Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2885 | 1 Phpscriptsnow | 1 World\'s Tallest Buildings | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||||
| CVE-2009-2886 | 1 Phpscriptsnow | 1 President Bios | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||||
| CVE-2009-2887 | 1 Phpscriptsnow | 1 President Bios | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter. | |||||
| CVE-2009-2888 | 1 Phpscriptsnow | 1 Hangman | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter. | |||||
| CVE-2009-2889 | 1 Phpscriptsnow | 1 Hangman | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter. | |||||
| CVE-2009-2890 | 1 Phpscriptsnow | 1 Riddles | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. | |||||
| CVE-2009-2891 | 1 Phpscriptsnow | 1 Riddles | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2009-2894 | 1 Clone2009 | 1 Ebay Clone | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php. | |||||
| CVE-2009-2916 | 1 2kgames | 1 Vietcong 2 | 2017-08-16 | 9.3 HIGH | N/A |
| Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname. | |||||
| CVE-2009-2919 | 1 Boonex | 1 Orca | 2017-08-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. | |||||
| CVE-2009-2935 | 1 Google | 1 Chrome | 2017-08-16 | 10.0 HIGH | N/A |
| Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript. | |||||
| CVE-2009-2944 | 1 Ikiwiki | 1 Ikiwiki | 2017-08-16 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands. | |||||
| CVE-2009-2951 | 1 Phenotype-cms | 1 Phenotype Cms | 2017-08-16 | 7.5 HIGH | N/A |
| Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords. | |||||
| CVE-2009-2956 | 1 Ibm | 1 Websphere Commerce Suite | 2017-08-16 | 5.0 MEDIUM | N/A |
| The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files. | |||||
| CVE-2009-2963 | 1 Decomputeur | 1 Toolbar Uninstaller | 2017-08-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers to force the download and execution of arbitrary files via attack vectors related to a "malformed update url and a malformed update website." | |||||
| CVE-2009-2966 | 1 Kaspersky | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2017-08-16 | 4.3 MEDIUM | N/A |
| avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. | |||||
| CVE-2009-2967 | 1 Buildbot | 1 Buildbot | 2017-08-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959. | |||||
| CVE-2009-2973 | 1 Google | 1 Chrome | 2017-08-16 | 6.4 MEDIUM | N/A |
| Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409. | |||||
| CVE-2009-2975 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2017-08-16 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol. | |||||
| CVE-2009-2978 | 1 Sugarcrm | 1 Sugarcrm | 2017-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||