Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-18 | CVE-2009-3252 | SQL Injection vulnerability in Dave Robinson Rockbandcms 0.10 Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters. | 7.5 |
| 2009-09-18 | CVE-2009-3249 | Path Traversal vulnerability in Vtiger CRM 5.0.4 Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2009-09-18 | CVE-2009-3246 | SQL Injection vulnerability in Mybuxscript Pts-Bux SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. | 7.5 |
| 2009-09-18 | CVE-2009-3241 | Multiple vulnerability in Wireshark 1.2.1 Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. | 7.8 |
| 2009-09-17 | CVE-2008-7240 | Path Traversal vulnerability in Linuxwebshop PHP User Base 1.3 Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter. | 7.5 |
| 2009-09-17 | CVE-2009-3235 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dovecot Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. | 7.5 |
| 2009-09-17 | CVE-2009-3233 | OS Command Injection vulnerability in Cameron Morland Changetrack 4.3 changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack. | 7.2 |
| 2009-09-16 | CVE-2009-3226 | SQL Injection vulnerability in Almondsoft Affiliate Network Classifieds and Almond Classifieds SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action. | 7.5 |
| 2009-09-16 | CVE-2009-3224 | SQL Injection vulnerability in Classified-Software Super MOD System SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter. | 7.5 |
| 2009-09-16 | CVE-2009-3220 | Code Injection vulnerability in Tecnick Aiocp 1.4.001 PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |