|
275841
|
- |
|
ajsquare
|
free_polling_script
|
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. …
|
CWE-287
Improper Authentication
|
CVE-2008-7046
|
2009-08-24 19:30 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275842
|
- |
|
wowraidmanager
|
wowraidmanager
|
The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required argume…
|
CWE-255
Credentials Management
|
CVE-2008-7050
|
2009-08-24 19:30 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275843
|
- |
|
cisco
|
ios_xr
|
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Att…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1154
|
2009-08-22 02:30 |
2009-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275844
|
- |
|
cisco
|
ios_xr
|
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2056
|
2009-08-22 02:30 |
2009-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275845
|
- |
|
sun
|
virtual_desktop_infrastructure
|
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow …
|
CWE-200
Information Exposure
|
CVE-2009-2856
|
2009-08-22 00:25 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275846
|
- |
|
2fly
|
gift_delivery_system
|
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
|
CWE-89
SQL Injection
|
CVE-2009-2915
|
2009-08-21 20:30 |
2009-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275847
|
- |
|
xzeroscripts
|
xzero_community_classifieds
|
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this i…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2913
|
2009-08-21 20:02 |
2009-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275848
|
- |
|
cisco
|
ios_xr
|
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
|
CWE-20
Improper Input Validation
|
CVE-2009-2055
|
2009-08-21 13:00 |
2009-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275849
|
- |
|
edgewall
firestats
|
firestats
|
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-2144
|
2009-08-21 13:00 |
2009-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275850
|
- |
|
php.s3
|
tree_bbs
|
Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2226
|
2009-08-21 13:00 |
2009-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
