Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-22 | CVE-2009-3754 | SQL Injection vulnerability in Kreotek PHPbms 0.96 Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php. | 7.5 |
| 2009-10-22 | CVE-2009-3753 | Improper Input Validation vulnerability in Opial 1.0 Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php. | 7.5 |
| 2009-10-22 | CVE-2009-3752 | SQL Injection vulnerability in Opial 1.0 SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter. | 7.5 |
| 2009-10-22 | CVE-2009-3750 | SQL Injection vulnerability in Santostefano Giovanni Toylog 0.1 SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter. | 7.5 |
| 2009-10-22 | CVE-2009-2943 | Remote Security vulnerability in Ocaml Postgresql-Ocaml 1.12.1/1.5.4/1.7.0 The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | 7.5 |
| 2009-10-22 | CVE-2009-2942 | Remote Security vulnerability in Mysql-Ocaml 1.0.4 The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | 7.5 |
| 2009-10-22 | CVE-2009-2940 | Remote Security vulnerability in Pygresql 3.8.1/4.0 The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | 7.5 |
| 2009-10-22 | CVE-2009-3620 | Use of Uninitialized Resource vulnerability in multiple products The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. | 7.8 |
| 2009-10-22 | CVE-2009-1479 | Path Traversal vulnerability in Boxalino Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2009-10-20 | CVE-2009-3296 | Numeric Errors vulnerability in Gallium.Inria Camimages 2.2 Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows. | 7.5 |