Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2009-09-04 CVE-2008-7161 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortigate-1000 3.00
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header.
network
low complexity
fortinet CWE-264
7.5
7.5
2009-09-03 CVE-2009-3065 Code Injection vulnerability in Rein Velt Vedit 01.4
PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter.
network
low complexity
rein-velt CWE-94
7.5
7.5
2009-09-03 CVE-2009-3064 Path Traversal vulnerability in Rein Velt Vedit 01.4
Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
rein-velt CWE-22
7.5
7.5
2009-09-03 CVE-2009-3063 SQL Injection vulnerability in Indianpulses COM Gameserver 1.0
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.
network
low complexity
joomla indianpulses CWE-89
7.5
7.5
2009-09-03 CVE-2009-3062 SQL Injection vulnerability in PHPlivesupport. PHPlive! 3.3
SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
network
low complexity
phplivesupport CWE-89
7.5
7.5
2009-09-03 CVE-2009-3061 SQL Injection vulnerability in Alqa6Ari Script Q R 1.0
SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
alqa6ari CWE-89
7.5
7.5
2009-09-03 CVE-2009-3059 SQL Injection vulnerability in Allpublication Jboard
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.
network
low complexity
allpublication CWE-89
7.5
7.5
2009-09-03 CVE-2009-3056 Code Injection vulnerability in BAS Bloemsaat Kingcms 0.6.0
PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter.
network
low complexity
bas-bloemsaat CWE-94
7.5
7.5
2009-09-03 CVE-2009-3055 Code Injection vulnerability in Dlecms DLE 8.2
PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter.
network
low complexity
dlecms CWE-94
7.5
7.5
2009-09-03 CVE-2009-3054 SQL Injection vulnerability in Artetics COM Artportal 1.0
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.
network
low complexity
joomla artetics CWE-89
7.5
7.5