|
256571
|
- |
|
freedville
|
bloghelper
|
BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0826
|
2017-09-29 10:34 |
2009-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256572
|
- |
|
freedville
|
pollhelper
|
PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0827
|
2017-09-29 10:34 |
2009-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256573
|
- |
|
freedville
|
quotebook
|
QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct reque…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0828
|
2017-09-29 10:34 |
2009-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256574
|
- |
|
php-fusion
|
members_cv_module
|
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands vi…
|
CWE-89
SQL Injection
|
CVE-2009-0831
|
2017-09-29 10:34 |
2009-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256575
|
- |
|
myplugins
|
gen_msn
|
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-0833
|
2017-09-29 10:34 |
2009-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256576
|
- |
|
matteoiammarrone
|
s-cms
|
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-0863
|
2017-09-29 10:34 |
2009-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256577
|
- |
|
matteoiammarrone
|
s-cms
|
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
|
CWE-287
Improper Authentication
|
CVE-2009-0864
|
2017-09-29 10:34 |
2009-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256578
|
- |
|
phnews
|
phnews
|
pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0866
|
2017-09-29 10:34 |
2009-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256579
|
- |
|
josema_enzo
|
isiajax
|
SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-0881
|
2017-09-29 10:34 |
2009-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256580
|
- |
|
amunak
|
blue_eye_cms
|
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.
|
CWE-89
SQL Injection
|
CVE-2009-0883
|
2017-09-29 10:34 |
2009-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
