267971
|
- |
|
gpsdrive
|
gpsdrive
|
gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) example…
|
CWE-59
Link Following
|
CVE-2008-5703
|
2009-08-19 14:22 |
2008-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267972
|
- |
|
agares_media
|
arcadem_pro
|
SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articl…
|
CWE-89
SQL Injection
|
CVE-2008-6040
|
2009-08-19 14:22 |
2009-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267973
|
- |
|
gpsdrive
|
gpsdrive
|
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.…
|
CWE-59
Link Following
|
CVE-2008-5380
|
2009-08-19 14:21 |
2008-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267974
|
- |
|
apple microsoft
|
mac_os_x mac_os_x_server windows_vista windows_xp safari
|
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2009-2196
|
2009-08-18 13:00 |
2009-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267975
|
- |
|
freenas
|
freenas
|
Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2738
|
2009-08-18 13:00 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267976
|
- |
|
ajsquare
|
aj_matrix_dna
|
SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.
|
CWE-89
SQL Injection
|
CVE-2009-2779
|
2009-08-18 01:30 |
2009-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267977
|
- |
|
sellatsite.com
|
smart_asp_survey
|
SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2776
|
2009-08-17 13:00 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267978
|
- |
|
sun
|
java_system_access_manager java_system_web_server opensso_enterprise
|
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by read…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2712
|
2009-08-15 14:23 |
2009-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267979
|
- |
|
sun
|
java_system_access_manager java_system_web_server
|
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct cl…
|
NVD-CWE-noinfo
|
CVE-2009-2713
|
2009-08-15 14:23 |
2009-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267980
|
- |
|
freearcadescript
|
free_arcade_script
|
Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2771
|
2009-08-15 02:30 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|