271251
|
- |
|
calimero.cms
|
calimero.cms
|
Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action.
|
CWE-79
Cross-site Scripting
|
CVE-2008-0749
|
2009-08-25 14:09 |
2008-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271252
|
- |
|
ajsquare
|
free_polling_script
|
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. …
|
CWE-287
Improper Authentication
|
CVE-2008-7046
|
2009-08-24 19:30 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271253
|
- |
|
wowraidmanager
|
wowraidmanager
|
The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required argume…
|
CWE-255
Credentials Management
|
CVE-2008-7050
|
2009-08-24 19:30 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271254
|
- |
|
cisco
|
ios_xr
|
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Att…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1154
|
2009-08-22 02:30 |
2009-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271255
|
- |
|
cisco
|
ios_xr
|
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2056
|
2009-08-22 02:30 |
2009-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271256
|
- |
|
sun
|
virtual_desktop_infrastructure
|
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow …
|
CWE-200
Information Exposure
|
CVE-2009-2856
|
2009-08-22 00:25 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271257
|
- |
|
2fly
|
gift_delivery_system
|
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
|
CWE-89
SQL Injection
|
CVE-2009-2915
|
2009-08-21 20:30 |
2009-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271258
|
- |
|
xzeroscripts
|
xzero_community_classifieds
|
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this i…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2913
|
2009-08-21 20:02 |
2009-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271259
|
- |
|
cisco
|
ios_xr
|
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
|
CWE-20
Improper Input Validation
|
CVE-2009-2055
|
2009-08-21 13:00 |
2009-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271260
|
- |
|
edgewall firestats
|
firestats
|
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-2144
|
2009-08-21 13:00 |
2009-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|