270401
|
- |
|
zen-cart
|
zen_cart
|
The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obta…
|
NVD-CWE-Other
|
CVE-2009-4323
|
2009-12-15 14:00 |
2009-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270402
|
- |
|
sun
|
ray_server_software
|
Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown…
|
NVD-CWE-noinfo
|
CVE-2009-4294
|
2009-12-14 14:00 |
2009-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270403
|
- |
|
sun
|
ray_server_software
|
Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain se…
|
CWE-310
Cryptographic Issues
|
CVE-2009-4295
|
2009-12-14 14:00 |
2009-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270404
|
- |
|
brian_miller
|
taxonomy_timer
|
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-4296
|
2009-12-14 14:00 |
2009-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270405
|
- |
|
aroundme barnraiser
|
aroundme
|
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL i…
|
CWE-94
Code Injection
|
CVE-2009-4264
|
2009-12-11 14:00 |
2009-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270406
|
- |
|
ca
|
service_desk
|
Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4149
|
2009-12-10 14:00 |
2009-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270407
|
- |
|
basic-cms
|
sweetrice
|
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4231
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270408
|
- |
|
jonijnm
|
com_kide
|
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action…
|
CWE-287
Improper Authentication
|
CVE-2009-4232
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270409
|
- |
|
youjoomla
|
yj_whois
|
Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4233
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270410
|
- |
|
micronet
|
network_access_controller_sp1910
|
Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg par…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4234
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|