|
259131
|
- |
|
zen-cart
|
zen_cart
|
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string paramet…
|
CWE-89
SQL Injection
|
CVE-2009-2254
|
2017-09-19 10:29 |
2009-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259132
|
- |
|
zen-cart
|
zen_cart
|
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via t…
|
CWE-287
Improper Authentication
|
CVE-2009-2255
|
2017-09-19 10:29 |
2009-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259133
|
- |
|
giorgio_tani
|
peazip
|
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a comma…
|
CWE-20
Improper Input Validation
|
CVE-2009-2261
|
2017-09-19 10:29 |
2009-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259134
|
- |
|
awesomephp
|
mega_file_manager
|
Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOT…
|
CWE-22
Path Traversal
|
CVE-2009-2263
|
2017-09-19 10:29 |
2009-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259135
|
- |
|
cpanel
|
cpanel
|
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
|
CWE-22
Path Traversal
|
CVE-2009-2275
|
2017-09-19 10:29 |
2009-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259136
|
- |
|
biglle
|
vote_for_us_extension
|
SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2276
|
2017-09-19 10:29 |
2009-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259137
|
- |
|
vmware
|
esx_server
virtualcenter
|
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors rel…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2277
|
2017-09-19 10:29 |
2010-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259138
|
- |
|
tutorial-share
|
tutorial_share
|
Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2293
|
2017-09-19 10:29 |
2009-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259139
|
- |
|
armassa
|
ard-9808_software
ard-9808
|
The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.
|
CWE-20
Improper Input Validation
|
CVE-2009-2305
|
2017-09-19 10:29 |
2009-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259140
|
- |
|
armassa
|
ard-9808_software
ard-9808
|
The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passw…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2306
|
2017-09-19 10:29 |
2009-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
