|
261551
|
- |
|
qtweb
|
qtweb
|
QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) …
|
CWE-79
Cross-site Scripting
|
CVE-2009-3015
|
2017-08-17 10:31 |
2009-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261552
|
- |
|
symantec
|
securityexpressions_audit_and_compliance_server
|
Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3030
|
2017-08-17 10:31 |
2009-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261553
|
- |
|
symantec
|
altiris_deployment_solution
altiris_management_platform
altiris_notification_server
|
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-3033
|
2017-08-17 10:31 |
2009-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261554
|
- |
|
symantec
|
altiris_notification_server
|
The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on…
|
CWE-255
Credentials Management
|
CVE-2009-3035
|
2017-08-17 10:31 |
2010-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261555
|
- |
|
spip
|
spip
|
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-3041
|
2017-08-17 10:31 |
2009-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261556
|
- |
|
uiga
|
church_portal
|
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. NOTE: the provenance of this in…
|
CWE-89
SQL Injection
|
CVE-2009-3081
|
2017-08-17 10:31 |
2009-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261557
|
- |
|
zmanda
|
zrm_for_my_sql
|
The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_B…
|
CWE-20
Improper Input Validation
|
CVE-2009-3102
|
2017-08-17 10:31 |
2009-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261558
|
- |
|
symantec
|
antivirus
client_security
norton_antivirus
norton_internet_security
|
Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 befor…
|
CWE-399
Resource Management Errors
|
CVE-2009-3104
|
2017-08-17 10:31 |
2009-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261559
|
- |
|
ibm
|
domino_web_access
|
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecif…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3105
|
2017-08-17 10:31 |
2009-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261560
|
- |
|
ibm
|
websphere_application_server
|
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-3106
|
2017-08-17 10:31 |
2009-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
