Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2009-07-14 CVE-2008-6858 Improper Authentication vulnerability in Xigla Absolute Banner Manager.Net 4.0
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
network
low complexity
xigla CWE-287
7.5
2009-07-14 CVE-2008-6857 Improper Authentication vulnerability in Xigla Absolute Podcast.Net 1.0
Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
network
low complexity
xigla CWE-287
7.5
2009-07-14 CVE-2008-6856 Improper Authentication vulnerability in Xigla Absolute News Manager.Net 5.1
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
network
low complexity
xigla CWE-287
7.5
2009-07-14 CVE-2008-6855 Improper Authentication vulnerability in Xigla Absolute News Feed 1.0/1.5
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.
network
low complexity
xigla CWE-287
7.5
2009-07-14 CVE-2008-6854 Improper Authentication vulnerability in Xigla Absolute FAQ Manager .Net 6.0
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
network
low complexity
xigla CWE-287
7.5
2009-07-13 CVE-2009-2450 Buffer Errors vulnerability in Tallemu products
The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL.
local
low complexity
tallemu CWE-119
7.2
2009-07-13 CVE-2009-2449 Path Traversal vulnerability in Adbnewssender
Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
adbnewssender CWE-22
7.5
2009-07-13 CVE-2009-2446 USE of Externally-Controlled Format String vulnerability in multiple products
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.
network
mysql oracle CWE-134
8.5
2009-07-13 CVE-2009-2444 Path Traversal vulnerability in Adbnewssender
Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
adbnewssender CWE-22
7.5
2009-07-13 CVE-2009-2439 SQL Injection vulnerability in web Development House Alibaba Clone
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php.
network
low complexity
web-development-house CWE-89
7.5