|
267861
|
- |
|
dotnetnuke
|
dotnetnuke
|
Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors …
|
CWE-79
Cross-site Scripting
|
CVE-2009-1366
|
2009-05-14 14:36 |
2009-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267862
|
- |
|
php
|
php
|
PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it eas…
|
CWE-16
Configuration
|
CVE-2008-5844
|
2009-05-14 14:32 |
2009-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267863
|
- |
|
asterisk
|
zaptel
|
Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by w…
|
CWE-189
Numeric Errors
|
CVE-2008-5396
|
2009-05-14 14:31 |
2008-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267864
|
- |
|
exif
|
exif
|
Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1501
|
2009-05-13 14:28 |
2009-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267865
|
- |
|
drupal
|
nodeaccess_userreference
|
The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which mi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1507
|
2009-05-13 14:28 |
2009-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267866
|
- |
|
r020
|
tematres
|
Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_pass…
|
CWE-89
SQL Injection
|
CVE-2009-1585
|
2009-05-13 14:28 |
2009-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267867
|
- |
|
hp
|
openview_network_node_manager
|
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.
|
NVD-CWE-noinfo
CWE-94
Code Injection
|
CVE-2009-0720
|
2009-05-13 14:27 |
2009-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267868
|
- |
|
mpfr
|
gnu_mpfr
|
Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-0757
|
2009-05-13 14:27 |
2009-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267869
|
- |
|
andrew_j.korty
|
pam_ssh
|
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier fo…
|
CWE-255
Credentials Management
|
CVE-2009-1273
|
2009-05-13 14:27 |
2009-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267870
|
- |
|
cgi_rescue
|
form2mail
|
Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form.
|
NVD-CWE-noinfo
|
CVE-2009-1590
|
2009-05-11 13:00 |
2009-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
