270911
|
- |
|
foxitsoftware
|
foxit_reader jpeg2000\/jbig2_decoder_add-on
|
The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, whic…
|
CWE-189
Numeric Errors
|
CVE-2009-0690
|
2009-06-24 13:00 |
2009-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270912
|
- |
|
mahara
|
mahara
|
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2170
|
2009-06-24 13:00 |
2009-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270913
|
- |
|
mahara
|
mahara
|
Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2171
|
2009-06-24 13:00 |
2009-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270914
|
- |
|
emn
|
coccinelle
|
Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."
|
CWE-59
Link Following
|
CVE-2009-1753
|
2009-06-23 14:33 |
2009-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270915
|
- |
|
sun
|
opensolaris solaris
|
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS sha…
|
CWE-255
Credentials Management
|
CVE-2009-1933
|
2009-06-23 14:33 |
2009-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270916
|
- |
|
google
|
chrome
|
Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary…
|
CWE-287
Improper Authentication
|
CVE-2009-2071
|
2009-06-23 14:33 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270917
|
- |
|
apple
|
safari
|
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browse…
|
CWE-287
Improper Authentication
|
CVE-2009-2072
|
2009-06-23 14:33 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270918
|
- |
|
steve_grundell
|
frontend_mp3_player
|
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-2103
|
2009-06-23 14:33 |
2009-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270919
|
- |
|
kasper_skrhj
|
references_database
|
SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-2105
|
2009-06-23 13:00 |
2009-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270920
|
- |
|
elvinbts
|
elvinbts
|
delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2125
|
2009-06-23 13:00 |
2009-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|