 CVE-2008-6094 79 XSS 2009-02-09 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technologies Celoxis allows remote attackers to inject arbitrary web script or HTML via the ni.smessage parameter.
588 CVE-2008-6093 89 Exec Code Sql 2009-02-09 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in Noname CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) file_id parameter in a detailansicht action and the (2) kategorie parameter in a kategorien action.
589 CVE-2008-6092 287 Bypass 2009-02-09 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.
590 CVE-2008-6091 89 Exec Code Sql 2009-02-09 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter.
591 CVE-2008-6090 22 Dir. Trav. 2009-02-06 2017-09-28
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in members.php in ScriptsEz Mini Hosting Panel allows remote attackers to read arbitrary local files via a .. (dot dot) in the dir parameter in a view action.
592 CVE-2008-6089 22 Dir. Trav. 2009-02-06 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in main.php in ScriptsEz Easy Image Downloader allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a download action.
593 CVE-2008-6088 89 Exec Code Sql 2009-02-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php.
594 CVE-2008-6087 79 XSS 2009-02-06 2017-09-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
595 CVE-2008-6086 89 Exec Code Sql 2009-02-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355.
596 CVE-2008-6085 189 Exec Code Overflow 2009-02-06 2017-08-07
7.6
Admin Remote High Not required Complete Complete Complete
Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
597 CVE-2008-6084 20 Exec Code 2009-02-06 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
598 CVE-2008-6083 22 Dir. Trav. 2009-02-06 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
599 CVE-2008-6082 399 DoS 2009-02-06 2017-09-28
5.0
None Remote Low Not required None None Partial
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
600 CVE-2008-6081 89 Exec Code Sql 2009-02-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Total number of vulnerabilities : 687   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.