|
257821
|
- |
|
bokecc
|
maxcms
|
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
|
CWE-89
SQL Injection
|
CVE-2009-1764
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257822
|
- |
|
pluck-cms
|
pluck
|
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref p…
|
CWE-22
Path Traversal
|
CVE-2009-1765
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257823
|
- |
|
2daybiz
|
template_monster_clone
|
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1767
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257824
|
- |
|
ramazeiten
|
ramazaitencms0.9.7.5
ramazaitencms0.9.7.6
ramazaitencms0.9.7.8
ramazaitencms0.9.8
|
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2009-1768
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257825
|
- |
|
flyspeck
|
flyspeck_cms
|
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang…
|
CWE-22
Path Traversal
|
CVE-2009-1770
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257826
|
- |
|
flyspeck
|
flyspeck_cms
|
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[f…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1771
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257827
|
- |
|
strawberry
|
strawberry
|
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/…
|
CWE-22
Path Traversal
|
CVE-2009-1774
|
2017-09-29 10:34 |
2009-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257828
|
- |
|
ibm
|
aix
|
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
|
CWE-362
Race Condition
|
CVE-2009-1786
|
2017-09-29 10:34 |
2009-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257829
|
- |
|
phpdirsubmit
|
php_dir_submit
|
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) usernam…
|
CWE-89
SQL Injection
|
CVE-2009-1787
|
2017-09-29 10:34 |
2009-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257830
|
- |
|
eggheads
philip_moore
|
eggdrop
eggdrop_irc_bot
windrop
|
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a…
|
NVD-CWE-Other
|
CVE-2009-1789
|
2017-09-29 10:34 |
2009-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
