| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6189 | 0.03 | — | 0.02 | Feb 19, 2009 | SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php. | |||
| CVE-2008-6188 | 0.03 | — | 0.01 | Feb 19, 2009 | SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter. | |||
| CVE-2008-6187 | 0.03 | — | 0.01 | Feb 19, 2009 | SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter. | |||
| CVE-2008-6186 | 0.03 | — | 0.05 | Feb 19, 2009 | Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands. | |||
| CVE-2008-6185 | 0.03 | — | 0.03 | Feb 19, 2009 | NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command. | |||
| CVE-2008-6184 | 0.03 | — | 0.01 | Feb 19, 2009 | SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php. | |||
| CVE-2008-6183 | 0.03 | — | 0.03 | Feb 19, 2009 | Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters. | |||
| CVE-2008-6182 | 0.03 | — | 0.02 | Feb 19, 2009 | SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php. | |||
| CVE-2008-6181 | 0.03 | — | 0.01 | Feb 19, 2009 | SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php. | |||
| CVE-2008-6180 | 0.03 | — | 0.02 | Feb 19, 2009 | SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie. | |||
| CVE-2008-6179 | 0.03 | — | 0.01 | Feb 19, 2009 | SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069. | |||
| CVE-2009-0648 | 0.00 | — | 0.01 | Feb 19, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in the manage_users handler in admin/index.php in Falt4 CMS (aka Falt4 Extreme) RC4 allow remote attackers to hijack the authentication of administrators for requests that change passwords via the (1) edit and (2)… | |||
| CVE-2009-0647 | 0.01 | — | 0.17 | Feb 19, 2009 | msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the… | |||
| CVE-2008-6178 | 0.04 | — | 0.08 | Feb 19, 2009 | Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a… | |||
| CVE-2008-6177 | 0.03 | — | 0.02 | Feb 19, 2009 | Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2) username_post parameter to login.php,… | |||
| CVE-2008-6175 | 0.03 | — | 0.06 | Feb 19, 2009 | SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command. | |||
| CVE-2008-6174 | 0.03 | — | 0.01 | Feb 19, 2009 | Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter. | |||
| CVE-2008-6173 | 0.03 | — | 0.01 | Feb 19, 2009 | Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||
| CVE-2008-6172 | 0.04 | — | 0.12 | Feb 19, 2009 | Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img… | |||
| CVE-2008-4392 | 0.00 | — | 0.02 | Feb 19, 2009 | dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority… | |||
| CVE-2008-6171 | 0.00 | — | 0.04 | Feb 19, 2009 | includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||
| CVE-2008-6170 | 0.00 | — | 0.02 | Feb 19, 2009 | Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title. | |||
| CVE-2008-6169 | 0.00 | — | 0.01 | Feb 19, 2009 | Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as… | |||
| CVE-2008-6168 | 0.03 | — | 0.01 | Feb 19, 2009 | Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string. | |||
| CVE-2008-6167 | 0.03 | — | 0.02 | Feb 19, 2009 | Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lng parameter. | |||
| CVE-2008-6166 | 0.03 | — | 0.01 | Feb 19, 2009 | SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php. | |||
| CVE-2008-6165 | 0.03 | — | 0.01 | Feb 19, 2009 | SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters. | |||
| CVE-2009-0646 | 0.03 | — | 0.04 | Feb 18, 2009 | Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to… | |||
| CVE-2009-0645 | 0.04 | — | 0.06 | Feb 18, 2009 | Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445. | |||
| CVE-2005-4878 | 0.00 | — | 0.01 | Feb 18, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow… | |||
| CVE-2009-0644 | 0.00 | — | 0.01 | Feb 18, 2009 | The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access. | |||
| CVE-2009-0639 | 0.03 | — | 0.03 | Feb 18, 2009 | PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter. | |||
| CVE-2009-0310 | 0.00 | — | 0.00 | Feb 18, 2009 | Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings." | |||
| CVE-2008-6161 | 0.00 | — | 0.01 | Feb 18, 2009 | Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-6160 | 0.00 | — | 0.02 | Feb 18, 2009 | Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. | |||
| CVE-2008-6159 | 0.00 | — | 0.01 | Feb 18, 2009 | Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function. | |||
| CVE-2009-0613 | 0.00 | — | 0.01 | Feb 17, 2009 | Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages. | |||
| CVE-2009-0612 | 0.00 | — | 0.02 | Feb 17, 2009 | Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain… | |||
| CVE-2009-0611 | 0.03 | — | 0.02 | Feb 17, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a… | |||
| CVE-2009-0610 | 0.03 | — | 0.05 | Feb 17, 2009 | Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance… | |||
| CVE-2009-0609 | 0.00 | — | 0.03 | Feb 17, 2009 | Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of… | |||
| CVE-2009-0608 | 0.00 | — | 0.00 | Feb 17, 2009 | Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines. | |||
| CVE-2009-0607 | 0.00 | — | 0.00 | Feb 17, 2009 | Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions. | |||
| CVE-2009-0606 | 0.00 | — | 0.00 | Feb 17, 2009 | The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by… | |||
| CVE-2009-0605 | 0.00 | — | 0.00 | Feb 17, 2009 | Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine… | |||
| CVE-2009-0504 | 0.00 | — | 0.00 | Feb 17, 2009 | WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. | |||
| CVE-2009-0363 | 0.00 | — | 0.03 | Feb 17, 2009 | Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and… | |||
| CVE-2009-0359 | 0.00 | — | 0.01 | Feb 17, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name. | |||
| CVE-2008-6158 | 0.03 | — | 0.03 | Feb 17, 2009 | Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors. | |||
| CVE-2008-6157 | Hig | 0.52 | 7.5 | 0.03 | Feb 17, 2009 | SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information. |
- CVE-2008-6189Feb 19, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
- CVE-2008-6188Feb 19, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
- CVE-2008-6187Feb 19, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.
- CVE-2008-6186Feb 19, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands.
- CVE-2008-6185Feb 19, 2009risk 0.03cvss —epss 0.03
NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command.
- CVE-2008-6184Feb 19, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.
- CVE-2008-6183Feb 19, 2009risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters.
- CVE-2008-6182Feb 19, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
- CVE-2008-6181Feb 19, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.
- CVE-2008-6180Feb 19, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.
- CVE-2008-6179Feb 19, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069.
- CVE-2009-0648Feb 19, 2009risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the manage_users handler in admin/index.php in Falt4 CMS (aka Falt4 Extreme) RC4 allow remote attackers to hijack the authentication of administrators for requests that change passwords via the (1) edit and (2)…
- CVE-2009-0647Feb 19, 2009risk 0.01cvss —epss 0.17
msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the…
- CVE-2008-6178Feb 19, 2009risk 0.04cvss —epss 0.08
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a…
- CVE-2008-6177Feb 19, 2009risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2) username_post parameter to login.php,…
- CVE-2008-6175Feb 19, 2009risk 0.03cvss —epss 0.06
SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command.
- CVE-2008-6174Feb 19, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter.
- CVE-2008-6173Feb 19, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
- CVE-2008-6172Feb 19, 2009risk 0.04cvss —epss 0.12
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img…
- CVE-2008-4392Feb 19, 2009risk 0.00cvss —epss 0.02
dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority…
- CVE-2008-6171Feb 19, 2009risk 0.00cvss —epss 0.04
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
- CVE-2008-6170Feb 19, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.
- CVE-2008-6169Feb 19, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as…
- CVE-2008-6168Feb 19, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string.
- CVE-2008-6167Feb 19, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lng parameter.
- CVE-2008-6166Feb 19, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
- CVE-2008-6165Feb 19, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters.
- CVE-2009-0646Feb 18, 2009risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to…
- CVE-2009-0645Feb 18, 2009risk 0.04cvss —epss 0.06
Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445.
- CVE-2005-4878Feb 18, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow…
- CVE-2009-0644Feb 18, 2009risk 0.00cvss —epss 0.01
The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access.
- CVE-2009-0639Feb 18, 2009risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.
- CVE-2009-0310Feb 18, 2009risk 0.00cvss —epss 0.00
Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings."
- CVE-2008-6161Feb 18, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-6160Feb 18, 2009risk 0.00cvss —epss 0.02
Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors.
- CVE-2008-6159Feb 18, 2009risk 0.00cvss —epss 0.01
Content Management Made Easy (CMME) 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function.
- CVE-2009-0613Feb 17, 2009risk 0.00cvss —epss 0.01
Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages.
- CVE-2009-0612Feb 17, 2009risk 0.00cvss —epss 0.02
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain…
- CVE-2009-0611Feb 17, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a…
- CVE-2009-0610Feb 17, 2009risk 0.03cvss —epss 0.05
Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance…
- CVE-2009-0609Feb 17, 2009risk 0.00cvss —epss 0.03
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of…
- CVE-2009-0608Feb 17, 2009risk 0.00cvss —epss 0.00
Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines.
- CVE-2009-0607Feb 17, 2009risk 0.00cvss —epss 0.00
Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions.
- CVE-2009-0606Feb 17, 2009risk 0.00cvss —epss 0.00
The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by…
- CVE-2009-0605Feb 17, 2009risk 0.00cvss —epss 0.00
Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine…
- CVE-2009-0504Feb 17, 2009risk 0.00cvss —epss 0.00
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.
- CVE-2009-0363Feb 17, 2009risk 0.00cvss —epss 0.03
Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and…
- CVE-2009-0359Feb 17, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.
- CVE-2008-6158Feb 17, 2009risk 0.03cvss —epss 0.03
Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors.
- risk 0.52cvss 7.5epss 0.03
SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.