Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-24 | CVE-2008-7059 | SQL Injection vulnerability in Aled Owen One-News SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter. | 7.5 |
| 2009-08-24 | CVE-2009-2951 | Cryptographic Issues vulnerability in Phenotype-Cms Phenotype CMS Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords. | 7.5 |
| 2009-08-24 | CVE-2008-7051 | Improper Authentication vulnerability in Ajsquare AJ Article AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/. | 7.5 |
| 2009-08-24 | CVE-2008-7050 | Credentials Management vulnerability in Wowraidmanager The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password. | 7.5 |
| 2009-08-24 | CVE-2008-7049 | SQL Injection vulnerability in Natterchat 1.1/1.12 Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. | 7.5 |
| 2009-08-24 | CVE-2008-7047 | Improper Authentication vulnerability in Natterchat 1.1 NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp. | 7.5 |
| 2009-08-24 | CVE-2008-7044 | SQL Injection vulnerability in Ajsquare Free Polling Script SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter. | 7.5 |
| 2009-08-24 | CVE-2008-7042 | Code Injection vulnerability in Freshscripts Fresh Email Script 1.0/1.11 PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter. | 7.5 |
| 2009-08-24 | CVE-2008-7041 | Improper Authentication vulnerability in Ajsquare AJ Classifieds AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php. | 7.5 |
| 2009-08-24 | CVE-2008-7040 | SQL Injection vulnerability in Yellowswordfish Simple Forum SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. | 7.5 |