|
271031
|
- |
|
smartisoft
|
phpbazar
|
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4222
|
2009-12-8 14:00 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271032
|
- |
|
gforge
|
gforge
|
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl …
|
CWE-59
Link Following
|
CVE-2009-3304
|
2009-12-7 14:00 |
2009-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271033
|
- |
|
ibm
|
db2
db2_universal_database
|
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4150
|
2009-12-7 14:00 |
2009-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271034
|
- |
|
tw_productfinder
|
tw_productfinder
|
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-4163
|
2009-12-7 14:00 |
2009-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271035
|
- |
|
lukas_taferner
|
it_basetag
|
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2009-4167
|
2009-12-7 14:00 |
2009-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271036
|
- |
|
sun
|
java_system_portal_server
|
Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via uns…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4187
|
2009-12-4 14:00 |
2009-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271037
|
- |
|
hp
|
operations_dashboard
|
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct un…
|
CWE-255
Credentials Management
|
CVE-2009-4188
|
2009-12-4 14:00 |
2009-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271038
|
- |
|
hp
|
operations_manager
|
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestr…
|
CWE-255
Credentials Management
|
CVE-2009-4189
|
2009-12-4 14:00 |
2009-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271039
|
- |
|
sun
|
opensolaris
|
Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnD…
|
NVD-CWE-noinfo
|
CVE-2009-4190
|
2009-12-4 14:00 |
2009-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271040
|
- |
|
interspire
|
knowledge_manager
|
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the proven…
|
CWE-22
Path Traversal
|
CVE-2009-4192
|
2009-12-4 14:00 |
2009-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
