|
257521
|
- |
|
2daybiz
|
custom_t-shirt_design_script
|
Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-1820
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257522
|
- |
|
dmxready
|
registration_manager
|
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request fo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1821
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257523
|
- |
|
gonzalo_maser
|
com_artforms
|
Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConf…
|
CWE-94
Code Injection
|
CVE-2009-1822
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257524
|
- |
|
arcabit
|
arcavir_2009_antivirus_protection
arcavir_2009_home_protection
arcavir_2009_internet_security
arcavir_2009_system_protection
|
The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and …
|
CWE-20
Improper Input Validation
|
CVE-2009-1824
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257525
|
- |
|
collector
|
mycolex
|
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
|
CWE-287
Improper Authentication
|
CVE-2009-1825
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257526
|
- |
|
collector
|
mygesuad
|
modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
|
CWE-287
Improper Authentication
|
CVE-2009-1826
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257527
|
- |
|
wireshark
|
wireshark
|
Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
|
NVD-CWE-noinfo
|
CVE-2009-1829
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257528
|
- |
|
slsknet
|
soulseek
|
Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1830
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257529
|
- |
|
nullsoft
|
winamp
|
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign exten…
|
CWE-189
Numeric Errors
|
CVE-2009-1831
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257530
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1839
|
2017-09-29 10:34 |
2009-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
