|
257081
|
- |
|
beaussier
|
roomphplanning
|
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room …
|
CWE-287
Improper Authentication
|
CVE-2009-4670
|
2017-09-19 10:30 |
2010-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257082
|
- |
|
beaussier
|
roomphplanning
|
Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.
|
CWE-287
Improper Authentication
|
CVE-2009-4671
|
2017-09-19 10:30 |
2010-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257083
|
- |
|
grupenet
|
wp-lytebox
|
Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4672
|
2017-09-19 10:30 |
2010-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257084
|
- |
|
mole-group
|
adult_portal_script
|
SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-4673
|
2017-09-19 10:30 |
2010-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257085
|
- |
|
mole-group
|
bus_ticket_script
sky_hunter_airline_ticket_sale_script
|
admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field.
|
CWE-255
Credentials Management
|
CVE-2009-4674
|
2017-09-19 10:30 |
2010-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257086
|
- |
|
mole-group
|
gastro_portal_\(restaurant_directory\)_script
|
admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via…
|
CWE-287
Improper Authentication
|
CVE-2009-4675
|
2017-09-19 10:30 |
2010-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257087
|
- |
|
phpdirectorysource
|
phpdirectorysource
|
SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.
|
CWE-89
SQL Injection
|
CVE-2009-4680
|
2017-09-19 10:30 |
2010-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257088
|
- |
|
phpdirectorysource
|
phpdirectorysource
|
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4681
|
2017-09-19 10:30 |
2010-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257089
|
- |
|
scriptsez
|
good\/bad_vote
|
Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4682
|
2017-09-19 10:30 |
2010-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257090
|
- |
|
scriptsez
|
good\/bad_vote
|
Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote a…
|
CWE-22
Path Traversal
|
CVE-2009-4683
|
2017-09-19 10:30 |
2010-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
