|
258611
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inje…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4370
|
2017-08-17 10:31 |
2009-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258612
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "a…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4371
|
2017-08-17 10:31 |
2009-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258613
|
- |
|
alienvault
|
open_source_security_information_management
|
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the…
|
CWE-20
Improper Input Validation
|
CVE-2009-4372
|
2017-08-17 10:31 |
2009-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258614
|
- |
|
texmedia
|
million_pixel_script
|
Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these deta…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4381
|
2017-08-17 10:31 |
2009-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258615
|
- |
|
jochen_striepe
|
t-prot
|
Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "--maxlines" option and a crafted email me…
|
NVD-CWE-noinfo
|
CVE-2009-4404
|
2017-08-17 10:31 |
2009-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258616
|
- |
|
edgewall
|
trac
|
Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "che…
|
NVD-CWE-noinfo
|
CVE-2009-4405
|
2017-08-17 10:31 |
2009-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258617
|
- |
|
xfs
|
acl
|
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4411
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258618
|
- |
|
s9y
|
serendipity
|
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extens…
|
NVD-CWE-Other
|
CVE-2009-4412
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258619
|
- |
|
phpgroupware
|
phpgroupware
|
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attacker…
|
CWE-89
SQL Injection
|
CVE-2009-4414
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258620
|
- |
|
phpgroupware
|
phpgroupware
|
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to …
|
CWE-22
Path Traversal
|
CVE-2009-4415
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
