Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1345 | 1 Cpcommerce | 1 Cpcommerce | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter. | |||||
| CVE-2009-1346 | 1 Interguias | 1 Nethoteles | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter. | |||||
| CVE-2009-1347 | 1 Chcounter | 1 Chcounter | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field). | |||||
| CVE-2009-1351 | 1 Heikki Ylinen | 1 Apollo | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file. | |||||
| CVE-2009-1352 | 1 Dawningsoft | 1 Powerchm | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL. | |||||
| CVE-2009-1355 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename. | |||||
| CVE-2009-1356 | 1 Elecard | 1 Elecard Avc Hd Player | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file. | |||||
| CVE-2009-1367 | 1 Mozilo | 1 Mozilocms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a. | |||||
| CVE-2009-1368 | 1 Mozilo | 1 Mozilocms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3. | |||||
| CVE-2009-1369 | 1 Mozilo | 1 Mozilocms | 2017-09-29 | 5.0 MEDIUM | N/A |
| moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message. | |||||
| CVE-2009-1370 | 1 Xilisoft | 1 Xilisoft Video Converter | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file. | |||||
| CVE-2009-1373 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 7.1 HIGH | N/A |
| Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1374 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 5.0 MEDIUM | N/A |
| Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. | |||||
| CVE-2009-1375 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 5.0 MEDIUM | N/A |
| The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. | |||||
| CVE-2009-1376 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927. | |||||
| CVE-2009-1379 | 1 Openssl | 1 Openssl | 2017-09-29 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. | |||||
| CVE-2009-1403 | 1 Creloaded | 1 Cre Loaded | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
| CVE-2009-1404 | 1 Pastel | 1 Pastelcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter. | |||||
| CVE-2009-1405 | 1 Pastel | 1 Pastelcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set_lng parameter. | |||||
| CVE-2009-1406 | 1 Sweetphp | 1 Totalcalendar | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter. | |||||
| CVE-2009-1407 | 1 Wonko | 1 Notftp | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a certain languages[][file] parameter. | |||||
| CVE-2009-1409 | 1 E107 | 1 E107 | 2017-09-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320. | |||||
| CVE-2009-1410 | 1 Opensolution | 1 Quick.cms.lite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1411 | 1 Neocrome | 1 Seditio | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php. | |||||
| CVE-2009-1427 | 1 Hp | 1 Hpux | 2017-09-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call. | |||||
| CVE-2009-1444 | 1 Webportal | 1 Webportal Cms | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter. | |||||
| CVE-2009-1445 | 1 Ivano Culmine | 1 Webportal Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php. | |||||
| CVE-2009-1446 | 1 Elkagroup | 1 Image Gallery | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1447 | 1 E-cart | 1 Free Shopping Cart | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. | |||||
| CVE-2009-1449 | 1 Coolplayer | 1 Coolplayer | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.1 allows remote attackers to execute arbitrary code via a skin file (skin.ini) with a large PlaylistSkin parameter. NOTE: this may overlap CVE-2008-5735. | |||||
| CVE-2009-1450 | 1 Bluevirus-design | 1 Sma-db | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter. | |||||
| CVE-2009-1451 | 1 Bluevirus-design | 1 Sma-db | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2009-1452 | 1 Bluevirus-design | 1 Sma-db | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450. | |||||
| CVE-2009-1483 | 1 Studiolounge | 1 Address Book | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/. | |||||
| CVE-2009-1486 | 1 Ninjadesigns | 1 Flatchat | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter. | |||||
| CVE-2009-1487 | 1 Rens Rikkerink | 1 Fungamez | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages/login.php in FunGamez RC1 allows remote attackers to execute arbitrary SQL commands via the login_user (aka username) parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1488 | 1 Rens Rikkerink | 1 Fungamez | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php. | |||||
| CVE-2009-1489 | 1 Rens Rikkerink | 1 Fungamez | 2017-09-29 | 7.5 HIGH | N/A |
| includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter. | |||||
| CVE-2009-1493 | 2 Adobe, Linux | 2 Reader, Linux | 2017-09-29 | 6.8 MEDIUM | N/A |
| The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument. | |||||
| CVE-2009-1495 | 1 Webfileexplorer | 1 Web File Explorer | 2017-09-29 | 5.0 MEDIUM | N/A |
| Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb. | |||||
| CVE-2009-1496 | 2 Ijobid, Joomla | 2 Com Cmimarketplace, Joomla | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. | |||||
| CVE-2009-1498 | 1 Idb | 1 Idb | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in inc/profilemain.php in Game Maker 2k Internet Discussion Boards (iDB) 0.2.5 Pre-Alpha SVN 243 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter in a settings action to profile.php. | |||||
| CVE-2009-1499 | 1 Joomla | 2 Com Mailto, Joomla\! | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor. | |||||
| CVE-2009-1502 | 1 Matteoiammarrone | 1 S-cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||||
| CVE-2009-1503 | 1 Tigerdms | 1 Tigerdms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-1504 | 1 Xigla | 1 Absolute Control Panel Xe | 2017-09-29 | 7.5 HIGH | N/A |
| Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1." | |||||
| CVE-2009-1506 | 1 Intelliants | 1 Elitius | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php. | |||||
| CVE-2009-1508 | 1 Keir Davis | 1 X-forum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php. | |||||
| CVE-2009-1509 | 1 Myiosoft | 1 Ajaxportal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2009-1510 | 1 Koschtit | 1 Koschtit Image Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in KoschtIT Image Gallery 1.82 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the file parameter to (1) ki_makepic.php and (2) ki_nojsdisplayimage.php in ki_base/. | |||||