Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4737 | 1 Justsystems | 2 Ichitaro, Ichitaro Viewer | 2017-08-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter." | |||||
| CVE-2009-4743 | 1 Afterlogic | 1 Webmail Pro | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters. | |||||
| CVE-2009-4744 | 1 Oicgroup | 1 Exponent Cms | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4750 | 1 Phppower | 1 Top Paidmailer | 2017-08-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2009-4751 | 1 Phppower | 1 Swinger Club Portal | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action. | |||||
| CVE-2009-4752 | 1 Phppower | 1 Swinger Club Portal | 2017-08-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter. | |||||
| CVE-2009-4763 | 1 Phpmyvisites | 1 Phpmyvisites | 2017-08-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2.4, has unknown impact and attack vectors. NOTE: due to lack of details from the vendor, it is not clear whether this is related to CVE-2008-5793. | |||||
| CVE-2009-4767 | 1 Plohni | 1 Shoutbox | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4768 | 1 Blizzard | 1 Warcraft 3 The Frozen Throne | 2017-08-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4771 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-16 | 5.0 MEDIUM | N/A |
| The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors. | |||||
| CVE-2009-4772 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2009-4773 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2017-08-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2009-4777 | 4 Hitachi, Hp, Microsoft and 1 more | 17 Job Management Partner 1\/automatic Job Management System 2-view, Job Management Partner 1\/integrated Management-view, Job Management Partner 1\/integrated Manager-console View and 14 more | 2017-08-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file." | |||||
| CVE-2009-4779 | 1 Robert Garrigos | 1 Nukehall | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/. | |||||
| CVE-2009-4795 | 1 Xlightftpd | 1 Xlight Ftp Server | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command. | |||||
| CVE-2009-4814 | 1 Wolfram | 1 Webmathematica | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers to inject arbitrary web script or HTML via the URI to the MSP script. | |||||
| CVE-2009-4816 | 1 Andy Stedemos | 1 The Uploader | 2017-08-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2009-4817 | 1 Element-it | 1 Ultimate Uploader | 2017-08-16 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/. | |||||
| CVE-2009-4818 | 1 Phpsimplicity | 1 Simplicity Of Upload | 2017-08-16 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. | |||||
| CVE-2009-4819 | 1 Stoverud | 1 Phphotoalbum | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/. | |||||