|
257781
|
- |
|
2daybiz
|
business_community_script
|
SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
|
CWE-89
SQL Injection
|
CVE-2009-1651
|
2017-09-29 10:34 |
2009-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257782
|
- |
|
2daybiz
|
business_community_script
|
admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1652
|
2017-09-29 10:34 |
2009-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257783
|
- |
|
tinybutstrong
|
tinybutstrong
|
Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the script parameter.
|
CWE-22
Path Traversal
|
CVE-2009-1653
|
2017-09-29 10:34 |
2009-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257784
|
- |
|
easy-scripts
|
answer_and_question_script
|
Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-1654
|
2017-09-29 10:34 |
2009-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257785
|
- |
|
easy-scripts
|
answer_and_question_script
|
Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid par…
|
CWE-89
SQL Injection
|
CVE-2009-1655
|
2017-09-29 10:34 |
2009-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257786
|
- |
|
realtywebware
|
realty_web-base
|
Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (…
|
CWE-89
SQL Injection
|
CVE-2009-1658
|
2017-09-29 10:34 |
2009-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257787
|
- |
|
intelliants
|
elitius
|
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file…
|
NVD-CWE-Other
|
CVE-2009-1659
|
2017-09-29 10:34 |
2009-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257788
|
- |
|
urusoft
|
viplay3
|
Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file entry in a .vpl file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1660
|
2017-09-29 10:34 |
2009-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257789
|
- |
|
recipescript
|
recipe_script
|
Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields,…
|
CWE-89
SQL Injection
|
CVE-2009-1662
|
2017-09-29 10:34 |
2009-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257790
|
- |
|
easy-scripts
|
answer_and_question_script
|
Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, …
|
NVD-CWE-Other
|
CVE-2009-1663
|
2017-09-29 10:34 |
2009-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
