|
258901
|
- |
|
openssl
|
openssl
|
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, wh…
|
CWE-20
Improper Input Validation
|
CVE-2009-3245
|
2017-09-19 10:29 |
2010-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258902
|
- |
|
mybuxscript
|
pts-bux
|
SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of …
|
CWE-89
SQL Injection
|
CVE-2009-3246
|
2017-09-19 10:29 |
2009-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258903
|
- |
|
vtiger
|
vtiger_crm
|
Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: th…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3247
|
2017-09-19 10:29 |
2009-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258904
|
- |
|
vtiger
|
vtiger_crm
|
Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system…
|
CWE-352
Origin Validation Error
|
CVE-2009-3248
|
2017-09-19 10:29 |
2009-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258905
|
- |
|
vtiger
|
vtiger_crm
|
Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or th…
|
CWE-22
Path Traversal
|
CVE-2009-3249
|
2017-09-19 10:29 |
2009-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258906
|
- |
|
vtiger
|
vtiger_crm
|
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachmen…
|
CWE-20
Improper Input Validation
|
CVE-2009-3250
|
2017-09-19 10:29 |
2009-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258907
|
- |
|
dave_robinson
|
rockbandcms
|
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.
|
CWE-89
SQL Injection
|
CVE-2009-3252
|
2017-09-19 10:29 |
2009-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258908
|
- |
|
tricerasoft
|
swift_ultralite
|
Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-3253
|
2017-09-19 10:29 |
2009-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258909
|
- |
|
ultimatevideosite
|
ultimate_player
|
Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-3254
|
2017-09-19 10:29 |
2009-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258910
|
- |
|
apple
|
safari
iphone_os
|
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
|
CWE-20
Improper Input Validation
|
CVE-2009-3271
|
2017-09-19 10:29 |
2009-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
