|
294071
|
- |
|
portalxp
|
portalxp
|
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.p…
|
CWE-89
SQL Injection
|
CVE-2009-3148
|
2017-09-19 10:29 |
2009-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294072
|
- |
|
curveriderhq
|
elgg
|
Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of…
|
CWE-22
Path Traversal
|
CVE-2009-3149
|
2017-09-19 10:29 |
2009-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294073
|
- |
|
multi-website
|
multi_website
|
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
|
CWE-89
SQL Injection
|
CVE-2009-3150
|
2017-09-19 10:29 |
2009-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294074
|
- |
|
ultrize
|
timesheet
|
Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
|
CWE-22
Path Traversal
|
CVE-2009-3151
|
2017-09-19 10:29 |
2009-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294075
|
- |
|
almondsoft
|
com_aclassf
|
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_for…
|
CWE-89
SQL Injection
|
CVE-2009-3154
|
2017-09-19 10:29 |
2009-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294076
|
- |
|
almondsoft
|
com_aclassf
|
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr para…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3155
|
2017-09-19 10:29 |
2009-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294077
|
- |
|
carsten_wulff
|
simplephpweb
|
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are …
|
CWE-287
Improper Authentication
|
CVE-2009-3158
|
2017-09-19 10:29 |
2009-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294078
|
- |
|
anantasoft
|
gazelle_cms
|
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template par…
|
CWE-22
Path Traversal
|
CVE-2009-3167
|
2017-09-19 10:29 |
2009-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294079
|
- |
|
aimp
|
aimp2_audio_converter
|
Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argu…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-3170
|
2017-09-19 10:29 |
2009-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294080
|
- |
|
anantasoft
|
gazelle_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (…
|
CWE-79
Cross-site Scripting
|
CVE-2009-3171
|
2017-09-19 10:29 |
2009-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
