|
257831
|
- |
|
sebastian-thiele
|
st-gallery
|
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arb…
|
CWE-89
SQL Injection
|
CVE-2009-1799
|
2017-09-29 10:34 |
2009-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257832
|
- |
|
videoscript
|
youtube_video_script
|
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password paramet…
|
CWE-89
SQL Injection
|
CVE-2009-1804
|
2017-09-29 10:34 |
2009-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257833
|
- |
|
collector
|
mycolex
|
Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page par…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1809
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257834
|
- |
|
collector
|
mycolex
|
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow rem…
|
CWE-89
SQL Injection
|
CVE-2009-1810
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257835
|
- |
|
collector
|
mygesuad
|
Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/e…
|
CWE-79
Cross-site Scripting
|
CVE-2009-1811
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257836
|
- |
|
collector
|
mygesuad
|
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, a…
|
CWE-89
SQL Injection
|
CVE-2009-1812
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257837
|
- |
|
submitterscript
|
submitterscript
|
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the…
|
CWE-89
SQL Injection
|
CVE-2009-1813
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257838
|
- |
|
jevontech
|
phpenpals
|
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered b…
|
CWE-89
SQL Injection
|
CVE-2009-1814
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257839
|
- |
|
sonicspot
|
audioactive_player
|
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1815
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257840
|
- |
|
mygamescript
|
my_game_script
|
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details …
|
CWE-89
SQL Injection
|
CVE-2009-1816
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
