Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-04 | CVE-2009-1519 | Path Traversal vulnerability in Pecio-Cms Pecio CMS 1.1.5 Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-05-04 | CVE-2009-1518 | Cross-Site Request Forgery (CSRF) vulnerability in Beltane 1.0.15/1.0.16/2.3.8 Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2009-05-04 | CVE-2008-6791 | Improper Input Validation vulnerability in Klever Pumpkin 2.7.2.0 PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field. | 5.0 |
2009-05-04 | CVE-2008-6790 | Improper Input Validation vulnerability in Minddezign Photo Gallery 2.2 The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php. | 5.1 |
2009-05-04 | CVE-2008-6789 | SQL Injection vulnerability in Minddezign Photo Gallery 2.2 SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788. | 5.1 |
2009-05-04 | CVE-2008-6788 | SQL Injection vulnerability in Minddezign Photo Gallery 2.2 SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php. | 5.1 |
2009-05-04 | CVE-2009-1516 | Buffer Errors vulnerability in Icewarp Merak Mail Server 9.4.1 Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method. | 7.5 |
2009-05-04 | CVE-2009-1515 | Buffer Errors vulnerability in Christos Zoulas File 5.00 Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. | 6.8 |
2009-05-04 | CVE-2009-1514 | Resource Management Errors vulnerability in Google Chrome 1.0.154.53 Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value. | 5.0 |
2009-05-01 | CVE-2009-1512 | Code Injection vulnerability in Keir Davis X-Forum 0.6.2 Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php. | 6.5 |