|
267281
|
- |
|
ivan_kartolo
|
direct_mail
|
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticat…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4159
|
2009-12-8 14:00 |
2009-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267282
|
- |
|
nathan_haug
|
webform
|
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a sub…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4207
|
2009-12-8 14:00 |
2009-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267283
|
- |
|
itamar_elharar
|
com_musicgallery
|
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage a…
|
CWE-89
SQL Injection
|
CVE-2009-4217
|
2009-12-8 14:00 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267284
|
- |
|
smartisoft
|
phpbazar
|
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4222
|
2009-12-8 14:00 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267285
|
- |
|
gforge
|
gforge
|
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl …
|
CWE-59
Link Following
|
CVE-2009-3304
|
2009-12-7 14:00 |
2009-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267286
|
- |
|
ibm
|
db2
db2_universal_database
|
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4150
|
2009-12-7 14:00 |
2009-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267287
|
- |
|
tw_productfinder
|
tw_productfinder
|
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-4163
|
2009-12-7 14:00 |
2009-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267288
|
- |
|
lukas_taferner
|
it_basetag
|
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2009-4167
|
2009-12-7 14:00 |
2009-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267289
|
- |
|
sun
|
java_system_portal_server
|
Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via uns…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4187
|
2009-12-4 14:00 |
2009-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267290
|
- |
|
hp
|
operations_dashboard
|
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct un…
|
CWE-255
Credentials Management
|
CVE-2009-4188
|
2009-12-4 14:00 |
2009-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
