Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-30 | CVE-2009-2257 | Improper Authentication vulnerability in Netgear Dg632 3.4.0Ap The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. | 7.8 |
2009-06-30 | CVE-2009-2256 | Improper Input Validation vulnerability in Netgear Dg632 3.4.0Ap The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. | 7.8 |
2009-06-30 | CVE-2009-2254 | SQL Injection vulnerability in Zen-Cart ZEN Cart Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue. | 7.5 |
2009-06-27 | CVE-2009-2243 | SQL Injection vulnerability in Aaronoutpost ASP Inline Corporate Calendar SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 7.5 |
2009-06-27 | CVE-2009-2239 | SQL Injection vulnerability in Joomla products SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | 7.5 |
2009-06-27 | CVE-2009-2237 | Unspecified vulnerability in Karim Ratib Views Bulk Operations Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions). | 7.5 |
2009-06-27 | CVE-2009-2236 | SQL Injection vulnerability in Yourarticlesdirectory Your Articles Directory SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. | 7.5 |
2009-06-27 | CVE-2009-2235 | SQL Injection vulnerability in Yourarticlesdirectory Your Articles Directory SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-06-27 | CVE-2009-2234 | SQL Injection vulnerability in Vicidial Call Center Suite 2.0.5173 Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW). | 7.5 |
2009-06-27 | CVE-2008-6837 | SQL Injection vulnerability in Zoph 0.7.2.1 SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. | 7.5 |