CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2008-6080 22 Dir. Trav. 2009-02-06 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
602 CVE-2008-6079 Overflow 2009-02-06 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows."
603 CVE-2008-6078 89 Exec Code Sql 2009-02-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in open.php in the Private Messaging (com_privmsg) component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php.
604 CVE-2008-6077 89 Exec Code Sql 2009-02-06 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and earlier allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action.
605 CVE-2008-6076 89 Exec Code Sql 2009-02-06 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
606 CVE-2008-6075 89 Exec Code Sql 2009-02-06 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 allows remote attackers to execute arbitrary SQL commands via the kid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
607 CVE-2008-6074 22 Dir. Trav. 2009-02-06 2018-10-11
5.1
User Remote High Not required Partial Partial Partial
Directory traversal vulnerability in frame.php in phpcrs 2.06 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the importFunction parameter.
608 CVE-2008-6073 310 +Info 2009-02-10 2017-08-07
4.9
None Local Low Not required Complete None None
StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
609 CVE-2008-6072 DoS 2009-02-10 2009-03-13
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images.
610 CVE-2008-6071 119 DoS Exec Code Overflow 2009-02-10 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information.
611 CVE-2008-6070 119 DoS Exec Code Overflow 2009-02-10 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information.
612 CVE-2008-6069 89 Exec Code Sql 2009-02-10 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.
613 CVE-2008-6068 89 Exec Code Sql 2009-02-10 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.
614 CVE-2008-6066 94 Exec Code File Inclusion 2009-02-04 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
615 CVE-2008-6065 264 +Priv 2009-02-04 2018-10-30
5.1
User Remote High Not required Partial Partial Partial
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141.
616 CVE-2008-6064 89 Exec Code Sql 2009-02-04 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote attackers to execute arbitrary SQL commands via the cat parameter to agenda/index.php, and unspecified other vectors.
617 CVE-2008-6063 200 +Info 2009-02-04 2018-10-11
4.3
None Remote Medium Not required Partial None None
Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
618 CVE-2008-6062 79 XSS 2009-02-04 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.
619 CVE-2008-6061 79 XSS 2009-02-04 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) controller files created by Techsmith Camtasia Studio before 5 allows remote attackers to inject arbitrary additional SWF content via a URL in the csPreloader parameter.
620 CVE-2008-6060 79 XSS 2009-02-04 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the dataURL parameter.
621 CVE-2008-6059 264 +Info 2009-02-04 2017-08-07
5.0
None Remote Low Not required Partial None None
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
622 CVE-2008-6058 20 DoS 2009-02-04 2009-02-05
5.0
None Remote Low Not required None None Partial
Syslserve 1.058 and earlier, and probably 1.059, allows remote attackers to cause a denial of service (hang) via a crafted UDP Syslog packet.
623 CVE-2008-6057 264 2009-02-04 2017-09-28
5.0
None Remote Low Not required Partial None None
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
624 CVE-2008-6056 79 XSS 2009-02-04 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to emailrecipe.aspx, (2) id parameter to recipedetail.aspx, and the (3) catid parameter to validatefieldlength.aspx.
625 CVE-2008-6055 264 2009-02-04 2009-02-04
5.0
None Remote Low Not required Partial None None
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
626 CVE-2008-6054 264 2009-02-04 2017-08-07
5.0
None Remote Low Not required Partial None None
PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
627 CVE-2008-6053 264 2009-02-04 2017-08-07
5.0
None Remote Low Not required Partial None None
PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
628 CVE-2008-6052 264 2009-02-04 2017-08-07
5.0
None Remote Low Not required Partial None None
PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
629 CVE-2008-6051 264 2009-02-04 2018-10-11
5.0
None Remote Low Not required Partial None None
MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request.
630 CVE-2008-6050 89 Exec Code Sql 2009-02-04 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php.
631 CVE-2008-6049 Exec Code Sql 2009-02-04 2009-03-21
0.0
None ??? ??? ??? ??? ??? ???
** REJECT ** SQL injection vulnerability in index.php in TinyMCE 2.0.1 allows remote attackers to execute arbitrary SQL commands via the menuID parameter. NOTE: CVE and multiple reliable third parties dispute this issue, since TinyMCE does not contain index.php or any PHP code. This may be an issue in a product that has integrated TinyMCE.
632 CVE-2008-6048 352 CSRF 2009-02-04 2018-08-13
6.0
User Remote Medium Single system Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators.
633 CVE-2008-6047 79 XSS 2009-02-04 2017-11-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) subscribing and (2) unsubscribing.
634 CVE-2008-6046 89 Exec Code Sql 2009-02-04 2017-12-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) opt_in_out.php.inc, (2) confirmation.php.inc, and (3) renewal.php.inc in mailinglist/.
635 CVE-2008-6045 287 2009-02-03 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.
636 CVE-2008-6044 79 XSS 2009-02-03 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in xt:Commerce 3.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
637 CVE-2008-6043 89 Exec Code Sql 2009-02-03 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information.
638 CVE-2008-6042 89 Exec Code Sql 2009-02-03 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php.
639 CVE-2008-6041 79 XSS 2009-02-03 2009-02-03
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (4) FilterField parameters.
640 CVE-2008-6040 89 Exec Code Sql 2009-02-03 2009-08-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php.
641 CVE-2008-6039 287 2009-02-03 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
642 CVE-2008-6038 89 Exec Code Sql 2009-02-03 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dsp_editevent.php.
643 CVE-2008-6037 89 Exec Code Sql 2009-02-03 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the v parameter.
644 CVE-2008-6036 94 Exec Code File Inclusion 2009-02-03 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter.
645 CVE-2008-6035 79 1 XSS 2009-02-03 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter.
646 CVE-2008-6034 79 XSS 2009-02-03 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
647 CVE-2008-6033 89 Exec Code Sql 2009-02-03 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter.
648 CVE-2008-6032 89 Exec Code Sql 2009-02-03 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter.
649 CVE-2008-6031 89 Exec Code Sql 2009-02-03 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable.
650 CVE-2008-6030 89 Exec Code Sql 2009-02-03 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to index.php in the search module or (2) the news_id parameter to index.php.
Total number of vulnerabilities : 687   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.