|
257411
|
- |
|
virtuenetz
|
virtue_news_manager
|
Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2020
|
2017-09-29 10:34 |
2009-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257412
|
- |
|
virtuenetz
|
virtue_classifieds
|
SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2021
|
2017-09-29 10:34 |
2009-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257413
|
- |
|
fipsasp
|
fipscms_light
|
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2022
|
2017-09-29 10:34 |
2009-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257414
|
- |
|
shop-script
|
shop-script
|
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2023
|
2017-09-29 10:34 |
2009-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257415
|
- |
|
vt.rovno
|
asp_vt_auth
|
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2024
|
2017-09-29 10:34 |
2009-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257416
|
- |
|
dutchmonkey
|
dm_filemanager
|
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to cert…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2025
|
2017-09-29 10:34 |
2009-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257417
|
- |
|
sun
|
opensolaris
solaris
|
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified ve…
|
NVD-CWE-noinfo
|
CVE-2009-2029
|
2017-09-29 10:34 |
2009-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257418
|
- |
|
ricardo_alexandre_de_oliveira_staudt
|
yogurt
|
Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2033
|
2017-09-29 10:34 |
2009-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257419
|
- |
|
ricardo_alexandre_de_oliveira_staudt
|
yogurt
|
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2034
|
2017-09-29 10:34 |
2009-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257420
|
- |
|
onlinegrades
|
online_grades
|
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbit…
|
CWE-22
Path Traversal
|
CVE-2009-2037
|
2017-09-29 10:34 |
2009-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
