|
259181
|
- |
|
sysax
|
multi_server
|
Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command.
|
CWE-22
Path Traversal
|
CVE-2009-4800
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259182
|
- |
|
digitalinterchange
|
digital_interchange_document_library
|
admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via u…
|
CWE-287
Improper Authentication
|
CVE-2009-4806
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259183
|
- |
|
graugon
|
php_article_publisher
|
Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to v…
|
CWE-89
SQL Injection
|
CVE-2009-4807
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259184
|
- |
|
graugon
|
php_article_publisher
|
admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2009-4808
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259185
|
- |
|
sharing-file
|
easy_file_sharing_web_server
|
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4809
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259186
|
- |
|
deslock
|
deslock\+
|
The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4832
|
2017-09-19 10:30 |
2010-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259187
|
- |
|
xpressengine
|
zeroboard
|
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php.
|
CWE-94
Code Injection
|
CVE-2009-4834
|
2017-09-19 10:30 |
2010-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259188
|
- |
|
moviephp
|
movie_php_script
|
Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter.
|
CWE-94
Code Injection
|
CVE-2009-4836
|
2017-09-19 10:30 |
2010-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259189
|
- |
|
roxio
|
cineplayer
|
Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName metho…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4840
|
2017-09-19 10:30 |
2010-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259190
|
- |
|
roxio
|
cineplayer
|
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskTyp…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4841
|
2017-09-19 10:30 |
2010-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
