Max CVSS 10.0 Min CVSS 3.5 Total Count19
IDCVSSSummaryLast (major) updatePublished
CVE-2004-1235 6.2
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
17-10-2016 - 22:52 14-04-2005 - 00:00
CVE-2009-2123 7.5
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id
24-08-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2161 5.1
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter,
25-06-2009 - 00:00 22-06-2009 - 15:30
CVE-2009-2160 5.0
TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a
25-06-2009 - 00:00 22-06-2009 - 15:30
CVE-2009-2158 7.5
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.
25-06-2009 - 00:00 22-06-2009 - 15:30
CVE-2009-2099 7.5
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
23-06-2009 - 01:33 17-06-2009 - 13:30
CVE-2009-2159 6.4
backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/.
23-06-2009 - 00:00 22-06-2009 - 15:30
CVE-2009-2157 6.5
Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php
23-06-2009 - 00:00 22-06-2009 - 15:30
CVE-2009-2156 3.5
Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name f
23-06-2009 - 00:00 22-06-2009 - 15:30
CVE-2009-2152 7.5
SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action.
23-06-2009 - 00:00 22-06-2009 - 10:30
CVE-2009-2151 5.0
Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter.
23-06-2009 - 00:00 22-06-2009 - 10:30
CVE-2009-2130 5.0
Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request.
22-06-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2129 6.8
Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.
22-06-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2127 4.3
Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
22-06-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2124 7.5
Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
22-06-2009 - 00:00 19-06-2009 - 14:00
CVE-2009-2111 10.0
Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.
19-06-2009 - 00:00 18-06-2009 - 17:30
CVE-2009-2110 7.6
Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) con
19-06-2009 - 00:00 18-06-2009 - 17:30
CVE-2009-1777 5.0
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter.
04-06-2009 - 01:26 22-05-2009 - 16:30
CVE-2009-1776 4.3
Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url param
04-06-2009 - 01:26 22-05-2009 - 16:30
Back to Top Mark selected
Back to Top