|
267391
|
- |
|
runcms
|
runcms
|
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/syste…
|
CWE-94
Code Injection
|
CVE-2009-3814
|
2009-10-28 13:00 |
2009-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267392
|
- |
|
runcms
|
runcms
|
RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to…
|
CWE-200
Information Exposure
|
CVE-2009-3815
|
2009-10-28 13:00 |
2009-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267393
|
- |
|
ibm
|
rational_requisitepro
|
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3730
|
2009-10-27 14:28 |
2009-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267394
|
- |
|
mysql-ocaml
|
mysql-ocaml
|
The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character en…
|
NVD-CWE-noinfo
|
CVE-2009-2942
|
2009-10-27 14:27 |
2009-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267395
|
- |
|
sjoerd_arendsen
|
simplenews_statistics
|
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspeci…
|
CWE-352
Origin Validation Error
|
CVE-2009-3784
|
2009-10-27 13:00 |
2009-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267396
|
- |
|
ocaml
|
postgresql-ocaml
|
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues inv…
|
NVD-CWE-noinfo
|
CVE-2009-2943
|
2009-10-23 13:00 |
2009-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267397
|
- |
|
gallium.inria
|
camimages
|
Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buff…
|
CWE-189
Numeric Errors
|
CVE-2009-3296
|
2009-10-21 13:00 |
2009-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267398
|
- |
|
vmware
|
fusion
|
Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.
|
CWE-189
Numeric Errors
|
CVE-2009-3282
|
2009-10-20 13:00 |
2009-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267399
|
- |
|
vmware
|
fusion
|
Per: http://lists.vmware.com/pipermail/security-announce/2009/000066.html
Solution
Please review the patch/release notes for your product and version
and verify the md5sum and/or the sh…
|
CWE-189
Numeric Errors
|
CVE-2009-3282
|
2009-10-20 13:00 |
2009-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267400
|
- |
|
vmware
|
fusion
|
The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-3281
|
2009-10-19 13:00 |
2009-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
