|
257201
|
- |
|
mocdesigns
|
php_news
|
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspasswo…
|
CWE-89
SQL Injection
|
CVE-2009-2921
|
2017-09-19 10:29 |
2009-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257202
|
- |
|
bitmixsoft
|
php-lance
|
Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parame…
|
CWE-22
Path Traversal
|
CVE-2009-2923
|
2017-09-19 10:29 |
2009-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257203
|
- |
|
videosbroadcastyourself
|
videos_broadcast_yourself
|
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat…
|
CWE-89
SQL Injection
|
CVE-2009-2924
|
2017-09-19 10:29 |
2009-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257204
|
- |
|
djcalendar
|
djcalendar
|
Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter.
|
CWE-22
Path Traversal
|
CVE-2009-2925
|
2017-09-19 10:29 |
2009-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257205
|
- |
|
phpcompet.free
|
php_competition_system
|
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pa…
|
CWE-89
SQL Injection
|
CVE-2009-2926
|
2017-09-19 10:29 |
2009-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257206
|
- |
|
digitalspinners
|
ds_cms
|
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2927
|
2017-09-19 10:29 |
2009-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257207
|
- |
|
tgs-cms
|
tgs_content_management
|
Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector …
|
CWE-79
Cross-site Scripting
|
CVE-2009-2928
|
2017-09-19 10:29 |
2009-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257208
|
- |
|
tgs-cms
|
tgs_content_management
|
Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5…
|
CWE-89
SQL Injection
|
CVE-2009-2929
|
2017-09-19 10:29 |
2009-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257209
|
- |
|
programmedintegration
|
pipl
|
Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D allow remote attackers to execute arbitrary code via a long string in a (1) .pls or (2) .pl playlis…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-2934
|
2017-09-19 10:29 |
2009-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257210
|
- |
|
sun
|
opensolaris
solaris
|
Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2009-2952
|
2017-09-19 10:29 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
