Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2009-07-28 CVE-2009-2642 Improper Authentication vulnerability in Desiscripts Desi Short URL Script 1.0
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
network
low complexity
desiscripts CWE-287
7.5
7.5
2009-07-28 CVE-2009-2640 SQL Injection vulnerability in Interlogy Profile Manager
Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action.
network
low complexity
interlogy CWE-89
7.5
7.5
2009-07-28 CVE-2009-2639 SQL Injection vulnerability in Mrcgiguy the Ticket System 2.0
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
network
low complexity
mrcgiguy CWE-89
7.5
7.5
2009-07-28 CVE-2009-2638 SQL Injection vulnerability in Konze COM Akobook 2.3
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
network
low complexity
joomla konze CWE-89
7.5
7.5
2009-07-28 CVE-2009-2637 Code Injection vulnerability in Ordasoft COM Booklibrary 1.5.2.4
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
low complexity
joomla ordasoft CWE-94
7.5
7.5
2009-07-28 CVE-2009-2635 Code Injection vulnerability in Ordasoft COM Realestatemanager 1.0
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
low complexity
joomla ordasoft CWE-94
7.5
7.5
2009-07-28 CVE-2009-2634 Code Injection vulnerability in Ordasoft COM Medialibrary 1.5.3
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
low complexity
joomla ordasoft CWE-94
7.5
7.5
2009-07-28 CVE-2009-2633 Code Injection vulnerability in Ordasoft COM Vehiclemanager 1.0
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
low complexity
joomla ordasoft CWE-94
7.5
7.5
2009-07-27 CVE-2009-2619 SQL Injection vulnerability in Datachecknh V-Spacepal
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
datachecknh CWE-89
7.5
7.5
2009-07-27 CVE-2009-2618 SQL Injection vulnerability in Maxdev Mdpro 1.083
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.
network
low complexity
maxdev CWE-89
7.5
7.5