|
260301
|
- |
|
klinza
|
klinza_professional_cms
|
Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in …
|
CWE-22
Path Traversal
|
CVE-2009-4216
|
2017-08-17 10:31 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260302
|
- |
|
jiros
|
jbsx
|
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a…
|
CWE-89
SQL Injection
|
CVE-2009-4218
|
2017-08-17 10:31 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260303
|
- |
|
raphael_mazoyer
|
pointcomma
|
PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] …
|
CWE-94
Code Injection
|
CVE-2009-4220
|
2017-08-17 10:31 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260304
|
- |
|
smartisoft
|
phpbazar
|
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.
|
CWE-89
SQL Injection
|
CVE-2009-4221
|
2017-08-17 10:31 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260305
|
- |
|
gianni_tommasi
|
kr-php_web_content_server
|
PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
|
CWE-94
Code Injection
|
CVE-2009-4223
|
2017-08-17 10:31 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260306
|
- |
|
basic-cms
|
sweetrice
|
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subsc…
|
CWE-20
Improper Input Validation
|
CVE-2009-4224
|
2017-08-17 10:31 |
2009-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260307
|
- |
|
sun
|
opensolaris
|
Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vect…
|
CWE-362
Race Condition
|
CVE-2009-4226
|
2017-08-17 10:31 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260308
|
- |
|
xfig
|
xfig
|
Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4227
|
2017-08-17 10:31 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260309
|
- |
|
activewebsoftwares
|
active_bids
|
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2…
|
CWE-89
SQL Injection
|
CVE-2009-4229
|
2017-08-17 10:31 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260310
|
- |
|
tim_hockin
|
acpid
|
acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of servi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4235
|
2017-08-17 10:31 |
2009-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
