Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-12 | CVE-2009-2037 | Path Traversal vulnerability in Onlinegrades Online Grades 3.2.4 Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2009-06-12 | CVE-2009-2036 | SQL Injection vulnerability in Geekbill Open Biller 0.1 SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2009-06-12 | CVE-2009-2035 | Unspecified vulnerability in Drupal Services Module for Drupal 6.X0.12 Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors. | 6.4 |
2009-06-12 | CVE-2009-2034 | SQL Injection vulnerability in Ricardo Alexandre DE Oliveira Staudt Yogurt 0.3 SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter. | 6.0 |
2009-06-12 | CVE-2009-2033 | Cross-Site Scripting vulnerability in Ricardo Alexandre DE Oliveira Staudt Yogurt 0.3 Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2009-06-12 | CVE-2009-2032 | Cross-Site Scripting vulnerability in Pagedowntech Pdshoppro Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308, allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2009-06-11 | CVE-2009-2031 | Information Exposure vulnerability in SUN Opensolaris smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes. | 2.1 |
2009-06-11 | CVE-2009-2030 | Security vulnerability in IBM OS/400 JVA-RUN JDK6.0 XML Digital Signature Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." | 10.0 |
2009-06-11 | CVE-2009-1904 | Numeric Errors vulnerability in Ruby-Lang Ruby 1.8.6/1.8.7 The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. | 5.0 |
2009-06-11 | CVE-2009-1760 | Path Traversal vulnerability in Rasterbar Software Libtorrent 0/0.12/0.12.1 Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. | 5.8 |