|
256401
|
- |
|
sonicspot
|
audioactive_player
|
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1815
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256402
|
- |
|
mygamescript
|
my_game_script
|
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details …
|
CWE-89
SQL Injection
|
CVE-2009-1816
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256403
|
- |
|
digimode10
|
maya
|
Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .m3u or (2) .m3l playlist file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-1817
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256404
|
- |
|
maxcms
|
maxcms
|
SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action.
|
CWE-89
SQL Injection
|
CVE-2009-1818
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256405
|
- |
|
2daybiz
|
custom_t-shirt_design_script
|
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-1819
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256406
|
- |
|
2daybiz
|
custom_t-shirt_design_script
|
Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-1820
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256407
|
- |
|
dmxready
|
registration_manager
|
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request fo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1821
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256408
|
- |
|
gonzalo_maser
|
com_artforms
|
Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConf…
|
CWE-94
Code Injection
|
CVE-2009-1822
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256409
|
- |
|
arcabit
|
arcavir_2009_antivirus_protection
arcavir_2009_home_protection
arcavir_2009_internet_security
arcavir_2009_system_protection
|
The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and …
|
CWE-20
Improper Input Validation
|
CVE-2009-1824
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256410
|
- |
|
collector
|
mycolex
|
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
|
CWE-287
Improper Authentication
|
CVE-2009-1825
|
2017-09-29 10:34 |
2009-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
