267951
|
- |
|
datingpro
|
matchmaking
|
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2882
|
2009-08-21 13:00 |
2009-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267952
|
- |
|
siemens
|
gigaset_wlan_camera
|
Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details a…
|
CWE-310
Cryptographic Issues
|
CVE-2008-6993
|
2009-08-21 13:00 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267953
|
- |
|
xzeroscripts
|
xzero_community_classifieds
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2893
|
2009-08-21 02:30 |
2009-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267954
|
- |
|
cisco
|
wvc54gc
|
Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 all…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-4391
|
2009-08-20 14:21 |
2008-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267955
|
- |
|
viewvc
|
viewvc
|
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2008-1290
|
2009-08-20 14:14 |
2008-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267956
|
- |
|
viewvc
|
viewvc
|
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
|
CWE-200
Information Exposure
|
CVE-2008-1291
|
2009-08-20 14:14 |
2008-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267957
|
- |
|
viewvc
|
viewvc
|
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames …
|
CWE-200
Information Exposure
|
CVE-2008-1292
|
2009-08-20 14:14 |
2008-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267958
|
- |
|
shoppingtree
|
candypress_store
|
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTi…
|
CWE-89
SQL Injection
|
CVE-2008-0738
|
2009-08-20 14:13 |
2008-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267959
|
- |
|
shoppingtree
|
candypress_store
|
SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccoun…
|
CWE-89
SQL Injection
|
CVE-2008-0739
|
2009-08-20 14:13 |
2008-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267960
|
- |
|
ibm
|
db2
|
IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2859
|
2009-08-20 13:00 |
2009-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|