|
267841
|
- |
|
chinagames
|
igame
|
Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argumen…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1800
|
2009-05-28 23:30 |
2009-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267842
|
- |
|
activecollab
|
activecollab
|
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message.
|
CWE-20
Improper Input Validation
|
CVE-2009-1773
|
2009-05-24 13:00 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267843
|
- |
|
ulteo
|
open_virtual_desktop
|
Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop 1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter to header.php. NOTE: the provenance …
|
CWE-79
Cross-site Scripting
|
CVE-2009-1785
|
2009-05-24 13:00 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267844
|
- |
|
cisco
|
wvc54gca
|
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to o…
|
CWE-200
Information Exposure
|
CVE-2009-1555
|
2009-05-23 14:31 |
2009-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267845
|
- |
|
cisco
|
wvc54gca
|
img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file pa…
|
CWE-200
Information Exposure
|
CVE-2009-1556
|
2009-05-23 14:31 |
2009-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267846
|
- |
|
cgi_rescue
|
cgi_web_mailer
|
CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, …
|
CWE-79
Cross-site Scripting
|
CVE-2009-1591
|
2009-05-23 14:31 |
2009-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267847
|
- |
|
gnome
|
evolution
|
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which all…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1631
|
2009-05-23 14:31 |
2009-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267848
|
- |
|
transmissionbt
|
transmission
|
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2009-1757
|
2009-05-22 20:52 |
2009-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267849
|
- |
|
drupal
|
drupal
|
Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims i…
|
NVD-CWE-noinfo
|
CVE-2009-1576
|
2009-05-20 14:36 |
2009-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267850
|
- |
|
gpsdrive
|
gpsdrive
|
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different …
|
CWE-59
Link Following
|
CVE-2008-5704
|
2009-05-20 13:00 |
2008-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
