| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2009-4961 |
200 |
1
|
+Info |
2010-07-28 |
2017-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function. |
|
302 |
CVE-2009-4960 |
22 |
1
|
Dir. Trav. |
2010-07-28 |
2017-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. |
|
303 |
CVE-2009-4959 |
89 |
|
Exec Code Sql |
2010-07-28 |
2010-07-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
304 |
CVE-2009-4958 |
89 |
1
|
Exec Code Sql |
2010-07-28 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter. |
|
305 |
CVE-2009-4957 |
22 |
1
|
Dir. Trav. |
2010-07-22 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter. |
|
306 |
CVE-2009-4956 |
79 |
|
XSS |
2010-07-22 |
2010-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
307 |
CVE-2009-4955 |
89 |
|
Exec Code Sql |
2010-07-22 |
2010-07-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
308 |
CVE-2009-4954 |
89 |
|
Exec Code Sql |
2010-07-22 |
2010-07-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
309 |
CVE-2009-4953 |
79 |
|
XSS |
2010-07-22 |
2010-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
310 |
CVE-2009-4952 |
22 |
|
Dir. Trav. |
2010-07-22 |
2010-07-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. |
|
311 |
CVE-2009-4951 |
200 |
|
+Info |
2010-07-22 |
2010-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
|
312 |
CVE-2009-4950 |
89 |
|
Exec Code Sql |
2010-07-22 |
2010-07-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
313 |
CVE-2009-4949 |
89 |
|
Exec Code Sql |
2010-07-22 |
2010-07-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
314 |
CVE-2009-4948 |
79 |
|
XSS |
2010-07-22 |
2010-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
315 |
CVE-2009-4947 |
89 |
|
Exec Code Sql |
2010-07-22 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter. |
|
316 |
CVE-2009-4946 |
22 |
|
Dir. Trav. |
2010-07-22 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
317 |
CVE-2009-4945 |
255 |
|
|
2010-07-22 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php. |
|
318 |
CVE-2009-4944 |
79 |
|
XSS |
2010-07-22 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
319 |
CVE-2009-4943 |
200 |
|
+Info |
2010-07-22 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_adrates action with an invalid uid parameter, which reveals the installation path in an error message; or (2) an adminlogin action with a crafted uid parameter, which reveals the version number. |
|
320 |
CVE-2009-4942 |
352 |
|
CSRF |
2010-07-22 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items. |
|
321 |
CVE-2009-4941 |
79 |
|
XSS |
2010-07-22 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. |
|
322 |
CVE-2009-4940 |
89 |
1
|
Exec Code Sql |
2010-07-22 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. |
|
323 |
CVE-2009-4939 |
79 |
1
|
XSS |
2010-07-22 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action. |
|
324 |
CVE-2009-4938 |
89 |
1
|
Exec Code Sql |
2010-07-22 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. |
|
325 |
CVE-2009-4937 |
79 |
1
|
XSS |
2010-07-22 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag. |
|
326 |
CVE-2009-4936 |
89 |
1
|
Exec Code Sql |
2010-07-22 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. |
|
327 |
CVE-2009-4935 |
89 |
1
|
Exec Code Sql |
2010-07-12 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter. |
|
328 |
CVE-2009-4934 |
79 |
|
XSS |
2010-07-12 |
2010-07-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. |
|
329 |
CVE-2009-4933 |
89 |
1
|
Exec Code Sql |
2010-07-12 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information. |
|
330 |
CVE-2009-4932 |
119 |
1
|
DoS Exec Code Overflow |
2010-07-12 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. |
|
331 |
CVE-2009-4931 |
119 |
1
|
DoS Exec Code Overflow |
2010-07-12 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. |
|
332 |
CVE-2009-4930 |
79 |
|
XSS |
2010-07-12 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web script or HTML via the New Question field. |
|
333 |
CVE-2009-4929 |
287 |
1
|
|
2010-07-12 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. |
|
334 |
CVE-2009-4928 |
94 |
1
|
Exec Code File Inclusion |
2010-07-12 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055. |
|
335 |
CVE-2009-4927 |
287 |
1
|
Bypass |
2010-07-12 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. |
|
336 |
CVE-2009-4926 |
79 |
|
XSS |
2010-07-12 |
2010-07-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php. |
|
337 |
CVE-2009-4925 |
89 |
1
|
Exec Code Sql |
2010-07-12 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php. |
|
338 |
CVE-2009-4924 |
79 |
|
XSS |
2010-07-02 |
2010-07-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. |
|
339 |
CVE-2009-4897 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-07-22 |
2017-08-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. |
|
340 |
CVE-2009-3764 |
|
|
|
2010-07-13 |
2012-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors. |
|
341 |
CVE-2009-3763 |
|
|
|
2010-07-13 |
2012-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Access Manager / OpenSSO component in Oracle OpenSSO Enterprise 7.1, 7, 2005Q4, and 8.0 allows remote attackers to affect integrity via unknown vectors. |
|
342 |
CVE-2009-3762 |
|
|
|
2010-07-13 |
2012-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors. |
|
343 |
CVE-2004-2769 |
264 |
|
|
2010-07-02 |
2010-07-06 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. |
