Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-27 | CVE-2009-3804 | SQL Injection vulnerability in Runcms 2M1 Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter. | 6.5 |
| 2009-10-27 | CVE-2009-3803 | Cross-Site Scripting vulnerability in Amirocms Amiro.Cms Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message parameter to (6) forum.php, (7) discussion.php, (8) guestbook.php, (9) blog.php, (10) news.php, (11) srv_updates.php, (12) srv_backups.php, (13) srv_twist_prevention.php, (14) srv_tags.php, (15) srv_tags_reindex.php, (16) google_sitemap.php, (17) sitemap_history.php, (18) srv_options.php, (19) locales.php and (20) plugins_wizard.php in _admin/; a crafted IMG BBcode tag in the message body of a (21) forum, (22) guestbook, or (23) comment; (24) the content of an avatar file, which is not properly handled by Internet Explorer; and (25) the loginname parameter (aka username) in _admin/index.php. | 4.3 |
| 2009-10-27 | CVE-2009-3802 | Improper Input Validation vulnerability in Amirocms Amiro.Cms Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message. | 5.0 |
| 2009-10-27 | CVE-2009-3801 | SQL Injection vulnerability in Opendocman 1.2.5 SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. | 7.5 |
| 2009-10-26 | CVE-2009-3790 | Buffer Errors vulnerability in Cutepdf Formmax 3.5 Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. | 9.3 |
| 2009-10-26 | CVE-2009-3789 | Cross-Site Scripting vulnerability in Opendocman 1.2.5 Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php. | 4.3 |
| 2009-10-26 | CVE-2009-3788 | SQL Injection vulnerability in Opendocman 1.2.5 SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter. | 7.5 |
| 2009-10-26 | CVE-2009-3787 | Path Traversal vulnerability in Vivvo 4.1.5.1 files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . | 5.0 |
| 2009-10-26 | CVE-2009-3786 | Cross-Site Scripting vulnerability in Moshe Weitzman OG Vocab 5.X1.0/5.X1.Xdev Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. | 4.3 |
| 2009-10-26 | CVE-2009-3785 | Cross-Site Request Forgery (CSRF) vulnerability in Sjoerd Arendsen Simplenews Statistics Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | 6.8 |