|
294781
|
- |
|
anantasoft
|
gazelle_cms
|
Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-3182
|
2017-09-19 10:29 |
2009-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294782
|
- |
|
comsenz
|
crazy_star_plugin
|
SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.
|
CWE-89
SQL Injection
|
CVE-2009-3185
|
2017-09-19 10:29 |
2009-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294783
|
- |
|
david_frohlich
|
phpsane
|
PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the file_save parameter.
|
CWE-94
Code Injection
|
CVE-2009-3188
|
2017-09-19 10:29 |
2009-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294784
|
- |
|
pad-site-scripts
|
pad_site_scripts
|
Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php.
|
CWE-89
SQL Injection
|
CVE-2009-3190
|
2017-09-19 10:29 |
2009-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294785
|
- |
|
pad-site-scripts
|
pad_site_scripts
|
Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php.
|
CWE-79
Cross-site Scripting
|
CVE-2009-3191
|
2017-09-19 10:29 |
2009-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294786
|
- |
|
uwix
|
com_digifolio
|
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
|
CWE-89
SQL Injection
|
CVE-2009-3193
|
2017-09-19 10:29 |
2009-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294787
|
- |
|
uebimiau
|
uebimiau
|
Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes vi…
|
CWE-200
Information Exposure
|
CVE-2009-3199
|
2017-09-19 10:29 |
2009-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294788
|
- |
|
rob_schultz
|
media_player_classic
|
Integer overflow in Media Player Classic 6.4.9 allows user-assisted remote attackers to cause a denial of service (application crash) via a MIDI file (.mid) with a malformed header, which triggers a …
|
CWE-189
Numeric Errors
|
CVE-2009-3201
|
2017-09-19 10:29 |
2009-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294789
|
- |
|
wiccle
|
iwiccle
|
Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the adm…
|
CWE-22
Path Traversal
|
CVE-2009-3216
|
2017-09-19 10:29 |
2009-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294790
|
- |
|
wiccle
|
iwiccle
|
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
|
CWE-89
SQL Injection
|
CVE-2009-3217
|
2017-09-19 10:29 |
2009-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
