Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-07-14 | CVE-2008-6858 | Improper Authentication vulnerability in Xigla Absolute Banner Manager.Net 4.0 Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 7.5 |
2009-07-14 | CVE-2008-6857 | Improper Authentication vulnerability in Xigla Absolute Podcast.Net 1.0 Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 7.5 |
2009-07-14 | CVE-2008-6856 | Improper Authentication vulnerability in Xigla Absolute News Manager.Net 5.1 Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 7.5 |
2009-07-14 | CVE-2008-6855 | Improper Authentication vulnerability in Xigla Absolute News Feed 1.0/1.5 Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie. | 7.5 |
2009-07-14 | CVE-2008-6854 | Improper Authentication vulnerability in Xigla Absolute FAQ Manager .Net 6.0 Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | 7.5 |
2009-07-13 | CVE-2009-2450 | Buffer Errors vulnerability in Tallemu products The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL. | 7.2 |
2009-07-13 | CVE-2009-2449 | Path Traversal vulnerability in Adbnewssender Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-07-13 | CVE-2009-2446 | USE of Externally-Controlled Format String vulnerability in multiple products Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. | 8.5 |
2009-07-13 | CVE-2009-2444 | Path Traversal vulnerability in Adbnewssender Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-07-13 | CVE-2009-2439 | SQL Injection vulnerability in web Development House Alibaba Clone Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. | 7.5 |