Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-03 | CVE-2008-6890 | SQL Injection vulnerability in Codetoad ASP Forum Script SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter. | 7.5 |
| 2009-08-03 | CVE-2008-6889 | SQL Injection vulnerability in Activewebsoftwares Aspreferral 5.3 SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. | 7.5 |
| 2009-08-03 | CVE-2008-6887 | SQL Injection vulnerability in Preprojects PRE Classified Listings 1.0 SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter. | 7.5 |
| 2009-07-31 | CVE-2009-1720 | Numeric Errors vulnerability in Openexr 1.2.2/1.6.1 Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. | 7.5 |
| 2009-07-30 | CVE-2008-6883 | SQL Injection vulnerability in Joompolitan COM Livechat 1.0 SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. | 7.5 |
| 2009-07-30 | CVE-2008-6882 | Improper Input Validation vulnerability in Joompolitan COM Livechat 1.0 Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. | 7.5 |
| 2009-07-30 | CVE-2008-6881 | SQL Injection vulnerability in Joompolitan COM Livechat 1.0 Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php. | 7.5 |
| 2009-07-30 | CVE-2008-6880 | SQL Injection vulnerability in Easysitenetwork Jokes Complete Website SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2009-07-30 | CVE-2009-2410 | Improper Authentication vulnerability in Fedorahosted Sssd 0.4.1 The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection. | 7.5 |
| 2009-07-30 | CVE-2009-1168 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021. | 7.1 |