LiveActive security incident?Get immediate response
CVE archive

January 2009

Browse CVE records published in January 2009, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 363 matching CVEs · Page 5 of 8.

Unknown · CVSS Not scored

CVE-2009-0336: Katy Whitton BlogIt!

Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.

Published Jan 29, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-0337: SQL injection vulnerability in index.asp in Katy Whitton BlogIt!

SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jan 29, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-0320: Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, w...

Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."

Published Jan 28, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-0323: Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to exec...

Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.

Published Jan 28, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-0345: Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x...

Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717.

Published Jan 29, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-0294: Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allo...

Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288.

Published Jan 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-0316: Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows...

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

Published Jan 28, 2009 · Updated Aug 7, 2024