|
258401
|
- |
|
xfs
|
acl
|
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4411
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258402
|
- |
|
s9y
|
serendipity
|
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extens…
|
NVD-CWE-Other
|
CVE-2009-4412
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258403
|
- |
|
phpgroupware
|
phpgroupware
|
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attacker…
|
CWE-89
SQL Injection
|
CVE-2009-4414
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258404
|
- |
|
phpgroupware
|
phpgroupware
|
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to …
|
CWE-22
Path Traversal
|
CVE-2009-4415
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258405
|
- |
|
phpgroupware
|
phpgroupware
|
Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an a…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4416
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258406
|
- |
|
intel
|
gm45_chipset
pm45_express_chipset
q35_chipset
q43_express_chipset
q45_chipset
|
Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and…
|
CWE-16
Configuration
|
CVE-2009-4419
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258407
|
- |
|
weentech
|
weencompany
|
SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from thir…
|
CWE-89
SQL Injection
|
CVE-2009-4423
|
2017-08-17 10:31 |
2009-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258408
|
- |
|
imotta
|
pyrmont_plugin
|
SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-4424
|
2017-08-17 10:31 |
2009-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258409
|
- |
|
idevspot
|
idevcart
|
Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter in a browse action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4425
|
2017-08-17 10:31 |
2009-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258410
|
- |
|
launchpad
|
ignition
|
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog par…
|
CWE-22
Path Traversal
|
CVE-2009-4426
|
2017-08-17 10:31 |
2009-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
