| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-0379 | 0.03 | — | 0.01 | Feb 2, 2009 | SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761. | |||
| CVE-2009-0378 | 0.03 | — | 0.01 | Feb 2, 2009 | Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action. | |||
| CVE-2009-0377 | 0.03 | — | 0.01 | Feb 2, 2009 | SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132. | |||
| CVE-2009-0374 | 0.03 | — | 0.02 | Jan 30, 2009 | Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue,… | |||
| CVE-2009-0373 | 0.03 | — | 0.01 | Jan 30, 2009 | SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php. | |||
| CVE-2009-0372 | 0.03 | — | 0.03 | Jan 30, 2009 | Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then… | |||
| CVE-2009-0371 | 0.03 | — | 0.02 | Jan 30, 2009 | Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter. | |||
| CVE-2009-0370 | 0.00 | — | 0.00 | Jan 30, 2009 | Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files." | |||
| CVE-2009-0369 | 0.04 | — | 0.11 | Jan 30, 2009 | Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. | |||
| CVE-2009-0204 | 0.00 | — | 0.03 | Jan 30, 2009 | Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-0034 | Hig | 0.51 | 7.8 | 0.00 | Jan 30, 2009 | parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via… | ||
| CVE-2008-5082 | 0.00 | — | 0.01 | Jan 30, 2009 | The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users… | |||
| CVE-2008-6016 | 0.03 | — | 0.01 | Jan 30, 2009 | SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952. NOTE: the provenance of this information is unknown; the details are obtained solely from third… | |||
| CVE-2008-6015 | 0.00 | — | 0.01 | Jan 30, 2009 | Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-6014 | 0.03 | — | 0.01 | Jan 30, 2009 | SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-6013 | 0.00 | — | 0.01 | Jan 30, 2009 | Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 allow remote attackers to execute arbitrary SQL commands via unspecified vectors involving the (1) advanced search result and (2) service resource pages. | |||
| CVE-2008-6012 | 0.03 | — | 0.02 | Jan 30, 2009 | Directory traversal vulnerability in index.php in Pritlog 0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a viewEntry action. | |||
| CVE-2008-6011 | 0.03 | — | 0.01 | Jan 30, 2009 | SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||
| CVE-2008-6010 | 0.03 | — | 0.03 | Jan 30, 2009 | Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to… | |||
| CVE-2008-6009 | 0.03 | — | 0.03 | Jan 30, 2009 | SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1. | |||
| CVE-2008-6008 | 0.00 | — | 0.01 | Jan 30, 2009 | hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb. | |||
| CVE-2008-6007 | 0.03 | — | 0.01 | Jan 30, 2009 | SQL injection vulnerability in view_group.php in QuidaScript BookMarks Favourites Script (APB) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-6006 | 0.03 | — | 0.02 | Jan 30, 2009 | Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/. | |||
| CVE-2009-0351 | 0.03 | — | 0.05 | Jan 29, 2009 | Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remote authenticated users to execute arbitrary code via a long LIST argument beginning with an * (asterisk) character. | |||
| CVE-2009-0350 | 0.04 | — | 0.10 | Jan 29, 2009 | Stack-based buffer overflow in Merak Media Player 3.2 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file, related to the status bar icon's tooltip. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-0349 | 0.03 | — | 0.06 | Jan 29, 2009 | Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file. | |||
| CVE-2009-0348 | 0.04 | — | 0.08 | Jan 29, 2009 | The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||
| CVE-2009-0347 | 0.04 | — | 0.10 | Jan 29, 2009 | Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | |||
| CVE-2009-0346 | 0.00 | — | 0.00 | Jan 29, 2009 | The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection. | |||
| CVE-2009-0345 | 0.00 | — | 0.03 | Jan 29, 2009 | Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown… | |||
| CVE-2009-0344 | 0.00 | — | 0.03 | Jan 29, 2009 | Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown… | |||
| CVE-2009-0343 | 0.03 | — | 0.01 | Jan 29, 2009 | Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in… | |||
| CVE-2009-0342 | 0.00 | — | 0.00 | Jan 29, 2009 | Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall. | |||
| CVE-2009-0341 | 0.04 | — | 0.15 | Jan 29, 2009 | The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. | |||
| CVE-2009-0340 | 0.03 | — | 0.02 | Jan 29, 2009 | Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php. | |||
| CVE-2009-0339 | 0.03 | — | 0.01 | Jan 29, 2009 | SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action. | |||
| CVE-2009-0338 | 0.03 | — | 0.02 | Jan 29, 2009 | Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action. | |||
| CVE-2009-0337 | 0.03 | — | 0.01 | Jan 29, 2009 | SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2009-0336 | 0.03 | — | 0.02 | Jan 29, 2009 | Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained… | |||
| CVE-2009-0335 | 0.03 | — | 0.01 | Jan 29, 2009 | Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter. | |||
| CVE-2009-0334 | 0.03 | — | 0.01 | Jan 29, 2009 | SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action. | |||
| CVE-2009-0333 | 0.03 | — | 0.01 | Jan 29, 2009 | SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | |||
| CVE-2009-0332 | 0.00 | — | 0.01 | Jan 29, 2009 | Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components. | |||
| CVE-2009-0331 | 0.03 | — | 0.03 | Jan 29, 2009 | Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this… | |||
| CVE-2009-0330 | 0.03 | — | 0.02 | Jan 29, 2009 | Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. | |||
| CVE-2009-0329 | 0.03 | — | 0.01 | Jan 29, 2009 | SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844. | |||
| CVE-2009-0328 | 0.04 | — | 0.07 | Jan 29, 2009 | ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for… | |||
| CVE-2009-0327 | 0.03 | — | 0.01 | Jan 29, 2009 | SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||
| CVE-2009-0326 | 0.03 | — | 0.01 | Jan 29, 2009 | SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2009-0325 | 0.03 | — | 0.03 | Jan 29, 2009 | Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter. |
- CVE-2009-0379Feb 2, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
- CVE-2009-0378Feb 2, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
- CVE-2009-0377Feb 2, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
- CVE-2009-0374Jan 30, 2009risk 0.03cvss —epss 0.02
Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue,…
- CVE-2009-0373Jan 30, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
- CVE-2009-0372Jan 30, 2009risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a users editProfile action, then…
- CVE-2009-0371Jan 30, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
- CVE-2009-0370Jan 30, 2009risk 0.00cvss —epss 0.00
Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."
- CVE-2009-0369Jan 30, 2009risk 0.04cvss —epss 0.11
Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.
- CVE-2009-0204Jan 30, 2009risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via…
- CVE-2008-5082Jan 30, 2009risk 0.00cvss —epss 0.01
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users…
- CVE-2008-6016Jan 30, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952. NOTE: the provenance of this information is unknown; the details are obtained solely from third…
- CVE-2008-6015Jan 30, 2009risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-6014Jan 30, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-6013Jan 30, 2009risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 allow remote attackers to execute arbitrary SQL commands via unspecified vectors involving the (1) advanced search result and (2) service resource pages.
- CVE-2008-6012Jan 30, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in Pritlog 0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a viewEntry action.
- CVE-2008-6011Jan 30, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
- CVE-2008-6010Jan 30, 2009risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to…
- CVE-2008-6009Jan 30, 2009risk 0.03cvss —epss 0.03
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1.
- CVE-2008-6008Jan 30, 2009risk 0.00cvss —epss 0.01
hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb.
- CVE-2008-6007Jan 30, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in view_group.php in QuidaScript BookMarks Favourites Script (APB) allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-6006Jan 30, 2009risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/.
- CVE-2009-0351Jan 29, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remote authenticated users to execute arbitrary code via a long LIST argument beginning with an * (asterisk) character.
- CVE-2009-0350Jan 29, 2009risk 0.04cvss —epss 0.10
Stack-based buffer overflow in Merak Media Player 3.2 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file, related to the status bar icon's tooltip. NOTE: some of these details are obtained from third party information.
- CVE-2009-0349Jan 29, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file.
- CVE-2009-0348Jan 29, 2009risk 0.04cvss —epss 0.08
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
- CVE-2009-0347Jan 29, 2009risk 0.04cvss —epss 0.10
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
- CVE-2009-0346Jan 29, 2009risk 0.00cvss —epss 0.00
The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection.
- CVE-2009-0345Jan 29, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown…
- CVE-2009-0344Jan 29, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown…
- CVE-2009-0343Jan 29, 2009risk 0.03cvss —epss 0.01
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in…
- CVE-2009-0342Jan 29, 2009risk 0.00cvss —epss 0.00
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
- CVE-2009-0341Jan 29, 2009risk 0.04cvss —epss 0.15
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
- CVE-2009-0340Jan 29, 2009risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php.
- CVE-2009-0339Jan 29, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
- CVE-2009-0338Jan 29, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action.
- CVE-2009-0337Jan 29, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2009-0336Jan 29, 2009risk 0.03cvss —epss 0.02
Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained…
- CVE-2009-0335Jan 29, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.
- CVE-2009-0334Jan 29, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
- CVE-2009-0333Jan 29, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
- CVE-2009-0332Jan 29, 2009risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components.
- CVE-2009-0331Jan 29, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this…
- CVE-2009-0330Jan 29, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
- CVE-2009-0329Jan 29, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
- CVE-2009-0328Jan 29, 2009risk 0.04cvss —epss 0.07
ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for…
- CVE-2009-0327Jan 29, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter.
- CVE-2009-0326Jan 29, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2009-0325Jan 29, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.