CVE Daily
← All years

All CVEs — 2009

Page 34/34.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2009-01-02
Medium

CVE-2008-5818

Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot…

CVSS: 6.8 CWE: CWE-22
Read more
Medium

CVE-2008-5817

Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in…

CVSS: 6.8 CWE: CWE-89
Read more
High

CVE-2008-5816

SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5815

SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Low

CVE-2008-5814

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. N…

CVSS: 2.6 CWE: CWE-79
Read more
High

CVE-2008-5813

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOT…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5811

SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5810

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is…

CVSS: 10.0 CWE: CWE-20
Read more
Medium

CVE-2008-5809

futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hija…

CVSS: 5.8 CWE: CWE-287
Read more
Medium

CVE-2008-5808

Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-2383

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String…

CVSS: 9.3 CWE: CWE-94
Read more