Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-19 | CVE-2009-0969 | Cross-Site Request Forgery (CSRF) vulnerability in PHPfox 1.6.2.1 Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action. | 6.8 |
| 2009-03-19 | CVE-2009-0967 | Resource Management Errors vulnerability in Solarwinds Serv-U File Server The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument. | 4.0 |
| 2009-03-19 | CVE-2009-0661 | Improper Input Validation vulnerability in Flashtux Weechat 0.2.6 Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read. | 5.0 |
| 2009-03-18 | CVE-2009-0940 | Cross-Site Request Forgery (CSRF) vulnerability in HP products Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config. | 5.1 |
| 2009-03-18 | CVE-2009-0538 | USE of Externally-Controlled Format String vulnerability in Symantec Pcanywhere Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file). | 4.6 |
| 2009-03-18 | CVE-2008-6486 | Code Injection vulnerability in Shatm Sharedlog PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter. | 6.8 |
| 2009-03-18 | CVE-2008-6482 | Code Injection vulnerability in Justjoomla COM Treeg 1.0 PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter. | 6.8 |
| 2009-03-18 | CVE-2009-0938 | Denial of Service vulnerability in Tor Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." | 5.0 |
| 2009-03-18 | CVE-2009-0937 | Denial of Service vulnerability in Tor Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors. | 5.0 |
| 2009-03-18 | CVE-2009-0936 | Denial of Service vulnerability in Tor Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes." | 5.0 |