|
262771
|
- |
|
smartisoft
|
phpbazar
|
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.
|
CWE-89
SQL Injection
|
CVE-2009-4221
|
2017-08-17 10:31 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262772
|
- |
|
gianni_tommasi
|
kr-php_web_content_server
|
PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
|
CWE-94
Code Injection
|
CVE-2009-4223
|
2017-08-17 10:31 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262773
|
- |
|
basic-cms
|
sweetrice
|
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subsc…
|
CWE-20
Improper Input Validation
|
CVE-2009-4224
|
2017-08-17 10:31 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262774
|
- |
|
sun
|
opensolaris
|
Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vect…
|
CWE-362
Race Condition
|
CVE-2009-4226
|
2017-08-17 10:31 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262775
|
- |
|
xfig
|
xfig
|
Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4227
|
2017-08-17 10:31 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262776
|
- |
|
activewebsoftwares
|
active_bids
|
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2…
|
CWE-89
SQL Injection
|
CVE-2009-4229
|
2017-08-17 10:31 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262777
|
- |
|
tim_hockin
|
acpid
|
acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of servi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4235
|
2017-08-17 10:31 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262778
|
- |
|
ec-cube
|
ec-cube_ver2
|
The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote a…
|
CWE-200
Information Exposure
|
CVE-2009-4236
|
2017-08-17 10:31 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262779
|
- |
|
ibm
|
infosphere_information_server
|
Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4239
|
2017-08-17 10:31 |
2009-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262780
|
- |
|
ibm
|
infosphere_information_server
|
Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4240
|
2017-08-17 10:31 |
2009-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
