LiveActive security incident?Get immediate response
CVE archive

March 2009

Browse CVE records published in March 2009, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 449 matching CVEs · Page 1 of 9.

High · CVSS 7.8

CVE-2009-0082: The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and...

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."

Published Mar 10, 2009 · Updated Jan 21, 2025

Unknown · CVSS Not scored

CVE-2009-0801: Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote end...

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Published Mar 4, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2009-5057: The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HO...

The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.

Published Mar 18, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-0802: Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the rem...

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Published Mar 4, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-1077: The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0...

The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.

Published Mar 25, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-0766: Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and exec...

Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 3, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-0804: Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the re...

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Published Mar 4, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-2907: Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Applica...

Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields."

Published Mar 24, 2010 · Updated Sep 16, 2024