| Max CVSS | 8.8 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-4529 | 5.0 |
InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs.
|
14-02-2024 - 01:17 | 31-12-2009 - 19:30 | |
| CVE-2009-4521 | 4.3 |
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __rep
|
10-10-2018 - 19:49 | 31-12-2009 - 19:30 | |
| CVE-2007-2600 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; th
|
11-10-2017 - 01:32 | 11-05-2007 - 10:19 | |
| CVE-2009-4533 | 5.0 |
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vector
|
17-08-2017 - 01:31 | 31-12-2009 - 19:30 | |
| CVE-2009-4532 | 3.5 |
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field lab
|
17-08-2017 - 01:31 | 31-12-2009 - 19:30 | |
| CVE-2009-4528 | 6.5 |
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors.
|
17-08-2017 - 01:31 | 31-12-2009 - 19:30 | |
| CVE-2009-4524 | 4.3 |
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
|
17-08-2017 - 01:31 | 31-12-2009 - 19:30 | |
| CVE-2009-4522 | 4.3 |
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information
|
17-08-2017 - 01:31 | 31-12-2009 - 19:30 | |
| CVE-2009-1969 | 2.1 |
Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality via unknown vectors.
|
17-08-2017 - 01:30 | 14-07-2009 - 23:30 | |
| CVE-2008-6424 | 8.8 |
Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot).
|
17-08-2017 - 01:29 | 06-03-2009 - 18:30 | |
| CVE-2004-1994 | 5.0 |
FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm.
|
11-07-2017 - 01:31 | 05-05-2004 - 04:00 | |
| CVE-2005-1403 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor paramet
|
05-09-2008 - 20:49 | 03-05-2005 - 04:00 |