LiveActive security incident?Get immediate response
CVE archive

November 2009

Browse CVE records published in November 2009, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 324 matching CVEs · Page 2 of 7.

Unknown · CVSS Not scored

CVE-2009-4114: kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not prop...

kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl.

Published Nov 30, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4085: PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows r...

PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Nov 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4083: Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to in...

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain.

Published Nov 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4115: Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow rem...

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category and (2) Icon URL fields; or (3) inject arbitrary PHP code into data/ipban.php via the add_ip parameter.

Published Nov 30, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4088: Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to...

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.

Published Nov 27, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4098: Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote...

Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.

Published Nov 28, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4116: Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled,...

Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files.

Published Nov 30, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4074: The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing...

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."

Published Nov 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2009-4066: Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integrati...

Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.

Published Nov 24, 2009 · Updated Aug 7, 2024