|
294241
|
- |
|
digitalinterchange
|
digital_interchange_document_library
|
admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via u…
|
CWE-287
Improper Authentication
|
CVE-2009-4806
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294242
|
- |
|
graugon
|
php_article_publisher
|
Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to v…
|
CWE-89
SQL Injection
|
CVE-2009-4807
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294243
|
- |
|
graugon
|
php_article_publisher
|
admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2009-4808
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294244
|
- |
|
sharing-file
|
easy_file_sharing_web_server
|
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4809
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294245
|
- |
|
deslock
|
deslock\+
|
The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4832
|
2017-09-19 10:30 |
2010-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294246
|
- |
|
xpressengine
|
zeroboard
|
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php.
|
CWE-94
Code Injection
|
CVE-2009-4834
|
2017-09-19 10:30 |
2010-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294247
|
- |
|
moviephp
|
movie_php_script
|
Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter.
|
CWE-94
Code Injection
|
CVE-2009-4836
|
2017-09-19 10:30 |
2010-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294248
|
- |
|
roxio
|
cineplayer
|
Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName metho…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4840
|
2017-09-19 10:30 |
2010-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294249
|
- |
|
roxio
|
cineplayer
|
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskTyp…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4841
|
2017-09-19 10:30 |
2010-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294250
|
- |
|
scripts.oldguy
|
talkback
|
addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter.
|
CWE-20
Improper Input Validation
|
CVE-2009-4854
|
2017-09-19 10:30 |
2010-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
