Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2024 | 1 Vt.rovno | 1 Asp Vt Auth | 2017-09-29 | 5.0 MEDIUM | N/A |
| Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt. | |||||
| CVE-2009-2025 | 1 Dutchmonkey | 1 Dm Filemanager | 2017-09-29 | 7.5 HIGH | N/A |
| admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values. | |||||
| CVE-2009-2029 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks. | |||||
| CVE-2009-2033 | 1 Ricardo Alexandre De Oliveira Staudt | 1 Yogurt | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2009-2034 | 1 Ricardo Alexandre De Oliveira Staudt | 1 Yogurt | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter. | |||||
| CVE-2009-2037 | 1 Onlinegrades | 1 Online Grades | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php. | |||||
| CVE-2009-2040 | 1 Grestul | 1 Grestul | 2017-09-29 | 7.5 HIGH | N/A |
| admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request. | |||||
| CVE-2009-2049 | 1 Cisco | 2 Ios, Ios Xe | 2017-09-29 | 5.4 MEDIUM | N/A |
| Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973. | |||||
| CVE-2009-2080 | 1 Mrcgiguy | 1 The Ticket System | 2017-09-29 | 7.5 HIGH | N/A |
| admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action. | |||||
| CVE-2009-2081 | 1 Phpwebthings | 1 Phpwebthings | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter. | |||||
| CVE-2009-2095 | 1 Mundi King | 1 Mundi Mail | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files. | |||||
| CVE-2009-2096 | 1 David Degner | 1 Phpcollegeexchange | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter. | |||||
| CVE-2009-2098 | 1 Micheal Glazer | 1 Phportal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2099 | 2 Ijoomla, Joomla | 2 Com Rssfeeder, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php. | |||||
| CVE-2009-2100 | 2 Joomla, Joomlapraise | 2 Joomla, Com Projectfork | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. | |||||
| CVE-2009-2101 | 1 Castro Xl | 1 Torrentvolve | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote attackers to delete arbitrary files via a .. (dot dot) in the deleteTorrent parameter. | |||||
| CVE-2009-2102 | 2 Com Jumi, Joomla | 2 Com Jumi, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php. | |||||
| CVE-2009-2109 | 1 Daan Sprenkels | 1 Fretsweb | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php. | |||||
| CVE-2009-2110 | 1 Jnmsolutions | 1 Db Top Sites | 2017-09-29 | 7.6 HIGH | N/A |
| Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php. | |||||
| CVE-2009-2111 | 1 Jnmsolutions | 1 Db Top Sites | 2017-09-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter. | |||||
| CVE-2009-2112 | 1 Frank-karau | 1 Phpfk | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter. | |||||
| CVE-2009-2113 | 1 Daan Sprenkels | 1 Fretsweb | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php. | |||||
| CVE-2009-2117 | 1 Phportal | 1 Phportal | 2017-09-29 | 7.5 HIGH | N/A |
| uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username. | |||||
| CVE-2009-2120 | 1 Tekbase | 1 Tekbase All-in-one | 2017-09-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) ids parameter to admin.php, the (2) y parameter to members.php, and other unspecified vectors. NOTE: vector 1 requires administrative access. | |||||
| CVE-2009-2122 | 2 Paolo Palmonari, Wordpress | 2 Photoracer Plugin For Wordpress, Wordpress | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2123 | 1 Elvinbts | 1 Elvinbts | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2. | |||||
| CVE-2009-2124 | 1 Elvinbts | 1 Elvinbts | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. | |||||
| CVE-2009-2127 | 1 Elvinbts | 1 Elvinbts | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2009-2129 | 1 Elvinbts | 1 Elvinbts | 2017-09-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action. | |||||
| CVE-2009-2130 | 1 Elvinbts | 1 Elvinbts | 2017-09-29 | 5.0 MEDIUM | N/A |
| Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request. | |||||
| CVE-2009-2131 | 1 4homepages | 1 4images | 2017-09-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture. | |||||
| CVE-2009-2135 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions. | |||||
| CVE-2009-2138 | 1 Tbdev | 1 Tbdev.net | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI. | |||||
| CVE-2009-2141 | 1 Tbdev | 1 Tbdev.net | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php. | |||||
| CVE-2009-2142 | 1 Zipstore | 1 Zip Store Chat | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters. | |||||
| CVE-2009-2143 | 2 Firestats, Wordpress | 2 Firestats, Wordpress | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. | |||||
| CVE-2009-2145 | 1 Pantha | 1 Translucid | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page. | |||||
| CVE-2009-2147 | 1 Phpwebthings | 1 Phpwebthings | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2148 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2149 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php. | |||||
| CVE-2009-2150 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php. | |||||
| CVE-2009-2151 | 1 Adaptweb | 1 Adaptweb | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter. | |||||
| CVE-2009-2152 | 1 Isabela Gasparini | 1 Adaptweb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action. | |||||
| CVE-2009-2153 | 1 Sappy.dk | 1 Impleo Music Collection | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | |||||
| CVE-2009-2154 | 1 Sappy.dk | 1 Impleo Music Collection | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-2167 | 1 Egyplus | 1 7ammel | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | |||||
| CVE-2009-2168 | 1 Egyplus | 1 7ammel | 2017-09-29 | 7.5 HIGH | N/A |
| cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters. | |||||
| CVE-2009-2172 | 2 Dream, Jelsoft | 2 Radio And Tv Player Addon For Vbulletin, Vbulletin | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. | |||||
| CVE-2009-2173 | 1 Gameis | 1 Carom3d | 2017-09-29 | 3.5 LOW | N/A |
| The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012. | |||||
| CVE-2009-2176 | 1 Fuzzylime | 1 Fuzzylime Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php. | |||||