Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-12 | CVE-2009-5095 | Code Injection vulnerability in Ea-Style Gbook 0.1/0.1.4 PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter. | 6.8 |
2011-09-12 | CVE-2009-5094 | SQL Injection vulnerability in Cmsfaethon CMS Faethon 2.2.0 SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter. | 7.5 |
2011-09-12 | CVE-2009-5093 | Path Traversal vulnerability in PHP4Scripte Gastebuch 1.6 Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. | 5.0 |
2011-09-12 | CVE-2009-5092 | Cross-Site Scripting vulnerability in Microsoft Fast ESP 5.0.9 Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-09-12 | CVE-2009-5091 | SQL Injection vulnerability in Vlinks 1.0.3/1.1.6 SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2011-09-12 | CVE-2009-5090 | SQL Injection vulnerability in Daman371 Bloggeruniverse SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors. | 6.8 |
2011-09-12 | CVE-2009-5089 | Path Traversal vulnerability in Ideacart 0.02/0.02A Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. | 4.3 |
2011-09-12 | CVE-2009-5088 | SQL Injection vulnerability in Ideacart 0.02 SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter. | 7.5 |
2011-09-12 | CVE-2009-5087 | Path Traversal vulnerability in Geovision Digital Surveillance System 8.2 Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
2011-09-08 | CVE-2011-3391 | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Build Forge 7.1.2 IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu. | 4.0 |