Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-17 | CVE-2009-2096 | SQL Injection vulnerability in David Degner PHPcollegeexchange 0.1.5C SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter. | 7.5 |
2009-06-16 | CVE-2009-2084 | Credentials Management vulnerability in Llnl Slurm Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges. | 7.2 |
2009-06-16 | CVE-2009-1719 | Code Injection vulnerability in SUN JRE 1.5.0/1.5.011B03 The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. | 7.5 |
2009-06-16 | CVE-2009-2082 | SQL Injection vulnerability in Creative web Solutions Multi-Level CMS 1.21 SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2009-06-16 | CVE-2009-2080 | Permissions, Privileges, and Access Controls vulnerability in Mrcgiguy the Ticket System 2.0 admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action. | 7.5 |
2009-06-16 | CVE-2009-2075 | Permissions, Privileges, and Access Controls vulnerability in Angrydonuts Nodequeue Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. | 7.5 |
2009-06-12 | CVE-2009-1837 | Use After Free vulnerability in multiple products Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | 7.5 |
2009-06-12 | CVE-2009-2040 | Improper Authentication vulnerability in Grestul 1.2 admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request. | 7.5 |
2009-06-12 | CVE-2009-2036 | SQL Injection vulnerability in Geekbill Open Biller 0.1 SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2009-06-10 | CVE-2009-2027 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. | 7.2 |