|
266671
|
- |
|
angrydonuts
|
nodequeue
|
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2075
|
2009-06-19 13:00 |
2009-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266672
|
- |
|
angrydonuts
|
views
|
Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2077
|
2009-06-19 13:00 |
2009-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266673
|
- |
|
squid
|
squid_web_proxy_cache
|
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight,…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0801
|
2009-06-18 13:00 |
2009-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266674
|
- |
|
qbik
|
wingate
|
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silve…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0802
|
2009-06-18 13:00 |
2009-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266675
|
- |
|
smoothwall
|
networkguardian
schoolguardian
smoothguardian
|
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote e…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0803
|
2009-06-18 13:00 |
2009-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266676
|
- |
|
ziproxy
|
ziproxy
|
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silv…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0804
|
2009-06-18 13:00 |
2009-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266677
|
- |
|
bookelves
|
kipper
|
Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: th…
|
CWE-79
Cross-site Scripting
|
CVE-2009-0764
|
2009-06-17 13:00 |
2009-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266678
|
- |
|
ibm
|
tivoli_storage_manager_hsm
|
Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denia…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-0869
|
2009-06-17 13:00 |
2009-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266679
|
- |
|
heine.familiedeelstra
|
booktree
|
Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2078
|
2009-06-17 13:00 |
2009-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266680
|
- |
|
creative_web_solutions
|
multi-level_cms
|
SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: some of these de…
|
CWE-89
SQL Injection
|
CVE-2009-2082
|
2009-06-17 13:00 |
2009-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
