CVE List - 2010 / January
Showing 101 - 200 of 319 CVEs for January 2010 (Page 2 of 4)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2009-3411 | 2010-01-13 | Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
| CVE-2009-3412 | 2010-01-13 | Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors. |
| CVE-2009-3413 | 2010-01-13 | Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability... |
| CVE-2009-3414 | 2010-01-13 | Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability... |
| CVE-2009-3415 | 2010-01-13 | Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. |
| CVE-2009-3416 | 2010-01-13 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors. |
| CVE-2010-0066 | 2010-01-13 | Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. |
| CVE-2010-0067 | 2010-01-13 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors. |
| CVE-2010-0068 | 2010-01-13 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP2, and 10.0 allows remote attackers to affect confidentiality via unknown vectors. |
| CVE-2010-0069 | 2010-01-13 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors. |
| CVE-2010-0070 | 2010-01-13 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors. |
| CVE-2010-0071 | 2010-01-13 | Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
| CVE-2010-0072 | 2010-01-13 | Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was... |
| CVE-2010-0074 | 2010-01-13 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors. |
| CVE-2010-0075 | 2010-01-13 | Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors. |
| CVE-2010-0076 | 2010-01-13 | Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. |
| CVE-2010-0077 | 2010-01-13 | Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. |
| CVE-2010-0078 | 2010-01-13 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors. |
| CVE-2010-0079 | 2010-01-13 | Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE:... |
| CVE-2010-0080 | 2010-01-13 | Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle, #21 and 9.0 Bundle #11 allows remote authenticated users to... |
| CVE-2010-0279 | 2010-01-13 | Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via... |
| CVE-2009-3637 | 2010-01-13 | Stack-based buffer overflow in the M_AddToServerList function in client/menu.c in Red Planet Arena Alien Arena 7.30 allows remote attackers to execute arbitrary code via a packet with a crafted server... |
| CVE-2009-4606 | 2010-01-13 | South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute... |
| CVE-2009-4607 | 2010-01-13 | The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on... |
| CVE-2009-4608 | 2010-01-13 | Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors... |
| CVE-2009-3954 | 2010-01-13 | The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified... |
| CVE-2009-3955 | 2010-01-13 | Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in... |
| CVE-2009-3956 | 2010-01-13 | The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has... |
| CVE-2009-3957 | 2010-01-13 | Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via... |
| CVE-2009-3958 | 2010-01-13 | Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x... |
| CVE-2009-3959 | 2010-01-13 | Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary... |
| CVE-2009-4212 | 2010-01-13 | Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow... |
| CVE-2010-0018 | 2010-01-13 | Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2;... |
| CVE-2009-3953 | 2010-01-13 | The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary... |
| CVE-2009-4487 | 2010-01-13 | nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files,... |
| CVE-2009-4488 | 2010-01-13 | Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files,... |
| CVE-2009-4489 | 2010-01-13 | header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands... |
| CVE-2009-4490 | 2010-01-13 | mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files,... |
| CVE-2009-4492 | 2010-01-13 | WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which... |
| CVE-2009-4493 | 2010-01-13 | Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or... |
| CVE-2009-4494 | 2010-01-13 | AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files,... |
| CVE-2009-4495 | 2010-01-13 | Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files,... |
| CVE-2009-4496 | 2010-01-13 | Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files,... |
| CVE-2009-4611 | 2010-01-13 | Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands... |
| CVE-2009-4609 | 2010-01-13 | The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending... |
| CVE-2009-4610 | 2010-01-13 | Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in... |
| CVE-2009-4612 | 2010-01-13 | Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2010-0015 | 2010-01-14 | nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows... |
| CVE-2009-4182 | 2010-01-14 | Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly... |
| CVE-2010-0002 | 2010-01-14 | The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences... |
| CVE-2010-0014 | 2010-01-14 | System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the... |
| CVE-2009-4355 | 2010-01-14 | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption)... |
| CVE-2010-0310 | 2010-01-14 | Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates. |
| CVE-2010-0311 | 2010-01-14 | Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows... |
| CVE-2010-0313 | 2010-01-14 | The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via... |
| CVE-2010-0314 | 2010-01-14 | Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF... |
| CVE-2010-0315 | 2010-01-14 | WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site,... |
| CVE-2009-4613 | 2010-01-14 | SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information... |
| CVE-2010-0184 | 2010-01-14 | The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions... |
| CVE-2010-0312 | 2010-01-14 | The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.2 on Linux allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via... |
| CVE-2010-0249 | 2010-01-15 | Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and... |
| CVE-2010-0280 | 2010-01-15 | Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or... |
| CVE-2010-0316 | 2010-01-15 | Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a crafted SKP file. |
| CVE-2010-0317 | 2010-01-15 | Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests... |
| CVE-2010-0318 | 2010-01-15 | The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original... |
| CVE-2010-0319 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details... |
| CVE-2010-0320 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter Central Script allows remote attackers to inject arbitrary web script or HTML via the catid parameter. |
| CVE-2010-0321 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. |
| CVE-2010-0322 | 2010-01-15 | SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0323 | 2010-01-15 | Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. |
| CVE-2010-0324 | 2010-01-15 | SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0325 | 2010-01-15 | Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. |
| CVE-2010-0326 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-0327 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different... |
| CVE-2010-0328 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-0329 | 2010-01-15 | SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and... |
| CVE-2010-0330 | 2010-01-15 | SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0331 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-0332 | 2010-01-15 | SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0333 | 2010-01-15 | SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0334 | 2010-01-15 | SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0335 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-0336 | 2010-01-15 | Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. |
| CVE-2010-0337 | 2010-01-15 | SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0338 | 2010-01-15 | SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0339 | 2010-01-15 | SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0340 | 2010-01-15 | SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0341 | 2010-01-15 | SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0342 | 2010-01-15 | SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0343 | 2010-01-15 | SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0344 | 2010-01-15 | SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0345 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-0346 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-0347 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-0348 | 2010-01-15 | Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors. |
| CVE-2010-0349 | 2010-01-15 | Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be... |
| CVE-2010-0350 | 2010-01-15 | Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors. |
| CVE-2010-0356 | 2010-01-18 | Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long... |
| CVE-2009-4614 | 2010-01-18 | Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the MOA_PATH parameter to (1) _error_funcs.php,... |
| CVE-2009-4615 | 2010-01-18 | SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action. |