Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-16 | CVE-2009-3216 | Path Traversal vulnerability in Wiccle Iwiccle 1.01 Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. | 4.3 |
| 2009-09-16 | CVE-2009-3215 | SQL Injection vulnerability in PHP-Shop-System Ixxo Cart SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. | 7.5 |
| 2009-09-16 | CVE-2009-3214 | Buffer Errors vulnerability in Photodex Proshow Gold 4.0.2549 Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project (.psh) file, related to the (1) cell[n].images[m].image and (2) cell[n].sound.file fields. | 9.3 |
| 2009-09-16 | CVE-2009-3213 | Buffer Errors vulnerability in Broid 1.0 Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file. | 9.3 |
| 2009-09-16 | CVE-2009-3212 | SQL Injection vulnerability in Dimofinf Infinity Script 2.0.5 SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field. | 6.8 |
| 2009-09-16 | CVE-2009-3211 | Path Traversal vulnerability in Dimofinf Infinity Script 2.0.5 Directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 6.8 |
| 2009-09-16 | CVE-2009-3210 | Cross-Site Scripting vulnerability in Joao Ventura Print Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2009-09-16 | CVE-2009-3209 | SQL Injection vulnerability in Raizlabs PHP Email Manager 3.3.0 SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
| 2009-09-16 | CVE-2009-3208 | SQL Injection vulnerability in Prakashatma Mishra PHPfreebb 1.0 Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php. | 7.5 |
| 2009-09-16 | CVE-2009-3207 | Permissions, Privileges, and Access Controls vulnerability in Drewish Imagecache The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | 6.8 |