The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2009-4992 | SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.Note: http://inj3ct0r.com/exploits/5624 | High | Aug 25, 2010 |
| CVE-2009-4991 | Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter. | Medium | Aug 25, 2010 |
| CVE-2009-4990 | Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission. | Medium | Aug 25, 2010 |
| CVE-2009-4989 | Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action. | Medium | Aug 25, 2010 |
| CVE-2009-4988 | Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000. | High | Aug 25, 2010 |
| CVE-2009-4987 | admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211. | High | Aug 25, 2010 |
| CVE-2009-4986 | Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter. | Medium | Aug 25, 2010 |
| CVE-2009-4985 | SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter. | High | Aug 25, 2010 |
| CVE-2009-4984 | Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php. | Medium | Aug 25, 2010 |
| CVE-2009-4983 | Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php. | Medium | Aug 25, 2010 |
| CVE-2009-4982 | SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI. | Medium | Aug 25, 2010 |
| CVE-2009-4981 | Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators. | Medium | Aug 25, 2010 |
| CVE-2009-4980 | Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php. | Medium | Aug 25, 2010 |
| CVE-2009-4979 | Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[], (2) sort, (3) order, and (4) Match parameters. | High | Aug 25, 2010 |
| CVE-2009-4978 | Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | Medium | Aug 25, 2010 |
| CVE-2009-4977 | PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter. | Medium | Aug 25, 2010 |
| CVE-2009-4976 | Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a universal XSS issue, a similar vulnerability to CVE-2010-2536. | Medium | Aug 12, 2010 |
| CVE-2009-4975 | Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a universal XSS issue, a similar vulnerability to CVE-2010-2536. | Medium | Aug 12, 2010 |
| CVE-2009-4974 | Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter. | High | Jul 28, 2010 |
| CVE-2009-4973 | SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action. | High | Jul 28, 2010 |
| CVE-2009-4972 | Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | Medium | Jul 28, 2010 |
| CVE-2009-4971 | SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 28, 2010 |
| CVE-2009-4970 | SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 28, 2010 |
| CVE-2009-4969 | SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 28, 2010 |
| CVE-2009-4968 | SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 28, 2010 |
| CVE-2009-4967 | SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 28, 2010 |
| CVE-2009-4966 | SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 28, 2010 |
| CVE-2009-4965 | SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 28, 2010 |
| CVE-2009-4964 | Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file. | High | Jul 28, 2010 |
| CVE-2009-4963 | Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Low | Jul 28, 2010 |
| CVE-2009-4962 | Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information. | High | Jul 28, 2010 |
| CVE-2009-4961 | Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function. | Medium | Jul 28, 2010 |
| CVE-2009-4960 | Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | Medium | Jul 28, 2010 |
| CVE-2009-4959 | SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 28, 2010 |
| CVE-2009-4958 | SQL injection vulnerability in video.php in EMO Breader Manager allows remote attackers to execute arbitrary SQL commands via the idd parameter. | High | Jul 28, 2010 |
| CVE-2009-4957 | Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter. | High | Jul 23, 2010 |
| CVE-2009-4956 | Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jul 23, 2010 |
| CVE-2009-4955 | SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 23, 2010 |
| CVE-2009-4954 | SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 23, 2010 |
| CVE-2009-4953 | Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jul 23, 2010 |
| CVE-2009-4952 | Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. | High | Jul 23, 2010 |
| CVE-2009-4951 | Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | Medium | Jul 23, 2010 |
| CVE-2009-4950 | SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 23, 2010 |
| CVE-2009-4949 | SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 23, 2010 |
| CVE-2009-4948 | Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jul 23, 2010 |
| CVE-2009-4947 | SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter. | High | Jul 23, 2010 |
| CVE-2009-4946 | Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Jul 23, 2010 |
| CVE-2009-4945 | AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php. | High | Jul 22, 2010 |
| CVE-2009-4944 | Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Jul 22, 2010 |
| CVE-2009-4943 | index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_adrates action with an invalid uid parameter, which reveals the installation path in an error message; or (2) an adminlogin action with a crafted uid parameter, which reveals the version number. | Medium | Jul 22, 2010 |
