|
258811
|
- |
|
dd-wrt
|
dd-wrt
|
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2766
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258812
|
- |
|
ultrize
|
timesheet
|
PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the c…
|
CWE-94
Code Injection
|
CVE-2009-2769
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258813
|
- |
|
powerupload
|
powerupload
|
PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2770
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258814
|
- |
|
shop-020
|
php_paid_4_mail_script
|
PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
|
CWE-94
Code Injection
|
CVE-2009-2773
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258815
|
- |
|
php-paid4mail
|
php-paid4mail
|
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2774
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258816
|
- |
|
phparcadescript
|
phparcadescript
|
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2775
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258817
|
- |
|
garagesalesjunkie
|
garagesales_script
|
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2777
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258818
|
- |
|
garagesalesjunkie
|
garagesales_script
|
Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details a…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2778
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258819
|
- |
|
arabportal
|
arab_portal
|
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomme…
|
CWE-89
SQL Injection
|
CVE-2009-2781
|
2017-09-19 10:29 |
2009-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258820
|
- |
|
jfusion
|
com_jfusion
|
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
|
CWE-89
SQL Injection
|
CVE-2009-2782
|
2017-09-19 10:29 |
2009-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
