LiveActive security incident?Get immediate response
CVE archive

March 2009

Browse CVE records published in March 2009, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 449 matching CVEs · Page 2 of 9.

Unknown · CVSS Not scored

CVE-2009-0803: SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when t...

SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

Published Mar 4, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-5055: Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings...

Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.

Published Mar 18, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-5056: Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission set...

Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.

Published Mar 18, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-1082: Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges...

Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.

Published Mar 25, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-4717: Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inje...

Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.

Published Mar 15, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2009-20001: An issue was discovered in MantisBT before 2.24.5.

An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them.

Published Mar 7, 2021 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-5138: GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.50...

GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.

Published Mar 6, 2014 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-5064: ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a...

ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.

Published Mar 30, 2011 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4729: Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to...

Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php.

Published Mar 18, 2010 · Updated Aug 7, 2024