The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.
Max CVSS
6.8
EPSS Score
97.04%
Published
2009-04-30
Updated
2017-09-29
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
Max CVSS
9.3
EPSS Score
96.04%
Published
2009-04-30
Updated
2018-11-08
includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.
Max CVSS
7.5
EPSS Score
1.10%
Published
2009-04-29
Updated
2017-09-29
Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php.
Max CVSS
6.8
EPSS Score
1.59%
Published
2009-04-29
Updated
2017-09-29
SQL injection vulnerability in pages/login.php in FunGamez RC1 allows remote attackers to execute arbitrary SQL commands via the login_user (aka username) parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.27%
Published
2009-04-29
Updated
2017-09-29
Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter.
Max CVSS
7.5
EPSS Score
1.12%
Published
2009-04-29
Updated
2017-09-29
Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/.
Max CVSS
6.8
EPSS Score
8.95%
Published
2009-04-29
Updated
2017-09-29
SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.17%
Published
2009-04-29
Updated
2017-08-17
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-04-29
Updated
2018-10-10
Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file.
Max CVSS
7.5
EPSS Score
2.18%
Published
2009-04-28
Updated
2017-08-17
The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
Max CVSS
7.2
EPSS Score
0.05%
Published
2009-04-28
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.
Max CVSS
6.8
EPSS Score
0.36%
Published
2009-04-28
Updated
2017-08-17
Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
Max CVSS
6.5
EPSS Score
0.79%
Published
2009-04-28
Updated
2018-10-10
Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact.
Max CVSS
6.8
EPSS Score
0.22%
Published
2009-04-28
Updated
2017-08-17
SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
0.06%
Published
2009-04-28
Updated
2018-10-10
Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450.
Max CVSS
7.5
EPSS Score
2.25%
Published
2009-04-28
Updated
2017-09-29
PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter.
Max CVSS
7.5
EPSS Score
0.50%
Published
2009-04-28
Updated
2017-09-29
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.1 allows remote attackers to execute arbitrary code via a skin file (skin.ini) with a large PlaylistSkin parameter. NOTE: this may overlap CVE-2008-5735.
Max CVSS
9.3
EPSS Score
4.07%
Published
2009-04-27
Updated
2017-09-29
Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
Max CVSS
6.8
EPSS Score
1.61%
Published
2009-04-27
Updated
2017-09-29
Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information.
Max CVSS
6.5
EPSS Score
0.95%
Published
2009-04-27
Updated
2017-09-29
Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php.
Max CVSS
7.5
EPSS Score
0.45%
Published
2009-04-27
Updated
2017-09-29
PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.
Max CVSS
7.5
EPSS Score
0.60%
Published
2009-04-27
Updated
2017-09-29
Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.38%
Published
2009-04-27
Updated
2009-04-28
Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename.
Max CVSS
6.8
EPSS Score
1.55%
Published
2009-04-27
Updated
2017-08-17
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
Max CVSS
7.8
EPSS Score
11.50%
Published
2009-04-27
Updated
2018-10-10
322 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!