|
257591
|
- |
|
vivaprograms
|
infinity_script
|
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-3949
|
2017-09-19 10:29 |
2009-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257592
|
- |
|
ninjaforge
|
com_ninjamonials
|
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action…
|
CWE-89
SQL Injection
|
CVE-2009-3964
|
2017-09-19 10:29 |
2009-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257593
|
- |
|
maniacomputer
|
new5starrating
|
SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter.
|
CWE-89
SQL Injection
|
CVE-2009-3965
|
2017-09-19 10:29 |
2009-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257594
|
- |
|
arcadetradescript
|
arcade_trade_script
|
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.
|
CWE-287
Improper Authentication
|
CVE-2009-3966
|
2017-09-19 10:29 |
2009-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257595
|
- |
|
ed_charkow
|
supercharged_linking
|
SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-3967
|
2017-09-19 10:29 |
2009-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257596
|
- |
|
itechscripts
|
itechbids
|
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, …
|
CWE-89
SQL Injection
|
CVE-2009-3968
|
2017-09-19 10:29 |
2009-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257597
|
- |
|
faslo
|
faslo_player
|
Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-3969
|
2017-09-19 10:29 |
2009-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257598
|
- |
|
phpdirsubmit
|
php_dir_submit
|
SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a sh…
|
CWE-89
SQL Injection
|
CVE-2009-3970
|
2017-09-19 10:29 |
2009-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257599
|
- |
|
jtips
|
com_jtips
|
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to ind…
|
CWE-89
SQL Injection
|
CVE-2009-3971
|
2017-09-19 10:29 |
2009-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257600
|
- |
|
qproje
|
com_siirler
|
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay act…
|
CWE-89
SQL Injection
|
CVE-2009-3972
|
2017-09-19 10:29 |
2009-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
