|
257501
|
- |
|
ramazeiten
|
ramazaitencms0.9.7.5
ramazaitencms0.9.7.6
ramazaitencms0.9.7.8
ramazaitencms0.9.8
|
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2009-1768
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257502
|
- |
|
flyspeck
|
flyspeck_cms
|
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang…
|
CWE-22
Path Traversal
|
CVE-2009-1770
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257503
|
- |
|
flyspeck
|
flyspeck_cms
|
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[f…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1771
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257504
|
- |
|
strawberry
|
strawberry
|
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/…
|
CWE-22
Path Traversal
|
CVE-2009-1774
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257505
|
- |
|
ibm
|
aix
|
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
|
CWE-362
Race Condition
|
CVE-2009-1786
|
2017-09-29 10:34 |
2009-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257506
|
- |
|
phpdirsubmit
|
php_dir_submit
|
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) usernam…
|
CWE-89
SQL Injection
|
CVE-2009-1787
|
2017-09-29 10:34 |
2009-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257507
|
- |
|
eggheads
philip_moore
|
eggdrop
eggdrop_irc_bot
windrop
|
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a…
|
NVD-CWE-Other
|
CVE-2009-1789
|
2017-09-29 10:34 |
2009-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257508
|
- |
|
sebastian-thiele
|
st-gallery
|
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arb…
|
CWE-89
SQL Injection
|
CVE-2009-1799
|
2017-09-29 10:34 |
2009-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257509
|
- |
|
videoscript
|
youtube_video_script
|
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password paramet…
|
CWE-89
SQL Injection
|
CVE-2009-1804
|
2017-09-29 10:34 |
2009-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257510
|
- |
|
collector
|
mycolex
|
Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page par…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1809
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
