|
258581
|
- |
|
redmine
|
redmine
|
Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary scr…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4459
|
2017-08-17 10:31 |
2009-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258582
|
- |
|
activewebsoftwares
|
active_business_directory
|
Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4464
|
2017-08-17 10:31 |
2009-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258583
|
- |
|
deluxebb
|
deluxebb
|
DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4465
|
2017-08-17 10:31 |
2009-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258584
|
- |
|
deluxebb
|
deluxebb
|
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resu…
|
CWE-200
Information Exposure
|
CVE-2009-4466
|
2017-08-17 10:31 |
2009-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258585
|
- |
|
deluxebb
|
deluxebb
|
misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a member…
|
CWE-20
Improper Input Validation
|
CVE-2009-4467
|
2017-08-17 10:31 |
2009-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258586
|
- |
|
deluxebb
|
deluxebb
|
Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4468
|
2017-08-17 10:31 |
2009-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258587
|
- |
|
giombetti
|
phppowercards
|
Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc.php in phpPowerCards 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) archiv para…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4469
|
2017-08-17 10:31 |
2009-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258588
|
- |
|
ektron
|
cms4000.net
|
Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4473
|
2017-08-17 10:31 |
2009-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258589
|
- |
|
novell
|
imanager
|
Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-ap…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4486
|
2017-08-17 10:31 |
2010-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258590
|
- |
|
indymedia
|
oscailt
|
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_…
|
CWE-22
Path Traversal
|
CVE-2009-4512
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
