|
266721
|
- |
|
zabbix
|
zabbix
|
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
|
CWE-78
OS Command
|
CVE-2009-4498
|
2010-05-25 14:49 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266722
|
- |
|
sun
|
java_system_access_manager
|
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2268
|
2010-05-25 14:45 |
2009-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266723
|
- |
|
sun
|
java_system_access_manager
|
Per: http://secunia.com/advisories/35651
"NOTE: This only affects Sun Java System Access Manager if Cross-Domain Single Sign-On (CDSSO) functionality is enabled."
|
CWE-79
Cross-site Scripting
|
CVE-2009-2268
|
2010-05-25 14:45 |
2009-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266724
|
- |
|
info-zip
|
unzip
|
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
|
NVD-CWE-Other
|
CVE-2001-1268
|
2010-05-25 13:10 |
2001-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266725
|
- |
|
info-zip
|
unzip
|
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
|
NVD-CWE-Other
|
CVE-2001-1269
|
2010-05-25 13:10 |
2001-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266726
|
- |
|
xfree86_project
|
xfree86_x_server
|
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
|
NVD-CWE-Other
|
CVE-2001-1409
|
2010-05-25 13:10 |
2003-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266727
|
- |
|
sebrac.webcindario
|
migascms
|
SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo act…
|
CWE-89
SQL Injection
|
CVE-2010-2012
|
2010-05-25 02:30 |
2010-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266728
|
- |
|
createch-group
|
lisk_cms
|
Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2010-2014
|
2010-05-25 02:30 |
2010-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266729
|
- |
|
createch-group
|
lisk_cms
|
Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a view_inbox action to cp/cp_messages.php or (2) the id par…
|
CWE-89
SQL Injection
|
CVE-2010-2015
|
2010-05-25 02:30 |
2010-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266730
|
- |
|
bukulokomedia
|
lokomedia_cms
|
Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter. NOTE: some of t…
|
CWE-79
Cross-site Scripting
|
CVE-2010-2017
|
2010-05-25 02:30 |
2010-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
