Lista CVE - 2009 / Marzo
Visualizzazione 101 - 200 di 553 CVE per Marzo 2009 (Pagina 2 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2009-0777 | 2009-03-05 | Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed... |
| CVE-2009-0813 | 2009-03-05 | Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost,... |
| CVE-2009-0814 | 2009-03-05 | Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. |
| CVE-2009-0815 | 2009-03-05 | The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message,... |
| CVE-2009-0816 | 2009-03-05 | Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to... |
| CVE-2009-0817 | 2009-03-05 | Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to... |
| CVE-2009-0818 | 2009-03-05 | Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the... |
| CVE-2009-0819 | 2009-03-05 | sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as... |
| CVE-2009-0820 | 2009-03-05 | Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to... |
| CVE-2009-0821 | 2009-03-05 | Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the... |
| CVE-2008-6400 | 2009-03-05 | Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some... |
| CVE-2009-0826 | 2009-03-05 | BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. |
| CVE-2009-0827 | 2009-03-05 | PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. |
| CVE-2009-0828 | 2009-03-05 | QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request. |
| CVE-2009-0829 | 2009-03-05 | Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and... |
| CVE-2009-0830 | 2009-03-05 | Cross-site scripting (XSS) vulnerability in QuoteBook allows remote attackers to inject arbitrary web script or HTML via the (1) QuoteName and (2) QuoteText parameters to quotesadd.php. NOTE: the provenance of... |
| CVE-2009-0831 | 2009-03-05 | SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby... |
| CVE-2009-0832 | 2009-03-05 | SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter. |
| CVE-2009-0833 | 2009-03-05 | Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in... |
| CVE-2008-6399 | 2009-03-05 | Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors. |
| CVE-2008-6401 | 2009-03-06 | SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter. |
| CVE-2008-6402 | 2009-03-06 | PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. |
| CVE-2008-6403 | 2009-03-06 | PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter. |
| CVE-2008-6404 | 2009-03-06 | Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. |
| CVE-2008-6405 | 2009-03-06 | SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| CVE-2008-6406 | 2009-03-06 | Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string. |
| CVE-2008-6407 | 2009-03-06 | Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter. |
| CVE-2008-6408 | 2009-03-06 | PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter. |
| CVE-2008-6409 | 2009-03-06 | SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action. |
| CVE-2008-6410 | 2009-03-06 | Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. |
| CVE-2008-6411 | 2009-03-06 | Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1. |
| CVE-2008-6412 | 2009-03-06 | Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors. |
| CVE-2008-6413 | 2009-03-06 | Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a... |
| CVE-2008-6414 | 2009-03-06 | SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. |
| CVE-2008-6415 | 2009-03-06 | Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname. |
| CVE-2009-0834 | 2009-03-06 | The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit... |
| CVE-2009-0835 | 2009-03-06 | The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a... |
| CVE-2008-6416 | 2009-03-06 | Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages." |
| CVE-2008-6417 | 2009-03-06 | Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the "installation directory" via unknown vectors. |
| CVE-2008-6418 | 2009-03-06 | SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. |
| CVE-2008-6419 | 2009-03-06 | Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php,... |
| CVE-2008-6420 | 2009-03-06 | Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. |
| CVE-2008-6421 | 2009-03-06 | PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| CVE-2008-6422 | 2009-03-06 | Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php. |
| CVE-2008-6423 | 2009-03-06 | Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter. |
| CVE-2008-6424 | 2009-03-06 | Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a... |
| CVE-2008-6425 | 2009-03-06 | SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456. |
| CVE-2008-6427 | 2009-03-06 | SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| CVE-2008-6428 | 2009-03-06 | The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. |
| CVE-2008-6429 | 2009-03-06 | SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to... |
| CVE-2008-6430 | 2009-03-06 | SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. |
| CVE-2008-6431 | 2009-03-06 | Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3)... |
| CVE-2008-6433 | 2009-03-06 | Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in... |
| CVE-2008-6434 | 2009-03-06 | SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter. |
| CVE-2008-6435 | 2009-03-06 | Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to... |
| CVE-2008-6436 | 2009-03-06 | Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-6437 | 2009-03-06 | Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the... |
| CVE-2008-6438 | 2009-03-06 | SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than... |
| CVE-2008-6439 | 2009-03-06 | Cross-site scripting (XSS) vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. |
| CVE-2009-0838 | 2009-03-06 | The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic)... |
| CVE-2008-6440 | 2009-03-06 | Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and... |
| CVE-2009-0855 | 2009-03-09 | Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2008-6441 | 2009-03-09 | Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR... |
| CVE-2008-6442 | 2009-03-09 | Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE: the... |
| CVE-2008-6443 | 2009-03-09 | SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter. |
| CVE-2008-6444 | 2009-03-09 | Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value. |
| CVE-2008-6445 | 2009-03-09 | Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details... |
| CVE-2008-6446 | 2009-03-09 | Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. |
| CVE-2008-6447 | 2009-03-09 | Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method. |
| CVE-2008-6448 | 2009-03-09 | Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-6449 | 2009-03-09 | Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows... |
| CVE-2008-6450 | 2009-03-09 | Cross-site scripting (XSS) vulnerability in Under Construction, Baby (UCB) PC2M 0.9.22.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CVE-2009-0849 | 2009-03-09 | Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain... |
| CVE-2009-0850 | 2009-03-09 | Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by... |
| CVE-2009-0851 | 2009-03-09 | Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php. |
| CVE-2009-0852 | 2009-03-09 | showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter. |
| CVE-2009-0853 | 2009-03-09 | login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'#... |
| CVE-2009-0027 | 2009-03-09 | The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during... |
| CVE-2009-0537 | 2009-03-09 | Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial... |
| CVE-2009-0781 | 2009-03-09 | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote... |
| CVE-2009-0825 | 2009-03-09 | SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-0856 | 2009-03-09 | Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web... |
| CVE-2009-0857 | 2009-03-09 | Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2009-0858 | 2009-03-09 | The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party... |
| CVE-2009-0859 | 2009-03-09 | The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users... |
| CVE-2009-0860 | 2009-03-10 | Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified... |
| CVE-2009-0861 | 2009-03-10 | Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via an IRC channel name. NOTE: some of these details are obtained... |
| CVE-2009-0862 | 2009-03-10 | Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_output function in modules/page/hooks/listeners.php in the admincp component in TangoCMS 2.2.x (aka Eagle) before 2.2.4 allows remote attackers to inject arbitrary web script or... |
| CVE-2009-0863 | 2009-03-10 | SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2009-0864 | 2009-03-10 | S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. |
| CVE-2009-0865 | 2009-03-10 | Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via... |
| CVE-2009-0866 | 2009-03-10 | pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php. |
| CVE-2009-0867 | 2009-03-10 | The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection. |
| CVE-2009-0868 | 2009-03-10 | CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
| CVE-2009-0081 | 2009-03-10 | The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008... |
| CVE-2009-0082 | 2009-03-10 | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows... |
| CVE-2009-0083 | 2009-03-10 | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an... |
| CVE-2009-0085 | 2009-03-10 | The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate... |
| CVE-2009-0191 | 2009-03-10 | Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers... |
| CVE-2009-0836 | 2009-03-10 | Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which... |