|
294431
|
- |
|
jinzora
|
jinzora
|
Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter.
|
CWE-22
Path Traversal
|
CVE-2009-2313
|
2017-09-19 10:29 |
2009-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294432
|
- |
|
clicknet
|
clicknet_cms
|
Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.
|
CWE-22
Path Traversal
|
CVE-2009-2325
|
2017-09-19 10:29 |
2009-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294433
|
- |
|
max_kervin
|
kervinet_forum
|
Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) t…
|
CWE-89
SQL Injection
|
CVE-2009-2326
|
2017-09-19 10:29 |
2009-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294434
|
- |
|
max_kervin
|
kervinet_forum
|
Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2327
|
2017-09-19 10:29 |
2009-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294435
|
- |
|
max_kervin
|
kervinet_forum
|
admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via …
|
CWE-287
Improper Authentication
|
CVE-2009-2328
|
2017-09-19 10:29 |
2009-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294436
|
- |
|
max_kervin
|
kervinet_forum
|
KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) admin/head.php, or (2) voting_diagram.php, (3) voting.php, (4) topics_search.php, (5…
|
CWE-200
Information Exposure
|
CVE-2009-2329
|
2017-09-19 10:29 |
2009-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294437
|
- |
|
cms.tut.su
|
cms_chainuk
|
Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2330
|
2017-09-19 10:29 |
2009-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294438
|
- |
|
cms.tut.su
|
cms_chainuk
|
Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or…
|
CWE-94
Code Injection
|
CVE-2009-2331
|
2017-09-19 10:29 |
2009-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294439
|
- |
|
cms.tut.su
|
cms_chainuk
|
CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_del…
|
CWE-200
Information Exposure
|
CVE-2009-2332
|
2017-09-19 10:29 |
2009-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294440
|
- |
|
cms.tut.su
|
cms_chainuk
|
Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/a…
|
CWE-22
Path Traversal
|
CVE-2009-2333
|
2017-09-19 10:29 |
2009-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
