268421
|
- |
|
ryneezy
|
phosheezy
|
Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: t…
|
CWE-94
Code Injection
|
CVE-2009-0275
|
2009-01-27 05:30 |
2009-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268422
|
- |
|
trilogic
|
media_player
|
Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file. NOTE: the provenance of this …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-0266
|
2009-01-27 00:30 |
2009-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268423
|
- |
|
bsdi caldera redhat
|
bsd_os openlinux linux
|
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-1999-0002
|
2009-01-26 14:00 |
1998-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268424
|
- |
|
apple
|
safari
|
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote atta…
|
NVD-CWE-Other
|
CVE-2008-5914
|
2009-01-24 00:44 |
2009-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268425
|
- |
|
asp-dev
|
xm_events_diary
|
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5923
|
2009-01-24 00:08 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268426
|
- |
|
asp-dev
|
xm_events_diary
|
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.md…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5925
|
2009-01-23 23:58 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268427
|
- |
|
marco_d\'itri
|
ppp
|
The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.
|
CWE-59
Link Following
|
CVE-2008-5366
|
2009-01-23 15:43 |
2008-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268428
|
- |
|
modxcms
|
modxcms
|
Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2008-5941
|
2009-01-22 20:30 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268429
|
- |
|
usagi
|
mynets
|
Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE…
|
CWE-79
Cross-site Scripting
|
CVE-2009-0245
|
2009-01-22 14:00 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268430
|
- |
|
llnl
|
slurm
|
plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, w…
|
CWE-287
Improper Authentication
|
CVE-2009-0128
|
2009-01-16 14:00 |
2009-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|