CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2009-1073 264 2009-03-31 2009-04-08
4.9
None Local Low Not required Complete None None
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
52 CVE-2009-1072 16 2009-03-24 2018-10-10
4.9
None Local Low Not required None Complete None
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
53 CVE-2009-1071 119 DoS Exec Code Overflow 2009-03-26 2017-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.
54 CVE-2009-1070 79 XSS 2009-03-26 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.
55 CVE-2009-1069 79 XSS 2009-03-26 2017-08-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.
56 CVE-2009-1068 119 DoS Exec Code Overflow 2009-03-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
57 CVE-2009-1067 79 XSS 2009-03-26 2017-09-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter.
58 CVE-2009-1066 89 Exec Code Sql 2009-03-26 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.
59 CVE-2009-1065 89 Exec Code Sql 2009-03-26 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
60 CVE-2009-1064 94 2009-03-26 2017-09-28
5.8
None Remote Medium Not required None Partial Partial
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
61 CVE-2009-1063 119 Exec Code Overflow 2009-03-26 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file.
62 CVE-2009-1062 20 Exec Code Mem. Corr. 2009-03-24 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.
63 CVE-2009-1061 20 Exec Code 2009-03-24 2018-11-08
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.
64 CVE-2009-1060 Exec Code 2009-03-24 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009.
65 CVE-2009-1059 119 Exec Code Overflow 2009-03-24 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
66 CVE-2009-1058 119 Exec Code Overflow 2009-03-24 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. NOTE: it is possible that this overlaps CVE-2005-3317. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
67 CVE-2009-1057 119 Exec Code Overflow Mem. Corr. 2009-03-24 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
68 CVE-2009-1056 2009-03-24 2009-04-02
5.0
None Remote Low Not required Partial None None
IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing."
69 CVE-2009-1055 2009-03-24 2018-10-10
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.
70 CVE-2009-1054 Exec Code 2009-03-24 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009.
71 CVE-2009-1053 264 2009-03-24 2018-10-10
5.0
None Remote Low Not required Partial None None
chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
72 CVE-2009-1052 264 2009-03-24 2018-10-10
5.0
None Remote Low Not required Partial None None
FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
73 CVE-2009-1051 264 2009-03-24 2018-10-10
5.0
None Remote Low Not required Partial None None
FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.
74 CVE-2009-1050 287 Bypass 2009-03-24 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.
75 CVE-2009-1049 89 Exec Code Sql 2009-03-24 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.
76 CVE-2009-1047 79 XSS 2009-03-23 2009-04-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.
77 CVE-2009-1046 399 DoS Mem. Corr. 2009-03-23 2016-05-31
4.7
None Local Medium Not required None None Complete
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.
78 CVE-2009-1045 20 DoS 2009-03-23 2017-09-28
5.0
None Remote Low Not required None None Partial
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
79 CVE-2009-1044 399 Exec Code 2009-03-23 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
80 CVE-2009-1043 Exec Code 2009-03-23 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
81 CVE-2009-1042 Exec Code 2009-03-23 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
82 CVE-2009-1041 119 Overflow 2009-03-26 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.
83 CVE-2009-1040 119 Exec Code Overflow 2009-03-20 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file.
84 CVE-2009-1039 119 Exec Code Overflow 2009-03-20 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file.
85 CVE-2009-1038 89 Exec Code Sql 2009-03-20 2017-09-28
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
86 CVE-2009-1037 2009-03-20 2009-03-26
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API.
87 CVE-2009-1036 352 CSRF 2009-03-20 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.
88 CVE-2009-1035 79 XSS 2009-03-20 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).
89 CVE-2009-1034 89 Exec Code Sql 2009-03-20 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.
90 CVE-2009-1033 89 Exec Code Sql 2009-03-20 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
91 CVE-2009-1032 89 Exec Code Sql 2009-03-20 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter.
92 CVE-2009-1031 22 Dir. Trav. 2009-03-19 2017-09-28
7.8
None Remote Low Not required None Complete None
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
93 CVE-2009-1030 79 XSS 2009-03-19 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
94 CVE-2009-1029 119 Exec Code Overflow 2009-03-19 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
95 CVE-2009-1028 119 Exec Code Overflow 2009-03-19 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
96 CVE-2009-1027 89 Exec Code Sql 2009-03-19 2018-10-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.
97 CVE-2009-1026 89 Exec Code Sql 2009-03-19 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
98 CVE-2009-1025 94 Exec Code File Inclusion 2009-03-19 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
99 CVE-2009-1024 89 Exec Code Sql 2009-03-19 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors.
100 CVE-2009-1023 89 Exec Code Sql 2009-03-19 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
Total number of vulnerabilities : 554   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.