| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-1036 | 0.00 | — | 0.01 | Mar 20, 2009 | Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI. | |||
| CVE-2009-1035 | 0.00 | — | 0.01 | Mar 20, 2009 | Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS). | |||
| CVE-2009-1034 | 0.00 | — | 0.02 | Mar 20, 2009 | SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI. | |||
| CVE-2009-1033 | 0.03 | — | 0.01 | Mar 20, 2009 | SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503. | |||
| CVE-2009-1032 | 0.03 | — | 0.01 | Mar 20, 2009 | SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter. | |||
| CVE-2008-6503 | 0.03 | — | 0.02 | Mar 20, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php. | |||
| CVE-2008-6502 | 0.03 | — | 0.01 | Mar 20, 2009 | Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to… | |||
| CVE-2008-6501 | 0.03 | — | 0.01 | Mar 20, 2009 | Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter. | |||
| CVE-2008-6500 | 0.03 | — | 0.01 | Mar 20, 2009 | Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. | |||
| CVE-2009-1031 | 0.04 | — | 0.11 | Mar 20, 2009 | Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request. | |||
| CVE-2009-1030 | 0.03 | — | 0.05 | Mar 20, 2009 | Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | |||
| CVE-2009-1029 | 0.06 | — | 0.32 | Mar 20, 2009 | Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll. | |||
| CVE-2009-1028 | 0.06 | — | 0.33 | Mar 20, 2009 | Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file. | |||
| CVE-2009-1027 | 0.00 | — | 0.02 | Mar 20, 2009 | SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||
| CVE-2009-1026 | 0.03 | — | 0.01 | Mar 20, 2009 | Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||
| CVE-2009-1025 | 0.05 | — | 0.30 | Mar 20, 2009 | PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||
| CVE-2009-1024 | 0.03 | — | 0.01 | Mar 20, 2009 | Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors. | |||
| CVE-2009-1023 | 0.03 | — | 0.01 | Mar 20, 2009 | SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter. | |||
| CVE-2009-1022 | 0.04 | — | 0.07 | Mar 20, 2009 | Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a long text field in a… | |||
| CVE-2008-6499 | 0.03 | — | 0.02 | Mar 20, 2009 | security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1. | |||
| CVE-2008-6498 | 0.03 | — | 0.01 | Mar 20, 2009 | Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter. | |||
| CVE-2008-6497 | 0.04 | — | 0.10 | Mar 20, 2009 | The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI. | |||
| CVE-2008-6496 | 0.03 | — | 0.03 | Mar 20, 2009 | Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method. | |||
| CVE-2008-6495 | 0.03 | — | 0.04 | Mar 20, 2009 | Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | |||
| CVE-2008-6494 | 0.03 | — | 0.02 | Mar 20, 2009 | ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb. | |||
| CVE-2008-6493 | 0.03 | — | 0.02 | Mar 20, 2009 | Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb. | |||
| CVE-2008-6492 | 0.03 | — | 0.04 | Mar 20, 2009 | Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE:… | |||
| CVE-2009-0971 | 0.00 | — | 0.01 | Mar 19, 2009 | Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2009-0970 | 0.00 | — | 0.02 | Mar 19, 2009 | PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter. NOTE: the provenance of this information is unknown; the… | |||
| CVE-2009-0969 | 0.00 | — | 0.01 | Mar 19, 2009 | Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action. | |||
| CVE-2009-0968 | 0.03 | — | 0.04 | Mar 19, 2009 | SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-0967 | 0.04 | — | 0.07 | Mar 19, 2009 | The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument. | |||
| CVE-2009-0966 | 0.03 | — | 0.03 | Mar 19, 2009 | PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | |||
| CVE-2009-0965 | 0.03 | — | 0.01 | Mar 19, 2009 | SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php. | |||
| CVE-2009-0964 | Hig | 0.52 | 7.5 | 0.02 | Mar 19, 2009 | UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication. | ||
| CVE-2009-0963 | 0.03 | — | 0.02 | Mar 19, 2009 | Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php. | |||
| CVE-2009-0927 | Hig | 0.80 | 8.8 | 0.97 | KEV | Mar 19, 2009 | Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658. | |
| CVE-2009-0661 | 0.00 | — | 0.03 | Mar 19, 2009 | Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read. | |||
| CVE-2008-6491 | 0.03 | — | 0.02 | Mar 19, 2009 | PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-6490 | 0.03 | — | 0.04 | Mar 19, 2009 | function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using… | |||
| CVE-2008-6489 | 0.03 | — | 0.01 | Mar 19, 2009 | SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php. | |||
| CVE-2009-0962 | 0.00 | — | 0.02 | Mar 19, 2009 | Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI eCommerce 1.3.0 and earlier, and CGI Professional 3.2.2 and earlier, allows remote attackers to gain administrative privileges via unknown attack vectors. | |||
| CVE-2009-0941 | 0.00 | — | 0.03 | Mar 18, 2009 | The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. | |||
| CVE-2009-0940 | 0.00 | — | 0.01 | Mar 18, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via… | |||
| CVE-2009-0538 | 0.00 | — | 0.00 | Mar 18, 2009 | Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a… | |||
| CVE-2008-6488 | 0.03 | — | 0.01 | Mar 18, 2009 | SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action. | |||
| CVE-2008-6487 | 0.03 | — | 0.01 | Mar 18, 2009 | Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields. | |||
| CVE-2008-6486 | 0.00 | — | 0.01 | Mar 18, 2009 | PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter. | |||
| CVE-2008-6485 | 0.03 | — | 0.01 | Mar 18, 2009 | SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter. | |||
| CVE-2008-6484 | 0.03 | — | 0.01 | Mar 18, 2009 | SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field. |
- CVE-2009-1036Mar 20, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.
- CVE-2009-1035Mar 20, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).
- CVE-2009-1034Mar 20, 2009risk 0.00cvss —epss 0.02
SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.
- CVE-2009-1033Mar 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
- CVE-2009-1032Mar 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter.
- CVE-2008-6503Mar 20, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
- CVE-2008-6502Mar 20, 2009risk 0.03cvss —epss 0.01
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to…
- CVE-2008-6501Mar 20, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter.
- CVE-2008-6500Mar 20, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
- CVE-2009-1031Mar 20, 2009risk 0.04cvss —epss 0.11
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
- CVE-2009-1030Mar 20, 2009risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
- CVE-2009-1029Mar 20, 2009risk 0.06cvss —epss 0.32
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
- CVE-2009-1028Mar 20, 2009risk 0.06cvss —epss 0.33
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
- CVE-2009-1027Mar 20, 2009risk 0.00cvss —epss 0.02
SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.
- CVE-2009-1026Mar 20, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
- CVE-2009-1025Mar 20, 2009risk 0.05cvss —epss 0.30
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
- CVE-2009-1024Mar 20, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors.
- CVE-2009-1023Mar 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
- CVE-2009-1022Mar 20, 2009risk 0.04cvss —epss 0.07
Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a long text field in a…
- CVE-2008-6499Mar 20, 2009risk 0.03cvss —epss 0.02
security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1.
- CVE-2008-6498Mar 20, 2009risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
- CVE-2008-6497Mar 20, 2009risk 0.04cvss —epss 0.10
The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI.
- CVE-2008-6496Mar 20, 2009risk 0.03cvss —epss 0.03
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.
- CVE-2008-6495Mar 20, 2009risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
- CVE-2008-6494Mar 20, 2009risk 0.03cvss —epss 0.02
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.
- CVE-2008-6493Mar 20, 2009risk 0.03cvss —epss 0.02
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb.
- CVE-2008-6492Mar 20, 2009risk 0.03cvss —epss 0.04
Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE:…
- CVE-2009-0971Mar 19, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2009-0970Mar 19, 2009risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter. NOTE: the provenance of this information is unknown; the…
- CVE-2009-0969Mar 19, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action.
- CVE-2009-0968Mar 19, 2009risk 0.03cvss —epss 0.04
SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.
- CVE-2009-0967Mar 19, 2009risk 0.04cvss —epss 0.07
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.
- CVE-2009-0966Mar 19, 2009risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
- CVE-2009-0965Mar 19, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php.
- risk 0.52cvss 7.5epss 0.02
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
- CVE-2009-0963Mar 19, 2009risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
- risk 0.80cvss 8.8epss 0.97
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
- CVE-2009-0661Mar 19, 2009risk 0.00cvss —epss 0.03
Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.
- CVE-2008-6491Mar 19, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-6490Mar 19, 2009risk 0.03cvss —epss 0.04
function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using…
- CVE-2008-6489Mar 19, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php.
- CVE-2009-0962Mar 19, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI eCommerce 1.3.0 and earlier, and CGI Professional 3.2.2 and earlier, allows remote attackers to gain administrative privileges via unknown attack vectors.
- CVE-2009-0941Mar 18, 2009risk 0.00cvss —epss 0.03
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.
- CVE-2009-0940Mar 18, 2009risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via…
- CVE-2009-0538Mar 18, 2009risk 0.00cvss —epss 0.00
Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a…
- CVE-2008-6488Mar 18, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.
- CVE-2008-6487Mar 18, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields.
- CVE-2008-6486Mar 18, 2009risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter.
- CVE-2008-6485Mar 18, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter.
- CVE-2008-6484Mar 18, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.