270791
|
- |
|
toni_mueller
|
roundup
|
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2737
|
2009-08-26 14:25 |
2009-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270792
|
- |
|
adobe
|
coldfusion
|
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerabil…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1875
|
2009-08-26 14:24 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270793
|
- |
|
adobe
|
coldfusion
|
Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."
|
NVD-CWE-Other
|
CVE-2009-1876
|
2009-08-26 14:24 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270794
|
- |
|
adobe
|
coldfusion
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1877
|
2009-08-26 14:24 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270795
|
- |
|
sun
|
openjdk
|
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed j…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1896
|
2009-08-26 14:24 |
2009-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270796
|
- |
|
guus_sliepen
|
dhis-server
|
dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file.
|
CWE-59
Link Following
|
CVE-2008-4947
|
2009-08-26 14:17 |
2008-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270797
|
- |
|
nostatic
|
digitaldj
|
fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ddj_fest.tmp temporary file.
|
CWE-59
Link Following
|
CVE-2008-4948
|
2009-08-26 14:17 |
2008-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270798
|
- |
|
fumitoshi_ukai
|
fml
|
mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file.
|
CWE-59
Link Following
|
CVE-2008-4954
|
2009-08-26 14:17 |
2008-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270799
|
- |
|
dov_grobgeld
|
impose\+
|
impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files.
|
CWE-59
Link Following
|
CVE-2008-4960
|
2009-08-26 14:17 |
2008-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270800
|
- |
|
adobe
|
coldfusion
|
Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2009-1878
|
2009-08-26 13:00 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|