Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-26 | CVE-2009-2233 | Improper Authentication vulnerability in Awscripts Gallery Search Engine 1.5 The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. | 7.5 |
| 2009-06-26 | CVE-2009-2232 | SQL Injection vulnerability in Softbizscripts Banner AD Management Script SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. | 7.5 |
| 2009-06-26 | CVE-2009-2231 | Improper Authentication vulnerability in Mid.As Midas 1.43 MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. | 7.5 |
| 2009-06-26 | CVE-2009-2230 | SQL Injection vulnerability in Mybulletinboard SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter. | 7.5 |
| 2009-06-25 | CVE-2009-2209 | SQL Injection vulnerability in Rs-Cms 2.1 SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
| 2009-06-25 | CVE-2009-2045 | Unspecified vulnerability in Cisco Video Surveillance Stream Manager 5.0/5.1 The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924. | 7.8 |
| 2009-06-25 | CVE-2009-1163 | Resource Management Errors vulnerability in Cisco Physical Access Gateway Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets. | 7.8 |
| 2009-06-25 | CVE-2009-0903 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. | 7.5 |
| 2009-06-23 | CVE-2009-2183 | Path Traversal vulnerability in Campware.Org Campsite 3.3.0 Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. | 7.5 |
| 2009-06-23 | CVE-2009-2179 | SQL Injection vulnerability in W2B PHPdatingclub 3.7 SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter. | 7.5 |