|
266681
|
- |
|
a4desk
|
a4desk_flash_event_calendar
|
SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php.
|
CWE-89
SQL Injection
|
CVE-2008-6104
|
2009-02-26 16:06 |
2009-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266682
|
- |
|
futomi
|
access_analyzer_cgi
|
futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hija…
|
CWE-287
Improper Authentication
|
CVE-2008-5809
|
2009-02-26 16:05 |
2009-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266683
|
- |
|
sapporoworks
|
blackjumbodog
|
SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2008-5721
|
2009-02-26 16:04 |
2008-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266684
|
- |
|
eterm
|
eterm
|
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attac…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-1692
|
2009-02-26 15:51 |
2008-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266685
|
- |
|
aterm
eterm
mrxvt
multi-aterm
rxvt
rxvt-unicode
wterm
|
aterm
eterm
mrxvt
multi-aterm
rxvt
rxvt-unicode
wterm
|
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-1142
|
2009-02-26 14:00 |
2008-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266686
|
- |
|
rakhisoftware
|
rakhisoftware_shopping_cart
|
Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6278
|
2009-02-26 14:00 |
2009-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266687
|
- |
|
rakhisoftware
|
rakhisoftware_shopping_cart
|
RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error mess…
|
CWE-200
Information Exposure
|
CVE-2008-6279
|
2009-02-26 14:00 |
2009-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266688
|
- |
|
tor
|
tor
|
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors invol…
|
NVD-CWE-Other
|
CVE-2009-0654
|
2009-02-25 14:00 |
2009-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266689
|
- |
|
standards_based_linux_instrumentation
|
sblim-sfcb
|
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink att…
|
CWE-59
Link Following
|
CVE-2009-0416
|
2009-02-20 15:47 |
2009-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266690
|
- |
|
xine
|
xine-lib
|
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib o…
|
NVD-CWE-noinfo
|
CVE-2008-5244
|
2009-02-20 15:45 |
2008-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
