|
256381
|
- |
|
freedville
|
quotebook
|
QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct reque…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0828
|
2017-09-29 10:34 |
2009-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256382
|
- |
|
php-fusion
|
members_cv_module
|
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands vi…
|
CWE-89
SQL Injection
|
CVE-2009-0831
|
2017-09-29 10:34 |
2009-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256383
|
- |
|
myplugins
|
gen_msn
|
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-0833
|
2017-09-29 10:34 |
2009-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256384
|
- |
|
matteoiammarrone
|
s-cms
|
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-0863
|
2017-09-29 10:34 |
2009-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256385
|
- |
|
matteoiammarrone
|
s-cms
|
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
|
CWE-287
Improper Authentication
|
CVE-2009-0864
|
2017-09-29 10:34 |
2009-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256386
|
- |
|
phnews
|
phnews
|
pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0866
|
2017-09-29 10:34 |
2009-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256387
|
- |
|
josema_enzo
|
isiajax
|
SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-0881
|
2017-09-29 10:34 |
2009-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256388
|
- |
|
amunak
|
blue_eye_cms
|
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.
|
CWE-89
SQL Injection
|
CVE-2009-0883
|
2017-09-29 10:34 |
2009-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256389
|
- |
|
mediacommands
|
media_commands
|
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-0885
|
2017-09-29 10:34 |
2009-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256390
|
- |
|
oneorzero
|
oneorzero_helpdesk
|
Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter.
|
CWE-22
Path Traversal
|
CVE-2009-0886
|
2017-09-29 10:34 |
2009-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
