Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.33%
Published
2009-12-31
Updated
2017-08-17

CVE-2009-4502

Public exploit
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
Max CVSS
9.3
EPSS Score
91.33%
Published
2009-12-31
Updated
2010-01-01
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.
Max CVSS
7.5
EPSS Score
0.14%
Published
2009-12-31
Updated
2010-02-02

CVE-2009-4484

Public exploit
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
Max CVSS
7.5
EPSS Score
97.21%
Published
2009-12-30
Updated
2023-02-14
Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by the vd_tversity module in VulnDisco Pack Professional 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
10.0
EPSS Score
1.16%
Published
2009-12-30
Updated
2010-01-04
Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
9.3
EPSS Score
0.13%
Published
2009-12-30
Updated
2009-12-31
LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
7.8
EPSS Score
0.28%
Published
2009-12-30
Updated
2010-01-04
SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Max CVSS
7.5
EPSS Score
0.14%
Published
2009-12-30
Updated
2017-09-19
Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.15 through 8.11. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
1.20%
Published
2009-12-30
Updated
2010-01-06
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-12-30
Updated
2017-09-19
SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
Max CVSS
7.5
EPSS Score
0.07%
Published
2009-12-30
Updated
2017-09-19
Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[config][dir][plugins] parameter to plugins/address/admin/index.php, (2) GLOBALS[config][dir][functions] parameter to plugins/im/compose.php, and (3) GLOBALS[config][dir][classes] parameter to plugins/cssedit/admin/index.php.
Max CVSS
7.5
EPSS Score
1.12%
Published
2009-12-30
Updated
2017-09-19
Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) bib_form.php, (2) bib_pldetails.php, (3) bib_plform.php, (4) bib_plsearchc.php, (5) bib_plsearchs.php, (6) bib_save.php, (7) bib_searchc.php, (8) bib_searchs.php, (9) edi_form.php, (10) edi_save.php, (11) gen_form.php, (12) gen_save.php, (13) lin_form.php, (14) lin_save.php, (15) luo_form.php, (16) luo_save.php, (17) sog_form.php, or (18) sog_save.php in biblioteca/; (19) cal_insert.php, (20) cal_save.php, or (21) cal_saveactivity.php in calendario/; (22) circolari/cir_save.php; or (23) modulistica/mdl_save.php.
Max CVSS
7.5
EPSS Score
1.19%
Published
2009-12-30
Updated
2017-09-19
SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter.
Max CVSS
7.5
EPSS Score
0.07%
Published
2009-12-30
Updated
2018-10-10
DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/.
Max CVSS
7.5
EPSS Score
0.73%
Published
2009-12-30
Updated
2017-08-17
Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords.
Max CVSS
10.0
EPSS Score
1.16%
Published
2009-12-30
Updated
2018-10-10
Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.
Max CVSS
10.0
EPSS Score
77.80%
Published
2009-12-30
Updated
2018-10-10
Multiple unspecified vulnerabilities in the Vsftpd Webmin module before 1.3b for the Vsftpd server have unknown impact and attack vectors related to "Some security issues."
Max CVSS
7.5
EPSS Score
0.38%
Published
2009-12-30
Updated
2011-01-11
SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2009-12-30
Updated
2013-08-28
Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. NOTE: some of these details are obtained from third party information.
Max CVSS
8.8
EPSS Score
0.46%
Published
2009-12-29
Updated
2017-08-17
Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.
Max CVSS
7.5
EPSS Score
3.43%
Published
2009-12-29
Updated
2017-08-17
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.
Max CVSS
7.5
EPSS Score
0.08%
Published
2009-12-28
Updated
2017-08-17
Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-12-28
Updated
2017-08-17
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-12-28
Updated
2009-12-29
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.52%
Published
2009-12-28
Updated
2010-06-29
203 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!