|
261041
|
- |
|
flatpress
|
flatpress
|
Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) searc…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4461
|
2009-12-31 05:00 |
2009-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261042
|
- |
|
php.html
|
kandalf_upper
|
Unrestricted file upload vulnerability in upper.php in kandalf upper 0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a di…
|
NVD-CWE-Other
|
CVE-2009-4451
|
2009-12-30 14:00 |
2009-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261043
|
- |
|
virtuemart
|
virtuemart
|
SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.
|
CWE-89
SQL Injection
|
CVE-2009-4430
|
2009-12-29 14:00 |
2009-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261044
|
- |
|
codemight
|
videocms
|
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.
|
CWE-89
SQL Injection
|
CVE-2009-4432
|
2009-12-29 14:00 |
2009-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261045
|
- |
|
idevspot
|
isupport
|
Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4434
|
2009-12-29 14:00 |
2009-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261046
|
- |
|
fr.simon_rundell
|
pd_resources
|
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4397
|
2009-12-28 14:00 |
2009-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261047
|
- |
|
zend
|
framework
|
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "ev…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4417
|
2009-12-28 14:00 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261048
|
- |
|
nvidia
|
video_driver
|
NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-3532
|
2009-12-28 14:00 |
2007-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261049
|
- |
|
rocomotion
|
p_forum
|
Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2009-4383
|
2009-12-24 14:00 |
2009-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261050
|
- |
|
daniel_regelein
|
dr_blob
|
Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4391
|
2009-12-24 04:50 |
2009-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
