Lista CVE - 2009 / Marzo
Visualizzazione 301 - 400 di 553 CVE per Marzo 2009 (Pagina 4 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2008-4564 | 2009-03-18 | Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec... |
| CVE-2008-6482 | 2009-03-18 | PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via... |
| CVE-2008-6483 | 2009-03-18 | PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code... |
| CVE-2008-6484 | 2009-03-18 | SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field. |
| CVE-2008-6485 | 2009-03-18 | SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter. |
| CVE-2008-6486 | 2009-03-18 | PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter. |
| CVE-2008-6487 | 2009-03-18 | Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields. |
| CVE-2008-6488 | 2009-03-18 | SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action. |
| CVE-2009-0538 | 2009-03-18 | Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have... |
| CVE-2009-0940 | 2009-03-18 | Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity... |
| CVE-2009-0941 | 2009-03-18 | The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain... |
| CVE-2009-0962 | 2009-03-19 | Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI eCommerce 1.3.0 and earlier, and CGI Professional 3.2.2 and earlier, allows remote attackers to gain administrative privileges via unknown attack... |
| CVE-2008-6489 | 2009-03-19 | SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php. |
| CVE-2008-6490 | 2009-03-19 | function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution... |
| CVE-2008-6491 | 2009-03-19 | PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this... |
| CVE-2009-0661 | 2009-03-19 | Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds... |
| CVE-2009-0963 | 2009-03-19 | Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and... |
| CVE-2009-0964 | 2009-03-19 | UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection... |
| CVE-2009-0965 | 2009-03-19 | SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to... |
| CVE-2009-0966 | 2009-03-19 | PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this... |
| CVE-2009-0967 | 2009-03-19 | The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument. |
| CVE-2009-0968 | 2009-03-19 | SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these... |
| CVE-2009-0969 | 2009-03-19 | Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action. |
| CVE-2009-0970 | 2009-03-19 | PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension... |
| CVE-2009-0971 | 2009-03-19 | Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CVE-2009-0927 | 2009-03-19 | Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted... |
| CVE-2008-6492 | 2009-03-20 | Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing... |
| CVE-2008-6493 | 2009-03-20 | Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb. |
| CVE-2008-6494 | 2009-03-20 | ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb. |
| CVE-2008-6495 | 2009-03-20 | Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2008-6496 | 2009-03-20 | Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to... |
| CVE-2008-6497 | 2009-03-20 | The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI. |
| CVE-2008-6498 | 2009-03-20 | Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd... |
| CVE-2008-6499 | 2009-03-20 | security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1. |
| CVE-2009-1022 | 2009-03-20 | Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and... |
| CVE-2009-1023 | 2009-03-20 | SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter. |
| CVE-2009-1024 | 2009-03-20 | Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors. |
| CVE-2009-1025 | 2009-03-20 | PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| CVE-2009-1026 | 2009-03-20 | Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
| CVE-2009-1027 | 2009-03-20 | SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter. |
| CVE-2009-1028 | 2009-03-20 | Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file. |
| CVE-2009-1029 | 2009-03-20 | Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll. |
| CVE-2009-1030 | 2009-03-20 | Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host... |
| CVE-2009-1031 | 2009-03-20 | Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in... |
| CVE-2008-6500 | 2009-03-20 | Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. |
| CVE-2008-6501 | 2009-03-20 | Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter. |
| CVE-2008-6502 | 2009-03-20 | Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar... |
| CVE-2008-6503 | 2009-03-20 | Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php. |
| CVE-2009-1032 | 2009-03-20 | SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter. |
| CVE-2009-1033 | 2009-03-20 | SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503. |
| CVE-2009-1034 | 2009-03-20 | SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the... |
| CVE-2009-1035 | 2009-03-20 | Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML... |
| CVE-2009-1036 | 2009-03-20 | Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI. |
| CVE-2009-1037 | 2009-03-20 | Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers... |
| CVE-2009-1038 | 2009-03-20 | Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary... |
| CVE-2009-1039 | 2009-03-20 | Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file. |
| CVE-2009-1040 | 2009-03-20 | Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file. |
| CVE-2008-6504 | 2009-03-23 | ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects,... |
| CVE-2008-6505 | 2009-03-23 | Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a... |
| CVE-2009-0581 | 2009-03-23 | Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and... |
| CVE-2009-0723 | 2009-03-23 | Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image... |
| CVE-2009-0733 | 2009-03-23 | Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary... |
| CVE-2009-1042 | 2009-03-23 | Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils... |
| CVE-2009-1043 | 2009-03-23 | Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils... |
| CVE-2009-1044 | 2009-03-23 | Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that... |
| CVE-2008-6506 | 2009-03-23 | Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. |
| CVE-2009-1045 | 2009-03-23 | requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. |
| CVE-2009-1046 | 2009-03-23 | The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial... |
| CVE-2008-6507 | 2009-03-23 | Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post... |
| CVE-2008-6508 | 2009-03-23 | Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a ..... |
| CVE-2008-6509 | 2009-03-23 | SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp. |
| CVE-2008-6510 | 2009-03-23 | Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
| CVE-2008-6511 | 2009-03-23 | Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. |
| CVE-2009-0583 | 2009-03-23 | Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and... |
| CVE-2009-0584 | 2009-03-23 | icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers... |
| CVE-2009-1047 | 2009-03-23 | Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows... |
| CVE-2008-6512 | 2009-03-24 | Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by... |
| CVE-2008-6513 | 2009-03-24 | Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it... |
| CVE-2008-6514 | 2009-03-24 | The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a... |
| CVE-2008-6515 | 2009-03-24 | Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string... |
| CVE-2009-1049 | 2009-03-24 | SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-1050 | 2009-03-24 | Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. |
| CVE-2009-1051 | 2009-03-24 | FubarForum 1.6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request... |
| CVE-2009-1052 | 2009-03-24 | FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request... |
| CVE-2009-1053 | 2009-03-24 | chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request... |
| CVE-2009-1054 | 2009-03-24 | Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in... |
| CVE-2009-1055 | 2009-03-24 | Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown... |
| CVE-2009-1056 | 2009-03-24 | IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing." |
| CVE-2009-1057 | 2009-03-24 | MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has... |
| CVE-2009-1058 | 2009-03-24 | Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. NOTE: it is possible that this overlaps... |
| CVE-2009-1059 | 2009-03-24 | Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file... |
| CVE-2009-1060 | 2009-03-24 | Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie... |
| CVE-2009-0364 | 2009-03-24 | Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2009-1041 | 2009-03-24 | The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value. |
| CVE-2009-1063 | 2009-03-24 | Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file. |
| CVE-2009-1064 | 2009-03-24 | Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by... |
| CVE-2009-1065 | 2009-03-24 | SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the... |
| CVE-2009-1066 | 2009-03-24 | SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request. |
| CVE-2009-1067 | 2009-03-24 | Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter. |
| CVE-2009-1068 | 2009-03-24 | Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute... |