CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2009-2933 89 Exec Code Sql 2009-08-21 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.
52 CVE-2009-2932 79 XSS 2009-08-21 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.
53 CVE-2009-2931 22 Dir. Trav. 2009-08-21 2018-10-10
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter.
54 CVE-2009-2930 79 XSS 2009-08-21 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Search feature in elka CMS (aka Elkapax) allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI.
55 CVE-2009-2929 89 1 Exec Code Sql 2009-08-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions.
56 CVE-2009-2928 79 1 XSS 2009-08-21 2017-09-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839.
57 CVE-2009-2927 89 1 Exec Code Sql 2009-08-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.
58 CVE-2009-2926 89 1 Exec Code Sql 2009-08-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.
59 CVE-2009-2925 22 1 Dir. Trav. 2009-08-21 2017-09-18
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter.
60 CVE-2009-2924 89 1 Exec Code Sql 2009-08-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php.
61 CVE-2009-2923 22 1 Dir. Trav. 2009-08-21 2017-09-18
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php.
62 CVE-2009-2922 22 1 Dir. Trav. 2009-08-21 2017-09-18
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter.
63 CVE-2009-2921 89 1 Exec Code Sql 2009-08-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).
64 CVE-2009-2920 79 1 XSS 2009-08-21 2017-09-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php.
65 CVE-2009-2919 79 XSS 2009-08-21 2017-08-16
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
66 CVE-2009-2918 20 DoS 2009-08-21 2018-10-10
2.1
None Local Low Not required None None Partial
The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0.
67 CVE-2009-2917 119 1 DoS Exec Code Overflow 2009-08-21 2017-09-18
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file.
68 CVE-2009-2916 134 Exec Code 2009-08-21 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname.
69 CVE-2009-2915 89 1 Exec Code Sql 2009-08-21 2009-08-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
70 CVE-2009-2914 79 XSS 2009-08-21 2011-12-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
71 CVE-2009-2913 79 XSS 2009-08-21 2009-08-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
72 CVE-2009-2912 DoS 2009-08-21 2017-09-18
4.9
None Local Low Not required None None Complete
The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.
73 CVE-2009-2896 119 1 DoS Exec Code Overflow 2009-08-20 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.
74 CVE-2009-2895 89 1 Exec Code Sql 2009-08-20 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
75 CVE-2009-2894 89 1 Exec Code Sql 2009-08-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.
76 CVE-2009-2893 79 1 XSS 2009-08-20 2009-08-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
77 CVE-2009-2892 89 1 Exec Code Sql 2009-08-20 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.
78 CVE-2009-2891 89 1 Exec Code Sql 2009-08-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
79 CVE-2009-2890 79 1 XSS 2009-08-20 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
80 CVE-2009-2889 79 1 XSS 2009-08-20 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.
81 CVE-2009-2888 89 1 Exec Code Sql 2009-08-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
82 CVE-2009-2887 79 1 XSS 2009-08-20 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.
83 CVE-2009-2886 89 1 Exec Code Sql 2009-08-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.
84 CVE-2009-2885 89 1 Exec Code Sql 2009-08-20 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter.
85 CVE-2009-2884 79 1 XSS 2009-08-20 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter.
86 CVE-2009-2883 89 1 Exec Code Sql 2009-08-20 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
87 CVE-2009-2882 79 1 XSS 2009-08-20 2009-08-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
88 CVE-2009-2881 89 1 Exec Code Sql 2009-08-20 2017-09-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.
89 CVE-2009-2861 DoS 2009-08-27 2009-08-28
7.3
None Local Network Medium Not required None Complete Complete
The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664.
90 CVE-2009-2860 DoS 2009-08-19 2009-08-21
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
91 CVE-2009-2859 264 2009-08-19 2009-08-20
4.6
User Local Low Not required Partial Partial Partial
IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
92 CVE-2009-2858 399 DoS 2009-08-19 2009-08-21
5.0
None Remote Low Not required None None Partial
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.
93 CVE-2009-2857 399 DoS 2009-08-19 2017-09-18
4.9
None Local Low Not required None None Complete
The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.
94 CVE-2009-2856 200 +Info 2009-08-18 2009-08-21
3.5
None Remote Medium Single system Partial None None
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.
95 CVE-2009-2855 20 DoS 2009-08-18 2017-09-18
5.0
None Remote Low Not required None None Partial
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
96 CVE-2009-2854 264 2009-08-18 2017-11-22
6.4
None Remote Low Not required Partial Partial None
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/.
97 CVE-2009-2853 264 +Priv 2009-08-18 2017-11-16
10.0
None Remote Low Not required Complete Complete Complete
Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.
98 CVE-2009-2852 20 1 Exec Code 2009-08-18 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.
99 CVE-2009-2851 79 XSS 2009-08-18 2017-12-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.
100 CVE-2009-2850 119 Exec Code Overflow 2009-08-18 2009-08-21
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, and other errors in the (2) SearchForRecord_r_64, (3) LastRecord64, (4) CDFsel64, and other unspecified functions.
Total number of vulnerabilities : 527   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.