268821
|
- |
|
virtual_programming
|
vp-asp
|
SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.
|
NVD-CWE-Other
|
CVE-2002-1919
|
2009-04-11 13:14 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268822
|
- |
|
glfusion
|
glfusion
|
Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-1281
|
2009-04-10 13:00 |
2009-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268823
|
- |
|
stanislas_rolland
|
sr_feuser_register
|
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1264
|
2009-04-8 13:00 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268824
|
- |
|
drupal
|
feedapi_mapper
|
Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1249
|
2009-04-7 13:00 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268825
|
- |
|
phpcredo
|
phcdownload
|
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknow…
|
CWE-89
SQL Injection
|
CVE-2008-6596
|
2009-04-6 13:00 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268826
|
- |
|
phpcredo
|
phcdownload
|
Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6597
|
2009-04-6 13:00 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268827
|
- |
|
xmlportal
|
xmlportal
|
Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6600
|
2009-04-6 13:00 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268828
|
- |
|
easyscripts
|
easynews
|
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.
|
NVD-CWE-Other
|
CVE-2001-1527
|
2009-04-3 13:11 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268829
|
- |
|
newsscript.co.uk
|
newsscript
|
newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2005-0735
|
2009-04-3 13:00 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268830
|
- |
|
php_heaven
|
phpmychat
|
Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2…
|
CWE-22
Path Traversal
|
CVE-2004-2717
|
2009-04-3 13:00 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|