|
258541
|
- |
|
jonas_renggli
|
vshoutbox
|
Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4345
|
2017-08-17 10:31 |
2009-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258542
|
- |
|
phpwebscripts
|
link_up_gold
|
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that creat…
|
CWE-352
Origin Validation Error
|
CVE-2009-4349
|
2017-08-17 10:31 |
2009-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258543
|
- |
|
transware
|
active_mail_2003
|
Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to injec…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4352
|
2017-08-17 10:31 |
2009-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258544
|
- |
|
transware
|
active\!_mail
|
The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows re…
|
NVD-CWE-Other
|
CVE-2009-4353
|
2017-08-17 10:31 |
2009-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258545
|
- |
|
transware
|
active\!_mail
|
TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the…
|
CWE-255
Credentials Management
|
CVE-2009-4354
|
2017-08-17 10:31 |
2009-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258546
|
- |
|
marc-andre_lanciault
|
smartmedia
|
Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4359
|
2017-08-17 10:31 |
2009-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258547
|
- |
|
handcoders
|
content_module
|
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-4360
|
2017-08-17 10:31 |
2009-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258548
|
- |
|
scriptsez
|
ez_blog
|
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4364
|
2017-08-17 10:31 |
2009-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258549
|
- |
|
scriptsez
|
ez_blog
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog…
|
CWE-352
Origin Validation Error
|
CVE-2009-4365
|
2017-08-17 10:31 |
2009-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258550
|
- |
|
scriptsez
|
ez_blog
|
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4366
|
2017-08-17 10:31 |
2009-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
