|
258431
|
- |
|
novell
|
imanager
|
Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-ap…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4486
|
2017-08-17 10:31 |
2010-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258432
|
- |
|
indymedia
|
oscailt
|
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_…
|
CWE-22
Path Traversal
|
CVE-2009-4512
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258433
|
- |
|
john_vandyk
|
workflow
|
Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow"…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4513
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258434
|
- |
|
ortro
|
ortro
|
Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2009-4519
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258435
|
- |
|
bloofox
|
bloofoxcms
|
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of thes…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4522
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258436
|
- |
|
zainu
|
zainu
|
Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4523
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258437
|
- |
|
nancy_wichmann
|
realname
|
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4524
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258438
|
- |
|
joao_ventura
|
print
|
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject a…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4525
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258439
|
- |
|
niif
|
shib_auth
|
The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, whi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4527
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258440
|
- |
|
moshe_weitzman
|
og_vocab
|
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4528
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
