CVE-2009-4329

Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service segmentation fault by modifying the db2ra data stream sent in a request from the Load Utility...

CVE-2009-4963

Cross-site scripting XSS vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a 1 sequence or 2 global-variable object, which allows remote authenticated users to make use of data via unspecified vectors...

CVE-2009-4159

Cross-site scripting XSS vulnerability in the newsletter configuration feature in the backend module in the Direct Mail directmail extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4595

SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the supid parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...

CVE-2009-4328

Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service server trap by calling a SQL stored procedure in unknown circumstances...

CVE-2009-4922

Unspecified vulnerability on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote authenticated users to cause a denial of service traceback by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583...

CVE-2010-0215

ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and 1 delete an attachment or 2 subscribe to an object, via a crafted URL...

CVE-2010-0501

Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames...

CVE-2010-0142

MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530...

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

CVE-2007-4309

IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini 1 KFMShowEntropy and 2 DebugOutfile debug variables, a different vulnerability than CVE-2005-2696...

CVE-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...

CVE-2022-38089

Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2022-38485

A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges...

CVE-2022-23675

A remote authenticated stored cross-site scripting xss vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

CVE-2022-0182

Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master...

CVE-2022-26041

Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors...

CVE-2022-26595

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI...

CVE-2022-35239

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...