268101
|
- |
|
mahara
|
mahara
|
Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2171
|
2009-06-24 13:00 |
2009-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268102
|
- |
|
emn
|
coccinelle
|
Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."
|
CWE-59
Link Following
|
CVE-2009-1753
|
2009-06-23 14:33 |
2009-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268103
|
- |
|
sun
|
opensolaris solaris
|
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS sha…
|
CWE-255
Credentials Management
|
CVE-2009-1933
|
2009-06-23 14:33 |
2009-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268104
|
- |
|
google
|
chrome
|
Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary…
|
CWE-287
Improper Authentication
|
CVE-2009-2071
|
2009-06-23 14:33 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268105
|
- |
|
apple
|
safari
|
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browse…
|
CWE-287
Improper Authentication
|
CVE-2009-2072
|
2009-06-23 14:33 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268106
|
- |
|
steve_grundell
|
frontend_mp3_player
|
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-2103
|
2009-06-23 14:33 |
2009-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268107
|
- |
|
kasper_skrhj
|
references_database
|
SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-2105
|
2009-06-23 13:00 |
2009-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268108
|
- |
|
elvinbts
|
elvinbts
|
delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2125
|
2009-06-23 13:00 |
2009-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268109
|
- |
|
edraw
|
pdf_viewer_component
|
Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary…
|
CWE-94
Code Injection
|
CVE-2009-2169
|
2009-06-23 13:00 |
2009-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268110
|
- |
|
elvinbts
|
elvinbts
|
Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2126
|
2009-06-22 13:00 |
2009-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|