CVE Database - 2009

Browse known vulnerabilities with WAF coverage analysis. See which CVEs are detectable by Web Application Firewalls and their OWASP CRS rules.

4
Matching CVEs
15853
Critical
26962
High
69389
High WAF Coverage
Severity: All Critical (15853) High (26962) Medium (41242) Low (855)
Attack: Authentication Bypass (3246) CSRF (7960) Code Injection (4249) Command Injection (3187) Cross-Site Scripting (XSS) (37475) HTTP Response Splitting (79) Incorrect Authorization (2764) Input Validation (8673) Insecure Deserialization (2555) Missing Authorization (7641) OS Command Injection (5400) Open Redirect (1432) Path Traversal (6855) Privilege Escalation (2590) Remote File Inclusion (1113) Resource Exhaustion (2791) SQL Injection (14737) SSRF (2370) Unrestricted File Upload (3980) XXE (1206)
Year: 1990 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2012 2014 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026
WAF: High (69389) Medium (23730) Low (23337)
Clear filter

CVE-2009-2790

HIGH
7.50 CVSS 2.0

SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.

SQL Injection
WAF: High

CVE-2009-0238

HIGH
9.30 CVSS 2.0

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

Code Injection
WAF: Medium

CVE-2008-6039

MEDIUM
6.80 CVSS 2.0

Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Improper Authentication
WAF: Low

CVE-2008-6027

MEDIUM
4.30 CVSS 2.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in BLUEPAGE CMS 2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) whl, (2) var_1, and (3) search parameters.

Cross-Site Scripting (XSS)
WAF: High