|
261101
|
- |
|
aroundme
barnraiser
|
aroundme
|
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL i…
|
CWE-94
Code Injection
|
CVE-2009-4264
|
2009-12-11 14:00 |
2009-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261102
|
- |
|
ca
|
service_desk
|
Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4149
|
2009-12-10 14:00 |
2009-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261103
|
- |
|
basic-cms
|
sweetrice
|
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4231
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261104
|
- |
|
jonijnm
|
com_kide
|
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action…
|
CWE-287
Improper Authentication
|
CVE-2009-4232
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261105
|
- |
|
youjoomla
|
yj_whois
|
Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4233
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261106
|
- |
|
micronet
|
network_access_controller_sp1910
|
Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg par…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4234
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261107
|
- |
|
ivan_kartolo
|
direct_mail
|
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticat…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4159
|
2009-12-8 14:00 |
2009-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261108
|
- |
|
nathan_haug
|
webform
|
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a sub…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4207
|
2009-12-8 14:00 |
2009-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261109
|
- |
|
itamar_elharar
|
com_musicgallery
|
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage a…
|
CWE-89
SQL Injection
|
CVE-2009-4217
|
2009-12-8 14:00 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261110
|
- |
|
smartisoft
|
phpbazar
|
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4222
|
2009-12-8 14:00 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
