|
259011
|
- |
|
xerver
|
xerver
|
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory …
|
CWE-22
Path Traversal
|
CVE-2009-3561
|
2017-09-19 10:29 |
2009-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259012
|
- |
|
xerver
|
xerver
|
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-3562
|
2017-09-19 10:29 |
2009-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259013
|
- |
|
tony_million
|
tuniac
|
Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-3574
|
2017-09-19 10:29 |
2009-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259014
|
- |
|
vspanel
|
vs_panel
|
SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter.
|
CWE-89
SQL Injection
|
CVE-2009-3590
|
2017-09-19 10:29 |
2009-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259015
|
- |
|
vspanel
|
vs_panel
|
SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590.
|
CWE-89
SQL Injection
|
CVE-2009-3595
|
2017-09-19 10:29 |
2009-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259016
|
- |
|
joxtechnology
|
ajox_poll
|
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-3596
|
2017-09-19 10:29 |
2009-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259017
|
- |
|
adium
pidgin
|
adium
pidgin
|
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ…
|
CWE-399
Resource Management Errors
|
CVE-2009-3615
|
2017-09-19 10:29 |
2009-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259018
|
- |
|
intervations
|
navicopa_web_server
|
InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
|
CWE-200
Information Exposure
|
CVE-2009-3646
|
2017-09-19 10:29 |
2009-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259019
|
- |
|
stanback
|
bs_counter
|
SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
CWE-89
SQL Injection
|
CVE-2009-3659
|
2017-09-19 10:29 |
2009-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259020
|
- |
|
efrontlearning
|
efront
|
PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the…
|
CWE-94
Code Injection
|
CVE-2009-3660
|
2017-09-19 10:29 |
2009-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
