270961
|
- |
|
stanislas_rolland
|
sr_feuser_register
|
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1264
|
2009-04-8 13:00 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270962
|
- |
|
drupal
|
feedapi_mapper
|
Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1249
|
2009-04-7 13:00 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270963
|
- |
|
phpcredo
|
phcdownload
|
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknow…
|
CWE-89
SQL Injection
|
CVE-2008-6596
|
2009-04-6 13:00 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270964
|
- |
|
phpcredo
|
phcdownload
|
Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6597
|
2009-04-6 13:00 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270965
|
- |
|
xmlportal
|
xmlportal
|
Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6600
|
2009-04-6 13:00 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270966
|
- |
|
easyscripts
|
easynews
|
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.
|
NVD-CWE-Other
|
CVE-2001-1527
|
2009-04-3 13:11 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270967
|
- |
|
newsscript.co.uk
|
newsscript
|
newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2005-0735
|
2009-04-3 13:00 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270968
|
- |
|
php_heaven
|
phpmychat
|
Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2…
|
CWE-22
Path Traversal
|
CVE-2004-2717
|
2009-04-3 13:00 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270969
|
- |
|
phpmyadmin
|
phpmyadmin
|
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in t…
|
NVD-CWE-Other
|
CVE-2001-1060
|
2009-04-3 13:00 |
2001-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270970
|
- |
|
darren_reed
|
ipfilter
|
IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2002-1978
|
2009-04-3 13:00 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|