260361
|
- |
|
jabba_laci
|
phptraverser
|
PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOT…
|
CWE-94
Code Injection
|
CVE-2009-4085
|
2017-08-17 10:31 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260362
|
- |
|
javascript
|
xerver_http_server
|
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the…
|
CWE-20
Improper Input Validation
|
CVE-2009-4086
|
2017-08-17 10:31 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260363
|
- |
|
telepark
|
telepark.wiki
|
Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4087
|
2017-08-17 10:31 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260364
|
- |
|
telepark
|
telepark.wiki
|
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php…
|
CWE-22
Path Traversal
|
CVE-2009-4088
|
2017-08-17 10:31 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260365
|
- |
|
telepark
|
telepark.wiki
|
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments…
|
CWE-287
Improper Authentication
|
CVE-2009-4089
|
2017-08-17 10:31 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260366
|
- |
|
telepark
|
telepark.wiki
|
Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a…
|
CWE-20
Improper Input Validation
|
CVE-2009-4090
|
2017-08-17 10:31 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260367
|
- |
|
simplog
|
simplog
|
comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4091
|
2017-08-17 10:31 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260368
|
- |
|
simplog
|
simplog
|
Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests tha…
|
CWE-352
Origin Validation Error
|
CVE-2009-4092
|
2017-08-17 10:31 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260369
|
- |
|
simplog
|
simplog
|
Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4093
|
2017-08-17 10:31 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260370
|
- |
|
companionway
|
myphile
|
myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
|
CWE-287
Improper Authentication
|
CVE-2009-4095
|
2017-08-17 10:31 |
2009-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|