Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-28 | CVE-2009-3820 | SQL Injection vulnerability in Flagbit FB Filebase 0.1.0 SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2009-10-28 | CVE-2009-3817 | Code Injection vulnerability in Ordasoft COM Booklibrary 1.0 PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. | 7.5 |
| 2009-10-27 | CVE-2009-3806 | SQL Injection vulnerability in Dedecms 5.1 SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. | 7.5 |
| 2009-10-27 | CVE-2009-3801 | SQL Injection vulnerability in Opendocman 1.2.5 SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. | 7.5 |
| 2009-10-26 | CVE-2009-3788 | SQL Injection vulnerability in Opendocman 1.2.5 SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter. | 7.5 |
| 2009-10-26 | CVE-2009-3778 | SQL Injection vulnerability in Adam Gerson Moodle Courselist 6.X1.2 SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2009-10-26 | CVE-2009-3611 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. | 7.1 |
| 2009-10-22 | CVE-2009-3760 | Code Injection vulnerability in Citrix Xencenterweb Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. | 7.5 |
| 2009-10-22 | CVE-2009-3759 | Cross-Site Request Forgery (CSRF) vulnerability in Citrix Xencenterweb Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. | 8.8 |
| 2009-10-22 | CVE-2009-3758 | SQL Injection vulnerability in Citrix Xencenterweb SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |