|
294681
|
- |
|
dd-wrt
|
dd-wrt
|
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bi…
|
CWE-20
Improper Input Validation
|
CVE-2009-2765
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294682
|
- |
|
dd-wrt
|
dd-wrt
|
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2766
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294683
|
- |
|
ultrize
|
timesheet
|
PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the c…
|
CWE-94
Code Injection
|
CVE-2009-2769
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294684
|
- |
|
powerupload
|
powerupload
|
PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2770
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294685
|
- |
|
shop-020
|
php_paid_4_mail_script
|
PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
|
CWE-94
Code Injection
|
CVE-2009-2773
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294686
|
- |
|
php-paid4mail
|
php-paid4mail
|
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2774
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294687
|
- |
|
phparcadescript
|
phparcadescript
|
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2775
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294688
|
- |
|
garagesalesjunkie
|
garagesales_script
|
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
|
CWE-89
SQL Injection
|
CVE-2009-2777
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294689
|
- |
|
garagesalesjunkie
|
garagesales_script
|
Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details a…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2778
|
2017-09-19 10:29 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294690
|
- |
|
arabportal
|
arab_portal
|
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomme…
|
CWE-89
SQL Injection
|
CVE-2009-2781
|
2017-09-19 10:29 |
2009-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
