Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3208 | 1 Prakashatma Mishra | 1 Phpfreebb | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php. | |||||
| CVE-2009-3209 | 1 Raizlabs | 1 Php Email Manager | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2009-3210 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2017-08-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3211 | 1 Dimofinf | 1 Infinity Script | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the options[style_dir] parameter to the default URI. | |||||
| CVE-2009-3212 | 1 Dimofinf | 1 Infinity Script | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2009-3213 | 1 Broid | 1 Broid | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file. | |||||
| CVE-2009-3221 | 1 Basicunivers.free.fr | 1 Audio Lib Player | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file. | |||||
| CVE-2009-3222 | 1 Freewebscriptz | 1 Honest Traffic | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2009-3255 | 1 Thomas Cuchta | 1 Rash | 2017-08-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI. | |||||
| CVE-2009-3259 | 1 Thomas Cuchta | 1 Rash | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RASH Quote Management System (RQMS) 1.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the search parameter in a search action, (2) the quote parameter in a quote addition, or (3) a User_Name cookie in unspecified administrative actions. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3300 | 1 Internet2 | 2 Identity Provider, Service Provider | 2017-08-17 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. | |||||
| CVE-2009-3311 | 1 Rssmediascript | 1 Rssmediascript | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2009-3320 | 1 Zenas | 1 Paolink | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2009-3355 | 1 Datetopia | 1 Buy Dating Site | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter. | |||||
| CVE-2009-3359 | 1 Datetopia | 1 Match Agency Biz | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php. | |||||
| CVE-2009-3360 | 1 Datemill | 1 Datemill | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php. | |||||
| CVE-2009-3363 | 2 Drupal, Ufku Bayburt | 2 Drupal, Bueditor | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor." | |||||
| CVE-2009-3386 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 5.0 MEDIUM | N/A |
| Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug. | |||||
| CVE-2009-3432 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 1.9 LOW | N/A |
| Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xorg or Xnewt is used and RandR is enabled, allows physically proximate attackers to read a locked screen via unknown vectors related to XRandR resize events. | |||||
| CVE-2009-4737 | 1 Justsystems | 2 Ichitaro, Ichitaro Viewer | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter." | |||||
| CVE-2009-4743 | 1 Afterlogic | 1 Webmail Pro | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters. | |||||
| CVE-2009-4744 | 1 Oicgroup | 1 Exponent Cms | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4750 | 1 Phppower | 1 Top Paidmailer | 2017-08-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2009-4751 | 1 Phppower | 1 Swinger Club Portal | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action. | |||||
| CVE-2009-4752 | 1 Phppower | 1 Swinger Club Portal | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter. | |||||
| CVE-2009-4763 | 1 Phpmyvisites | 1 Phpmyvisites | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2.4, has unknown impact and attack vectors. NOTE: due to lack of details from the vendor, it is not clear whether this is related to CVE-2008-5793. | |||||
| CVE-2009-4767 | 1 Plohni | 1 Shoutbox | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4768 | 1 Blizzard | 1 Warcraft 3 The Frozen Throne | 2017-08-17 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4771 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-17 | 5.0 MEDIUM | N/A |
| The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors. | |||||
| CVE-2009-4772 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2009-4773 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2009-4777 | 4 Hitachi, Hp, Microsoft and 1 more | 17 Job Management Partner 1\/automatic Job Management System 2-view, Job Management Partner 1\/integrated Management-view, Job Management Partner 1\/integrated Manager-console View and 14 more | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file." | |||||
| CVE-2009-4779 | 1 Robert Garrigos | 1 Nukehall | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/. | |||||
| CVE-2009-4795 | 1 Xlightftpd | 1 Xlight Ftp Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command. | |||||
| CVE-2009-4814 | 1 Wolfram | 1 Webmathematica | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers to inject arbitrary web script or HTML via the URI to the MSP script. | |||||
| CVE-2009-4816 | 1 Andy Stedemos | 1 The Uploader | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2009-4817 | 1 Element-it | 1 Ultimate Uploader | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/. | |||||
| CVE-2009-4818 | 1 Phpsimplicity | 1 Simplicity Of Upload | 2017-08-17 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. | |||||
| CVE-2009-4819 | 1 Stoverud | 1 Phphotoalbum | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/. | |||||
| CVE-2009-4820 | 1 Aspindir | 1 Angelo-emlak | 2017-08-17 | 5.0 MEDIUM | N/A |
| Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. | |||||
| CVE-2009-4822 | 1 Kasseler-cms | 1 Kasseler Cms | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters. | |||||
| CVE-2009-4825 | 1 8pixel | 1 Simple Blog | 2017-08-17 | 5.0 MEDIUM | N/A |
| 8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb. | |||||
| CVE-2009-4833 | 1 Oracle | 1 Mysql Connector\/net | 2017-08-17 | 5.8 MEDIUM | N/A |
| MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate. | |||||
| CVE-2009-4846 | 1 Deliantra | 1 Deliantra | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Deliantra Server before 2.82 allow remote attackers to execute arbitrary code via vectors related to (1) the command_gsay function in server/c_party.C and (2) the book implementation. | |||||
| CVE-2009-4847 | 1 Deliantra | 1 Deliantra | 2017-08-17 | 4.0 MEDIUM | N/A |
| Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list. | |||||
| CVE-2009-4850 | 1 Awingsoft | 1 Awakening Winds3d Viewer Plugin | 2017-08-17 | 9.3 HIGH | N/A |
| The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file. | |||||
| CVE-2009-4853 | 2 Foswiki, Jumpbox | 2 Foswiki, Jumpbox | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4856 | 1 Ecomstudio | 1 Php Easy Shopping Cart | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2009-4857 | 1 Ecomstudio | 1 Php Photo Vote1.3f | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2009-4864 | 1 I-escorts | 2 I-escorts Agency Script, I-escorts Directory Script | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information. | |||||