SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2009-01-30
Updated
2017-09-29
Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-01-30
Updated
2017-09-29
Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remote authenticated users to execute arbitrary code via a long LIST argument beginning with an * (asterisk) character.
Max CVSS
9.0
EPSS Score
32.04%
Published
2009-01-29
Updated
2017-09-29
Stack-based buffer overflow in Merak Media Player 3.2 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file, related to the status bar icon's tooltip. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
4.05%
Published
2009-01-29
Updated
2017-09-29
Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file.
Max CVSS
9.3
EPSS Score
3.69%
Published
2009-01-29
Updated
2017-09-29
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717.
Max CVSS
10.0
EPSS Score
1.04%
Published
2009-01-29
Updated
2018-10-30
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717.
Max CVSS
10.0
EPSS Score
1.04%
Published
2009-01-29
Updated
2018-10-30
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-01-29
Updated
2018-10-11
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-01-29
Updated
2018-10-11
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
Max CVSS
9.3
EPSS Score
15.98%
Published
2009-01-29
Updated
2018-10-11
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-01-29
Updated
2018-10-11
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.17%
Published
2009-01-29
Updated
2017-09-29
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-01-29
Updated
2017-09-29
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-01-29
Updated
2017-10-19
Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components.
Max CVSS
7.5
EPSS Score
0.14%
Published
2009-01-29
Updated
2017-08-08
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG.
Max CVSS
7.8
EPSS Score
2.21%
Published
2009-01-29
Updated
2017-09-29
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-01-29
Updated
2017-09-29
SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-01-29
Updated
2017-09-29
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.07%
Published
2009-01-29
Updated
2017-08-08
Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-01-29
Updated
2017-09-29

CVE-2009-0323

Public exploit
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.
Max CVSS
10.0
EPSS Score
95.84%
Published
2009-01-28
Updated
2018-10-11
The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer.
Max CVSS
10.0
EPSS Score
22.71%
Published
2009-01-27
Updated
2018-10-11
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
Max CVSS
7.8
EPSS Score
37.03%
Published
2009-01-27
Updated
2017-09-29
SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2009-01-27
Updated
2017-09-29
Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property.
Max CVSS
9.3
EPSS Score
15.85%
Published
2009-01-27
Updated
2017-09-29
220 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!