268131
|
- |
|
apple
|
safari
|
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browse…
|
CWE-287
Improper Authentication
|
CVE-2009-2072
|
2009-06-23 14:33 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268132
|
- |
|
steve_grundell
|
frontend_mp3_player
|
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-2103
|
2009-06-23 14:33 |
2009-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268133
|
- |
|
kasper_skrhj
|
references_database
|
SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-2105
|
2009-06-23 13:00 |
2009-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268134
|
- |
|
elvinbts
|
elvinbts
|
delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2125
|
2009-06-23 13:00 |
2009-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268135
|
- |
|
edraw
|
pdf_viewer_component
|
Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary…
|
CWE-94
Code Injection
|
CVE-2009-2169
|
2009-06-23 13:00 |
2009-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268136
|
- |
|
elvinbts
|
elvinbts
|
Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2126
|
2009-06-22 13:00 |
2009-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268137
|
- |
|
elvinbts
|
elvinbts
|
SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field.
|
CWE-89
SQL Injection
|
CVE-2009-2128
|
2009-06-22 13:00 |
2009-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268138
|
- |
|
pagedowntech
|
pdshoppro
|
Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308, allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2032
|
2009-06-20 14:29 |
2009-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268139
|
- |
|
apple
|
safari
|
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.
|
CWE-255
Credentials Management
|
CVE-2009-1682
|
2009-06-19 14:32 |
2009-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268140
|
- |
|
apple
|
safari
|
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by p…
|
CWE-94
Code Injection
|
CVE-2009-1704
|
2009-06-19 14:32 |
2009-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|