|
262031
|
- |
|
mahara
|
mahara
|
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a di…
|
CWE-79
Cross-site Scripting
|
CVE-2009-0660
|
2017-08-17 10:29 |
2009-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262032
|
- |
|
flashtux
|
weechat
|
Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds …
|
CWE-20
Improper Input Validation
|
CVE-2009-0661
|
2017-08-17 10:29 |
2009-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262033
|
- |
|
plone
|
plonepas
|
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitra…
|
CWE-287
Improper Authentication
|
CVE-2009-0662
|
2017-08-17 10:29 |
2009-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262034
|
- |
|
zope
|
zodb
|
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code…
|
NVD-CWE-noinfo
CWE-94
Code Injection
|
CVE-2009-0668
|
2017-08-17 10:29 |
2009-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262035
|
- |
|
zope
|
zodb
|
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO networ…
|
CWE-287
Improper Authentication
|
CVE-2009-0669
|
2017-08-17 10:29 |
2009-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262036
|
- |
|
ravenphpscripts
|
ravennuke
|
Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-0679
|
2017-08-17 10:29 |
2009-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262037
|
- |
|
plunet
|
business_manager
|
Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML v…
|
CWE-79
Cross-site Scripting
|
CVE-2009-0699
|
2017-08-17 10:29 |
2009-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262038
|
- |
|
plunet
|
business_manager
|
Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_Dir…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0700
|
2017-08-17 10:29 |
2009-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262039
|
- |
|
simple-review
|
com_simple_review
|
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to inde…
|
CWE-89
SQL Injection
|
CVE-2009-0706
|
2017-08-17 10:29 |
2009-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262040
|
- |
|
vlad_alexa_mancini
|
phpfootball
|
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the…
|
CWE-89
SQL Injection
|
CVE-2009-0709
|
2017-08-17 10:29 |
2009-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
