CVE-2009-3439

Multiple SQL injection vulnerabilities in Open Source Security Information Management OSSIM before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the iddocument parameter to 1 repositorydocument.php, 2 repositorylinks.php, and 3 repositoryeditdocument.php in...

CVE-2009-3439

Multiple SQL injection vulnerabilities in Open Source Security Information Management OSSIM before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the iddocument parameter to 1 repositorydocument.php, 2 repositorylinks.php, and 3 repositoryeditdocument.php in...

CVE-2009-3418

Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow 1 remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and 2 remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an editlink action to...

PT-2009-5712 · Plume · Plume Cms

Name of the Vulnerable Software and Affected Versions: Plume CMS version 1.2.3 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the "m" parameter to "manager/index.php" or by remote authenticated administrators via the "id"...

PT-2009-5715 · Zenas · Zenas Paobacheca Guestbook

Name of the Vulnerable Software and Affected Versions: Zenas PaoBacheca Guestbook version 2.1 Description: The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the login ok parameter to 1 when register globals is enabled...

CVE-2009-3369

CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then...

No title provided

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service backend shutdown by "re-LOAD-ing" libraries from a certain plugins directory...

RedHat Security Advisory RHSA-2009:1451

The remote host is missing updates announced in advisory RHSA-2009:1451. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. An input validation flaw w...

CVE-2009-2813

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote...

Server side request forgery (ssrf)

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to 1 admin/reset.php and 2 admin/useradd.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request...

Debian: Security Advisory (DSA-1877-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-7100

Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity."...

CVE-2008-7046

AJ Square Free Polling Script AJPoll allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third part...

CVE-2008-7023

Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in...

CVE-2008-7011

The CVE-2008-7011 issue affects the Unreal Engine used by Unreal Tournament 3 (v1.3) and several other titles (UT2003/2004, Dead Man’s Hand, Pariah, WarPath, Postal2, Shadow Ops). The vulnerability allows remote authenticated users to trigger a denial of service (server exit) by issuing multiple ...

Mandrake Security Advisory MDVSA-2009:199 (subversion)

The remote host is missing an update to subversion announced via advisory MDVSA-2009:199. OpenVAS Vulnerability Test $Id: mdksa2009199.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:199 subversion Authors: Thomas Reinke Copyright: Copyright c 2009...

Fedora Core 11 FEDORA-2009-8101 (sssd)

The remote host is missing an update to sssd announced via advisory FEDORA-2009-8101. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Design/Logic Flaw

The Migration component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file...

CVE-2009-1544

Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or...

CVE-2008-6956

Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from...