|
258631
|
- |
|
phpwares
|
php_inventory
|
Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4596
|
2017-08-17 10:31 |
2010-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258632
|
- |
|
phpwares
|
php_inventory
|
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, an…
|
CWE-89
SQL Injection
|
CVE-2009-4597
|
2017-08-17 10:31 |
2010-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258633
|
- |
|
corephp
|
com_jphoto
|
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
|
CWE-89
SQL Injection
|
CVE-2009-4598
|
2017-08-17 10:31 |
2010-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258634
|
- |
|
joomshark
|
com_jsjobs
|
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_…
|
CWE-89
SQL Injection
|
CVE-2009-4599
|
2017-08-17 10:31 |
2010-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258635
|
- |
|
netartmedia
|
media_real_estate_portal
|
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username …
|
CWE-89
SQL Injection
|
CVE-2009-4600
|
2017-08-17 10:31 |
2010-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258636
|
- |
|
fernando_soares
|
com_mamboleto
|
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL…
|
CWE-94
Code Injection
|
CVE-2009-4604
|
2017-08-17 10:31 |
2010-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258637
|
- |
|
accellion
|
secure_file_transfer_appliance
|
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping c…
|
CWE-78
OS Command
|
CVE-2009-4644
|
2017-08-17 10:31 |
2010-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258638
|
- |
|
accellion
|
secure_file_transfer_appliance
|
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the la…
|
CWE-22
Path Traversal
|
CVE-2009-4645
|
2017-08-17 10:31 |
2010-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258639
|
- |
|
accellion
|
secure_file_transfer_appliance
|
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4647
|
2017-08-17 10:31 |
2010-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258640
|
- |
|
accellion
|
secure_file_transfer_appliance
|
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4648
|
2017-08-17 10:31 |
2010-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
