Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-07-28 | CVE-2009-2642 | Improper Authentication vulnerability in Desiscripts Desi Short URL Script 1.0 index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13. | 7.5 |
2009-07-28 | CVE-2009-2640 | SQL Injection vulnerability in Interlogy Profile Manager Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action. | 7.5 |
2009-07-28 | CVE-2009-2639 | SQL Injection vulnerability in Mrcgiguy the Ticket System 2.0 SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action. | 7.5 |
2009-07-28 | CVE-2009-2638 | SQL Injection vulnerability in Konze COM Akobook 2.3 SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php. | 7.5 |
2009-07-28 | CVE-2009-2637 | Code Injection vulnerability in Ordasoft COM Booklibrary 1.5.2.4 PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2009-07-28 | CVE-2009-2635 | Code Injection vulnerability in Ordasoft COM Realestatemanager 1.0 PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2009-07-28 | CVE-2009-2634 | Code Injection vulnerability in Ordasoft COM Medialibrary 1.5.3 PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2009-07-28 | CVE-2009-2633 | Code Injection vulnerability in Ordasoft COM Vehiclemanager 1.0 PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2009-07-27 | CVE-2009-2619 | SQL Injection vulnerability in Datachecknh V-Spacepal SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-07-27 | CVE-2009-2618 | SQL Injection vulnerability in Maxdev Mdpro 1.083 SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php. | 7.5 |