|
260561
|
- |
|
aspindir
|
angelo-emlak
|
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4820
|
2017-08-17 10:31 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260562
|
- |
|
kasseler-cms
|
kasseler_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4822
|
2017-08-17 10:31 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260563
|
- |
|
8pixel
|
simple_blog
|
8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4825
|
2017-08-17 10:31 |
2010-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260564
|
- |
|
oracle
|
mysql_connector\/net
|
MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL cer…
|
CWE-20
Improper Input Validation
|
CVE-2009-4833
|
2017-08-17 10:31 |
2010-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260565
|
- |
|
deliantra
|
deliantra
|
Multiple buffer overflows in Deliantra Server before 2.82 allow remote attackers to execute arbitrary code via vectors related to (1) the command_gsay function in server/c_party.C and (2) the book im…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4846
|
2017-08-17 10:31 |
2010-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260566
|
- |
|
deliantra
|
deliantra
|
Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list.
|
CWE-20
Improper Input Validation
|
CVE-2009-4847
|
2017-08-17 10:31 |
2010-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260567
|
- |
|
awingsoft
|
awakening_winds3d_viewer_plugin
|
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4850
|
2017-08-17 10:31 |
2010-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260568
|
- |
|
jumpbox
|
jumpbox
|
Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4853
|
2017-08-17 10:31 |
2010-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260569
|
- |
|
ecomstudio
|
php_easy_shopping_cart
|
Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4856
|
2017-08-17 10:31 |
2010-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260570
|
- |
|
ecomstudio
|
php_photo_vote1.3f
|
Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4857
|
2017-08-17 10:31 |
2010-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
