|
271211
|
- |
|
asp-dev
|
xm_events_diary
|
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.md…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5925
|
2009-01-23 23:58 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271212
|
- |
|
marco_d\'itri
|
ppp
|
The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.
|
CWE-59
Link Following
|
CVE-2008-5366
|
2009-01-23 15:43 |
2008-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271213
|
- |
|
modxcms
|
modxcms
|
Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2008-5941
|
2009-01-22 20:30 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271214
|
- |
|
usagi
|
mynets
|
Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE…
|
CWE-79
Cross-site Scripting
|
CVE-2009-0245
|
2009-01-22 14:00 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271215
|
- |
|
llnl
|
slurm
|
plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, w…
|
CWE-287
Improper Authentication
|
CVE-2009-0128
|
2009-01-16 14:00 |
2009-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271216
|
- |
|
perl-openssl
|
libcrypt-openssl-dsa-perl
|
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate …
|
CWE-287
Improper Authentication
|
CVE-2009-0129
|
2009-01-16 14:00 |
2009-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271217
|
- |
|
microsoft
|
internet_information_services
|
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers …
|
CWE-200
Information Exposure
|
CVE-2003-1567
|
2009-01-16 14:00 |
2009-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271218
|
- |
|
punbb
|
punbb
|
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.
|
CWE-79
Cross-site Scripting
|
CVE-2008-5435
|
2009-01-15 15:33 |
2008-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271219
|
- |
|
goople_cms
|
goople_cms
|
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unk…
|
CWE-89
SQL Injection
|
CVE-2009-0121
|
2009-01-15 14:00 |
2009-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271220
|
- |
|
injader
|
injader
|
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: so…
|
CWE-79
Cross-site Scripting
|
CVE-2008-5891
|
2009-01-13 05:00 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
