|
270911
|
- |
|
jonijnm
|
com_kide
|
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action…
|
CWE-287
Improper Authentication
|
CVE-2009-4232
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270912
|
- |
|
youjoomla
|
yj_whois
|
Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4233
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270913
|
- |
|
micronet
|
network_access_controller_sp1910
|
Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg par…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4234
|
2009-12-9 14:00 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270914
|
- |
|
ivan_kartolo
|
direct_mail
|
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticat…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4159
|
2009-12-8 14:00 |
2009-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270915
|
- |
|
nathan_haug
|
webform
|
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a sub…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4207
|
2009-12-8 14:00 |
2009-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270916
|
- |
|
itamar_elharar
|
com_musicgallery
|
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage a…
|
CWE-89
SQL Injection
|
CVE-2009-4217
|
2009-12-8 14:00 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270917
|
- |
|
smartisoft
|
phpbazar
|
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4222
|
2009-12-8 14:00 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270918
|
- |
|
gforge
|
gforge
|
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl …
|
CWE-59
Link Following
|
CVE-2009-3304
|
2009-12-7 14:00 |
2009-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270919
|
- |
|
ibm
|
db2
db2_universal_database
|
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4150
|
2009-12-7 14:00 |
2009-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270920
|
- |
|
tw_productfinder
|
tw_productfinder
|
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-4163
|
2009-12-7 14:00 |
2009-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
