|
268351
|
- |
|
keep_toolkit
|
keep_toolkit
|
SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.
|
CWE-89
SQL Injection
|
CVE-2009-0287
|
2009-02-5 14:00 |
2009-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268352
|
- |
|
codefixer
|
linkspro
|
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter.
|
CWE-89
SQL Injection
|
CVE-2009-0431
|
2009-02-5 14:00 |
2009-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268353
|
- |
|
preprojects
|
pre_classified_listings
|
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6055
|
2009-02-5 00:30 |
2009-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268354
|
- |
|
google
|
chrome
|
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and…
|
NVD-CWE-Other
|
CVE-2009-0276
|
2009-02-4 14:00 |
2009-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268355
|
- |
|
monkey
|
trickle
|
Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD…
|
NVD-CWE-Other
|
CVE-2009-0415
|
2009-02-4 14:00 |
2009-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268356
|
- |
|
novell
|
groupwise
|
Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to co…
|
CWE-200
Information Exposure
|
CVE-2009-0274
|
2009-02-4 04:30 |
2009-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268357
|
- |
|
dataspade
|
dataspade
|
Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6041
|
2009-02-3 20:30 |
2009-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268358
|
- |
|
drupal
|
internationalization
|
Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0382
|
2009-02-3 04:30 |
2009-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268359
|
- |
|
hp
|
hplip
|
hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP in…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0122
|
2009-01-31 15:54 |
2009-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268360
|
- |
|
apple
|
cups
|
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy a…
|
CWE-255
Credentials Management
|
CVE-2008-5184
|
2009-01-29 15:58 |
2008-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
