Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-28 | CVE-2009-2865 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS and Unified Communications Manager Express Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779. | 7.6 |
| 2009-09-28 | CVE-2009-2864 | Denial of Service vulnerability in Cisco products Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423. | 7.8 |
| 2009-09-28 | CVE-2009-2863 | Improper Authentication vulnerability in Cisco IOS Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | 7.1 |
| 2009-09-25 | CVE-2009-3430 | SQL Injection vulnerability in Allomani Mobile 2.5 SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | 7.5 |
| 2009-09-25 | CVE-2009-3419 | SQL Injection vulnerability in Intesync Miniweb 2.0 SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter. | 7.5 |
| 2009-09-25 | CVE-2009-3417 | SQL Injection vulnerability in Idojoomla COM Idoblog 1.1 SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627. | 7.5 |
| 2009-09-24 | CVE-2009-3390 | Local Security vulnerability in OpenSolaris Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 10, and OpenSolaris snv_28 through snv_109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library. | 7.2 |
| 2009-09-24 | CVE-2009-2682 | Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux B.11.23/B.11.31 Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors. | 7.2 |
| 2009-09-24 | CVE-2009-3369 | Permissions, Privileges, and Access Controls vulnerability in Craig Barratt Backuppc 3.1.0 CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore. | 8.5 |
| 2009-09-24 | CVE-2009-3365 | Code Injection vulnerability in Traza Aurora 1.0.2 PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter. | 7.5 |