|
294911
|
- |
|
xerver
|
xerver
|
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-3562
|
2017-09-19 10:29 |
2009-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294912
|
- |
|
tony_million
|
tuniac
|
Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-3574
|
2017-09-19 10:29 |
2009-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294913
|
- |
|
vspanel
|
vs_panel
|
SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter.
|
CWE-89
SQL Injection
|
CVE-2009-3590
|
2017-09-19 10:29 |
2009-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294914
|
- |
|
vspanel
|
vs_panel
|
SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590.
|
CWE-89
SQL Injection
|
CVE-2009-3595
|
2017-09-19 10:29 |
2009-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294915
|
- |
|
joxtechnology
|
ajox_poll
|
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-3596
|
2017-09-19 10:29 |
2009-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294916
|
- |
|
adium
pidgin
|
adium
pidgin
|
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ…
|
CWE-399
Resource Management Errors
|
CVE-2009-3615
|
2017-09-19 10:29 |
2009-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294917
|
- |
|
intervations
|
navicopa_web_server
|
InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
|
CWE-200
Information Exposure
|
CVE-2009-3646
|
2017-09-19 10:29 |
2009-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294918
|
- |
|
stanback
|
bs_counter
|
SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
CWE-89
SQL Injection
|
CVE-2009-3659
|
2017-09-19 10:29 |
2009-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294919
|
- |
|
efrontlearning
|
efront
|
PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the…
|
CWE-94
Code Injection
|
CVE-2009-3660
|
2017-09-19 10:29 |
2009-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294920
|
- |
|
blueconstantmedia
|
com_djcatalog
|
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action a…
|
CWE-89
SQL Injection
|
CVE-2009-3661
|
2017-09-19 10:29 |
2009-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
