Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2009-09-16 CVE-2009-3217 SQL Injection vulnerability in Wiccle Iwiccle 1.01
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
network
low complexity
wiccle CWE-89
7.5
7.5
2009-09-16 CVE-2009-3215 SQL Injection vulnerability in PHP-Shop-System Ixxo Cart
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
network
low complexity
php-shop-system joomla CWE-89
7.5
7.5
2009-09-16 CVE-2009-3209 SQL Injection vulnerability in Raizlabs PHP Email Manager 3.3.0
SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
network
low complexity
raizlabs CWE-89
7.5
7.5
2009-09-16 CVE-2009-3208 SQL Injection vulnerability in Prakashatma Mishra PHPfreebb 1.0
Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php.
network
low complexity
prakashatma-mishra CWE-89
7.5
7.5
2009-09-16 CVE-2009-3205 SQL Injection vulnerability in Cbauthority
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action.
network
low complexity
cbauthority CWE-89
7.5
7.5
2009-09-16 CVE-2009-3203 SQL Injection vulnerability in Ajsquare AJ Auction Pro-Oopd 2.0
SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
ajsquare CWE-89
7.5
7.5
2009-09-15 CVE-2009-3165 SQL Injection vulnerability in Mozilla Bugzilla
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
network
low complexity
mozilla CWE-89
7.5
7.5
2009-09-15 CVE-2009-3125 SQL Injection vulnerability in Mozilla Bugzilla
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
network
low complexity
mozilla CWE-89
7.5
7.5
2009-09-15 CVE-2009-2629 Out-of-bounds Write vulnerability in multiple products
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
network
low complexity
f5 debian fedoraproject CWE-787
7.5
7.5
2009-09-15 CVE-2009-3193 SQL Injection vulnerability in Uwix COM Digifolio 1.52
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
network
low complexity
joomla uwix CWE-89
7.5
7.5