Security Vulnerabilities, CVEs, Published In July 2009 CVSS score >= 6
CVE-2009-2650
Public exploit
Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.
Max CVSS
9.3
EPSS Score
96.45%
Published
2009-07-30
Updated
2017-09-19
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.
Max CVSS
9.3
EPSS Score
0.09%
Published
2009-07-30
Updated
2009-08-06
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.
Max CVSS
9.3
EPSS Score
4.82%
Published
2009-07-28
Updated
2017-08-17
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
Max CVSS
7.5
EPSS Score
0.93%
Published
2009-07-28
Updated
2017-09-19
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
Max CVSS
6.8
EPSS Score
1.07%
Published
2009-07-28
Updated
2017-09-19
Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action.
Max CVSS
7.5
EPSS Score
0.16%
Published
2009-07-28
Updated
2018-01-11
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
Max CVSS
7.5
EPSS Score
0.11%
Published
2009-07-28
Updated
2017-09-19
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
Max CVSS
7.5
EPSS Score
0.07%
Published
2009-07-28
Updated
2017-09-19
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-07-28
Updated
2017-09-19
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-07-28
Updated
2017-09-19
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-07-28
Updated
2017-09-19
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-07-28
Updated
2017-09-19
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.12%
Published
2009-07-27
Updated
2009-07-27
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-07-27
Updated
2017-09-19
Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.
Max CVSS
9.3
EPSS Score
2.29%
Published
2009-07-27
Updated
2009-07-27
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-07-27
Updated
2009-07-27
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.12%
Published
2009-07-27
Updated
2009-07-27
SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-07-27
Updated
2009-07-27
Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter.
Max CVSS
6.8
EPSS Score
0.30%
Published
2009-07-27
Updated
2017-09-19
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-07-27
Updated
2017-09-19
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
Max CVSS
6.8
EPSS Score
0.10%
Published
2009-07-27
Updated
2018-10-10
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-07-27
Updated
2017-09-19
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
Max CVSS
6.8
EPSS Score
0.10%
Published
2009-07-27
Updated
2017-09-19
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
Max CVSS
7.5
EPSS Score
0.11%
Published
2009-07-27
Updated
2017-09-19
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.
Max CVSS
7.5
EPSS Score
0.09%
Published
2009-07-27
Updated
2017-09-19