Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-23 | CVE-2009-3310 | SQL Injection vulnerability in Shalwan Zainu 1.0 SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action. | 7.5 |
| 2009-09-23 | CVE-2009-3309 | SQL Injection vulnerability in Cfshopkart CF Shopkart 5.4 SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320. | 7.5 |
| 2009-09-23 | CVE-2009-3308 | SQL Injection vulnerability in Fanupdate 2.2.1 SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | 7.5 |
| 2009-09-23 | CVE-2009-3307 | Code Injection vulnerability in Frank Lichtenheld Fsphp 0.2.1 Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/. | 7.5 |
| 2009-09-23 | CVE-2009-3306 | Code Injection vulnerability in Richrumble Clearsite 4.50 PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter. | 7.5 |
| 2009-09-22 | CVE-2009-3294 | Use of Externally-Controlled Format String vulnerability in PHP The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. | 5.0 |
| 2009-09-22 | CVE-2009-3293 | Unspecified vulnerability in PHP Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." | 7.5 |
| 2009-09-22 | CVE-2009-3292 | Unspecified vulnerability in PHP Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing." | 7.5 |
| 2009-09-22 | CVE-2009-3291 | Improper Input Validation vulnerability in PHP The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. | 7.5 |
| 2009-09-22 | CVE-2009-3289 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | 7.8 |