|
312531
|
- |
|
ajsquare
|
aj_auction_pro-oopd
|
Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4989
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312532
|
- |
|
sap
|
business_one_2005-a
|
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4988
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312533
|
- |
|
scripteen
|
free_image_hosting_script
|
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vecto…
|
CWE-287
Improper Authentication
|
CVE-2009-4987
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312534
|
- |
|
in-portal
|
in-portal
|
Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4986
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312535
|
- |
|
websitesrus
|
accessories_me_php_affiliate_script
|
SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter.
|
CWE-89
SQL Injection
|
CVE-2009-4985
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312536
|
- |
|
websitesrus
|
accessories_me_php_affiliate_script
|
Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.p…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4984
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312537
|
- |
|
snowhall
|
silurus_system
|
Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4983
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312538
|
- |
|
irokez
|
irokez_cms
|
SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default U…
|
CWE-89
SQL Injection
|
CVE-2009-4982
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312539
|
- |
|
keil-software
|
photokorn_gallery
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators.
|
CWE-352
Origin Validation Error
|
CVE-2009-4981
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312540
|
- |
|
keil-software
|
photokorn_gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4980
|
2024-11-21 10:10 |
2010-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
