CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11501 CVE-2009-4733 89 1 Exec Code Sql 2010-03-18 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
11502 CVE-2009-4732 89 1 Exec Code Sql 2010-03-18 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party information.
11503 CVE-2009-4722 89 1 Exec Code Sql 2010-03-18 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
11504 CVE-2009-4667 89 1 Exec Code Sql 2010-03-05 2017-09-18
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter.
11505 CVE-2009-4595 89 Exec Code Sql 2010-01-12 2010-01-13
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11506 CVE-2009-4581 22 2 Dir. Trav. 2010-01-06 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter.
11507 CVE-2009-4572 352 CSRF 2010-01-05 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI.
11508 CVE-2009-4564 89 1 Exec Code Sql 2010-01-04 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.
11509 CVE-2009-4561 89 1 Exec Code Sql 2010-01-04 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
11510 CVE-2009-4555 352 CSRF 2010-01-04 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that (1) modify a .htaccess file via an unspecified request to protected/manager.cgi or (2) change the password of an administrative account.
11511 CVE-2009-4543 94 1 Exec Code File Inclusion 2010-01-04 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
11512 CVE-2009-4540 89 1 Exec Code Sql 2010-01-04 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
11513 CVE-2009-4528 264 Bypass 2009-12-31 2017-08-16
6.5
None Remote Low Single system Partial Partial Partial
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors.
11514 CVE-2009-4517 352 CSRF 2009-12-31 2010-01-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content.
11515 CVE-2009-4498 78 Exec Code 2009-12-31 2010-05-25
6.8
None Remote Medium Not required Partial Partial Partial
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
11516 CVE-2009-4455 264 Bypass 2009-12-29 2018-10-10
6.5
User Remote Low Single system Partial Partial Partial
The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature."
11517 CVE-2009-4452 264 1 +Priv 2009-12-29 2018-10-10
6.8
None Local Low Single system Complete Complete Complete
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.
11518 CVE-2009-4451 1 Exec Code 2009-12-29 2009-12-30
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in upper.php in kandalf upper 0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in fileup/.
11519 CVE-2009-4449 22 Dir. Trav. 2009-12-29 2011-01-04
6.3
None Remote Medium Single system Complete None None
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.
11520 CVE-2009-4445 20 2009-12-29 2017-08-16
6.0
User Remote Medium Single system Partial Partial Partial
Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
11521 CVE-2009-4444 20 Bypass 2009-12-29 2018-10-30
6.0
User Remote Medium Single system Partial Partial Partial
Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.
11522 CVE-2009-4440 362 2009-12-28 2010-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.
11523 CVE-2009-4438 264 2009-12-28 2010-06-29
6.5
User Remote Low Single system Partial Partial Partial
The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.
11524 CVE-2009-4435 22 2 Dir. Trav. 2009-12-28 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php.
11525 CVE-2009-4426 22 2 Dir. Trav. 2009-12-28 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.
11526 CVE-2009-4421 22 Dir. Trav. 2009-12-24 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter.
11527 CVE-2009-4414 89 Exec Code Sql 2009-12-24 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
11528 CVE-2009-4412 Exec Code 2009-12-24 2017-08-16
6.0
None Remote Medium Single system Partial Partial Partial
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.
11529 CVE-2009-4407 352 CSRF 2009-12-23 2018-10-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors.
11530 CVE-2009-4385 352 2 CSRF 2009-12-22 2009-12-23
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php.
11531 CVE-2009-4367 287 1 Bypass 2009-12-21 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
11532 CVE-2009-4351 89 1 Exec Code Sql 2009-12-17 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter.
11533 CVE-2009-4349 352 2 CSRF 2009-12-17 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
11534 CVE-2009-4325 20 2009-12-16 2010-06-29
6.4
None Remote Low Not required None Partial Partial
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."
11535 CVE-2009-4319 94 1 Exec Code File Inclusion 2009-12-14 2009-12-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.
11536 CVE-2009-4315 22 1 Exec Code Dir. Trav. 2009-12-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code.
11537 CVE-2009-4305 89 Exec Code Sql 2009-12-15 2009-12-16
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."
11538 CVE-2009-4301 264 2009-12-15 2009-12-16
6.0
None Remote Medium Single system Partial Partial Partial
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
11539 CVE-2009-4297 352 CSRF 2009-12-15 2009-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
11540 CVE-2009-4264 94 1 Exec Code File Inclusion 2009-12-10 2009-12-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.
11541 CVE-2009-4238 89 Exec Code Sql 2009-12-10 2009-12-19
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
11542 CVE-2009-4235 264 DoS +Info 2009-12-08 2017-08-16
6.9
None Local Medium Not required Complete Complete Complete
acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.
11543 CVE-2009-4227 119 Exec Code Overflow 2009-12-08 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information.
11544 CVE-2009-4224 20 2 Exec Code File Inclusion 2009-12-07 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.
11545 CVE-2009-4199 89 1 Exec Code Sql 2009-12-04 2017-09-18
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php.
11546 CVE-2009-4198 89 1 Exec Code Sql 2009-12-04 2017-09-18
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action.
11547 CVE-2009-4194 22 1 Dir. Trav. 2009-12-03 2017-08-16
6.0
None Remote Medium Single system Partial Partial Partial
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information.
11548 CVE-2009-4184 2010-02-03 2017-09-18
6.2
None Local Low Single system Complete Complete None
Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors.
11549 CVE-2009-4174 264 Bypass 2009-12-02 2018-10-10
6.0
None Remote Medium Single system Partial Partial Partial
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action.
11550 CVE-2009-4173 352 CSRF 2009-12-02 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.