Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-15 | CVE-2009-3188 | Code Injection vulnerability in David Frohlich PHPsane 0.5.0 PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the file_save parameter. | 7.5 |
| 2009-09-15 | CVE-2009-3185 | SQL Injection vulnerability in Comsenz Crazy Star Plugin 2.0 SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action. | 7.5 |
| 2009-09-14 | CVE-2009-3183 | Buffer Errors vulnerability in SUN Opensolaris and Solaris Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2009-09-14 | CVE-2009-2807 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2009-09-14 | CVE-2008-7229 | Permissions, Privileges, and Access Controls vulnerability in Greensql Firewall 0.9.2 GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20). | 7.5 |
| 2009-09-14 | CVE-2008-7226 | SQL Injection vulnerability in PHP-Nuke Recipe Module 1.3/1.4 SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter. | 7.5 |
| 2009-09-14 | CVE-2008-7224 | Buffer Errors vulnerability in Elinks 0.11.1/0.11.11/0.11.2 Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link. | 7.8 |
| 2009-09-11 | CVE-2009-3180 | Credentials Management vulnerability in Anantasoft Gazelle CMS 1.0 Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php. | 7.5 |
| 2009-09-11 | CVE-2009-3178 | Remote vulnerability in Symantec Altiris Deployment Solution 6.9 Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. | 7.8 |
| 2009-09-11 | CVE-2009-3175 | SQL Injection vulnerability in Boldfx Model Agency Manager PRO Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php. | 7.5 |