Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-11 | CVE-2009-3174 | Code Injection vulnerability in Odelao Obophix 1.0 PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter. | 7.5 |
| 2009-09-11 | CVE-2009-3173 | Unspecified vulnerability in Theratstudios the RAT CMS 2 Unrestricted file upload vulnerability in admin/add_album.php in The Rat CMS Alpha 2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. network theratstudios | 6.8 |
| 2009-09-11 | CVE-2009-3172 | Unspecified vulnerability in Hitachi products Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights. | 7.5 |
| 2009-09-11 | CVE-2009-3171 | Cross-Site Scripting vulnerability in Anantasoft Gazelle CMS Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php. | 4.3 |
| 2009-09-11 | CVE-2009-3170 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Aimp Aimp2 Audio Converter Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file. | 9.3 |
| 2009-09-11 | CVE-2009-3169 | Multiple Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors. | 10.0 |
| 2009-09-11 | CVE-2009-3167 | Path Traversal vulnerability in Anantasoft Gazelle CMS 1.0 Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 4.3 |
| 2009-09-11 | CVE-2009-2800 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. | 6.8 |
| 2009-09-11 | CVE-2008-7216 | Permissions, Privileges, and Access Controls vulnerability in Wordpress Peter'S Math Anti-Spam for Wordpress Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip. | 4.3 |
| 2009-09-11 | CVE-2008-7215 | Improper Input Validation vulnerability in multiple products The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails. | 5.8 |