Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4616 | 1 Myrephp | 1 Myre Holiday Rental Manager | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter. | |||||
| CVE-2009-4617 | 1 Tourismscripts | 1 Tourism Script Accomodation Hotel Booking Portal Script | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php. | |||||
| CVE-2009-4618 | 1 Tourismscripts | 1 Bus Script | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php. | |||||
| CVE-2009-4619 | 2 Joomla, Lucygames | 2 Joomla\!, Com Lucygames | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4620 | 2 Joomla, Joomloc | 2 Joomla\!, Com Joomloc | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | |||||
| CVE-2009-4621 | 2 Discuz, Patching | 2 Discuz\!, Jianghu Inn | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php. | |||||
| CVE-2009-4622 | 1 Legrinder | 1 Drunken\ | 2017-09-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0.5.1 alpha 2 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-0572. | |||||
| CVE-2009-4624 | 1 Nicecoder | 1 Idesk | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843. | |||||
| CVE-2009-4625 | 2 Joomla, Tamlyncreative | 2 Joomla\!, Com Bfsurvey Profree | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php. | |||||
| CVE-2009-4626 | 1 Phpnagios | 1 Phpnagios | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter. | |||||
| CVE-2009-4627 | 1 Dan Brown | 1 Moa Gallery | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614. | |||||
| CVE-2009-4628 | 2 Joomla, Templateplaza | 2 Joomla\!, Com Tpdugg | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php. | |||||
| CVE-2009-4656 | 1 E-soft.co | 1 Dj Studio Pro | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4657 | 1 Omidrouhani | 1 Xerver | 2017-09-19 | 7.5 HIGH | N/A |
| The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1. | |||||
| CVE-2009-4658 | 1 Omidrouhani | 1 Xerver | 2017-09-19 | 4.0 MEDIUM | N/A |
| Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657. | |||||
| CVE-2009-4659 | 1 Mp3-cutter | 1 Ease Audio Cutter | 2017-09-19 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in MP3-Cutter Ease Audio Cutter 1.20 allows user-assisted remote attackers to cause a denial of service (application crash) via a long string in a WAV file. | |||||
| CVE-2009-4660 | 1 Bigantsoft | 1 Bigant Messenger | 2017-09-19 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660. | |||||
| CVE-2009-4661 | 1 Bigantsoft | 1 Bigant Server | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item. | |||||
| CVE-2009-4663 | 1 Quiksoft | 1 Easymail Objects | 2017-09-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX control allows remote attackers to execute arbitrary code via a long argument to the AddAttachment method. | |||||
| CVE-2009-4665 | 1 Cutesoft Components | 1 Cute Editor For Asp.net | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2009-4666 | 1 Qualityunit | 1 Download Protect | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Webradev Download Protect 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[RootPath] parameter to (1) Framework/EmailTemplates.class.php, (2) Customers/PDPEmailReplaceConstants.class.php, and (3) Admin/ResellersManager.class.php in includes/DProtect/. | |||||
| CVE-2009-4667 | 1 Phpmember | 1 Webmember | 2017-09-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter. | |||||
| CVE-2009-4669 | 1 Beaussier | 1 Roomphplanning | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/userform.php. | |||||
| CVE-2009-4670 | 1 Beaussier | 1 Roomphplanning | 2017-09-19 | 7.5 HIGH | N/A |
| admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter. | |||||
| CVE-2009-4671 | 1 Beaussier | 1 Roomphplanning | 2017-09-19 | 7.5 HIGH | N/A |
| Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account. | |||||
| CVE-2009-4672 | 2 Grupenet, Wordpress | 2 Wp-lytebox, Wordpress | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter. | |||||
| CVE-2009-4673 | 1 Mole-group | 1 Adult Portal Script | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2009-4674 | 1 Mole-group | 2 Bus Ticket Script, Sky Hunter Airline Ticket Sale Script | 2017-09-19 | 7.5 HIGH | N/A |
| admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field. | |||||
| CVE-2009-4675 | 1 Mole-group | 1 Gastro Portal \(restaurant Directory\) Script | 2017-09-19 | 7.5 HIGH | N/A |
| admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission. | |||||
| CVE-2009-4680 | 1 Phpdirectorysource | 1 Phpdirectorysource | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter. | |||||
| CVE-2009-4681 | 1 Phpdirectorysource | 1 Phpdirectorysource | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter. | |||||
| CVE-2009-4682 | 1 Scriptsez | 1 Good\/bad Vote | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action. | |||||
| CVE-2009-4683 | 1 Scriptsez | 1 Good\/bad Vote | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4687 | 1 Hypersilence | 1 Silentum Guestbook | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter. | |||||
| CVE-2009-4692 | 1 Radscripts | 1 Radlance | 2017-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action. | |||||
| CVE-2009-4693 | 1 Grafxsoftware | 1 Minicwb | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/. | |||||
| CVE-2009-4695 | 1 Radscripts | 1 Radlance | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. | |||||
| CVE-2009-4696 | 1 Radscripts | 1 Radnics | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. | |||||
| CVE-2009-4697 | 1 Radscripts | 1 Radnics | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action. | |||||
| CVE-2009-4698 | 2 Alexandre Amaral, Xoops | 2 Xoops Celepar, Xoops | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php. | |||||
| CVE-2009-4699 | 1 Skadate | 1 Skadate Online Dating Software | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php. | |||||
| CVE-2009-4700 | 1 Skadate | 1 Skadate Online Dating Software | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter. | |||||
| CVE-2009-4713 | 1 Alexandre Amaral | 1 Xoops Celepar | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php. | |||||
| CVE-2009-4721 | 1 Andrews-web | 1 Aw-bannerad | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4722 | 1 Limny | 1 Limny | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-4723 | 1 Netpet | 1 Netpet Cms | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2009-4724 | 1 Paymentprocessorscript | 1 Ppscript | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-4725 | 1 Arabportal | 1 Arab Portal | 2017-09-19 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2009-4726 | 1 Olivier Michaud Pierre-yves | 1 Quickdev4php | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2009-4727 | 1 Junglescripts | 1 Ajax Short Url Script | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||