Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1246 | 1 Blogplus | 1 Blogplus | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file] includes/parameter to block_center_top.php; (3) row_mysql_blocks_left[file] parameter to includes/block_left.php; (4) row_mysql_blocks_right[file] parameter to includes/block_right.php; and row_mysql_bloginfo[theme] parameter to (5) includes/window_down.php and (6) includes/window_top.php. | |||||
| CVE-2009-1247 | 1 Acutecp.rediscussed | 1 Acutecp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-1248 | 1 Acutecp | 1 Acute Control Panel | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/. | |||||
| CVE-2009-1256 | 1 Flexcms | 1 Flexcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1257 | 1 Magic Iso Maker | 1 Magic Iso Maker | 2017-09-29 | 9.0 HIGH | N/A |
| Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file. | |||||
| CVE-2009-1259 | 1 Insanevisions | 1 Adaptbb | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php. | |||||
| CVE-2009-1260 | 1 Ezbsystems | 1 Ultraiso | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file. | |||||
| CVE-2009-1263 | 2 Alikonweb, Joomla | 2 Com Bookjoomlas, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php. | |||||
| CVE-2009-1277 | 1 Gravityboardx | 1 Gravity Board X | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2. | |||||
| CVE-2009-1278 | 1 Gravityboardx | 1 Gravity Board X | 2017-09-29 | 7.5 HIGH | N/A |
| Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php. | |||||
| CVE-2009-1282 | 1 Glfusion | 1 Glfusion | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter. | |||||
| CVE-2009-1283 | 1 Glfusion | 1 Glfusion | 2017-09-29 | 6.8 MEDIUM | N/A |
| glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes. | |||||
| CVE-2009-1313 | 1 Mozilla | 1 Firefox | 2017-09-29 | 9.3 HIGH | N/A |
| The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | |||||
| CVE-2009-1314 | 1 Webfileexplorer | 1 Web File Explorer | 2017-09-29 | 10.0 HIGH | N/A |
| body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension. | |||||
| CVE-2009-1317 | 1 Aquacms | 1 Aqua Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php. | |||||
| CVE-2009-1318 | 1 Jamroom | 1 Jamroom | 2017-09-29 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter. | |||||
| CVE-2009-1319 | 1 Guestcal | 1 Guest Cal | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php. | |||||
| CVE-2009-1321 | 1 Humayun Shabbir Bhutta | 1 Asp Product Catalog | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||||
| CVE-2009-1322 | 1 Humayun Shabbir Bhutta | 1 Asp Product Catalog | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb. | |||||
| CVE-2009-1323 | 1 Webfileexplorer | 1 Web File Explorer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1324 | 1 Mini-stream | 1 Asx To Mp3 Converter | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. | |||||
| CVE-2009-1325 | 1 Mini-stream | 1 Ripper | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. | |||||
| CVE-2009-1326 | 1 Mini-stream | 1 Rm Downloader | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. | |||||
| CVE-2009-1327 | 1 Mini-stream | 1 Wm Downloader | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. | |||||
| CVE-2009-1328 | 1 Mini-stream | 1 Rm-mp3 Converter | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. | |||||
| CVE-2009-1330 | 1 Mini-stream | 1 Easy Rm To Mp3 Converter | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file. | |||||
| CVE-2009-1331 | 1 Microsoft | 1 Windows Media Player | 2017-09-29 | 9.3 HIGH | N/A |
| Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid. | |||||
| CVE-2009-1341 | 1 Debian | 1 Libdbd-pg-perl | 2017-09-29 | 5.0 MEDIUM | N/A |
| Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. | |||||
| CVE-2009-1345 | 1 Cpcommerce | 1 Cpcommerce | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter. | |||||
| CVE-2009-1346 | 1 Interguias | 1 Nethoteles | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter. | |||||
| CVE-2009-1347 | 1 Chcounter | 1 Chcounter | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field). | |||||
| CVE-2009-1351 | 1 Heikki Ylinen | 1 Apollo | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file. | |||||
| CVE-2009-1352 | 1 Dawningsoft | 1 Powerchm | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL. | |||||
| CVE-2009-1355 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename. | |||||
| CVE-2009-1356 | 1 Elecard | 1 Elecard Avc Hd Player | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file. | |||||
| CVE-2009-1367 | 1 Mozilo | 1 Mozilocms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a. | |||||
| CVE-2009-1368 | 1 Mozilo | 1 Mozilocms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3. | |||||
| CVE-2009-1369 | 1 Mozilo | 1 Mozilocms | 2017-09-29 | 5.0 MEDIUM | N/A |
| moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message. | |||||
| CVE-2009-1370 | 1 Xilisoft | 1 Xilisoft Video Converter | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file. | |||||
| CVE-2009-1373 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 7.1 HIGH | N/A |
| Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1374 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 5.0 MEDIUM | N/A |
| Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. | |||||
| CVE-2009-1375 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 5.0 MEDIUM | N/A |
| The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. | |||||
| CVE-2009-1376 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927. | |||||
| CVE-2009-1379 | 1 Openssl | 1 Openssl | 2017-09-29 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. | |||||
| CVE-2009-1403 | 1 Creloaded | 1 Cre Loaded | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
| CVE-2009-1404 | 1 Pastel | 1 Pastelcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter. | |||||
| CVE-2009-1405 | 1 Pastel | 1 Pastelcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set_lng parameter. | |||||
| CVE-2009-1406 | 1 Sweetphp | 1 Totalcalendar | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter. | |||||
| CVE-2009-1407 | 1 Wonko | 1 Notftp | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a certain languages[][file] parameter. | |||||
| CVE-2009-1409 | 1 E107 | 1 E107 | 2017-09-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320. | |||||