|
294541
|
- |
|
david_degner
|
phpcollegeexchange
|
Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter…
|
CWE-94
Code Injection
|
CVE-2009-2218
|
2017-09-19 10:29 |
2009-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294542
|
- |
|
david_degner
|
phpcollegeexchange
|
Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, …
|
CWE-79
Cross-site Scripting
|
CVE-2009-2219
|
2017-09-19 10:29 |
2009-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294543
|
- |
|
tribiq
|
tribiq_cms
|
Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary…
|
CWE-22
Path Traversal
|
CVE-2009-2220
|
2017-09-19 10:29 |
2009-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294544
|
- |
|
teozkr
|
lightopencms
|
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote f…
|
CWE-22
Path Traversal
|
CVE-2009-2223
|
2017-09-19 10:29 |
2009-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294545
|
- |
|
an_guestbook
|
an_guestbook
|
Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang par…
|
CWE-22
Path Traversal
|
CVE-2009-2224
|
2017-09-19 10:29 |
2009-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294546
|
- |
|
blabsoft
|
bopup_communication_server
|
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-2227
|
2017-09-19 10:29 |
2009-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294547
|
- |
|
kasseler-cms
|
kasseler_cms
|
Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action.
|
CWE-79
Cross-site Scripting
|
CVE-2009-2228
|
2017-09-19 10:29 |
2009-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294548
|
- |
|
kasseler-cms
|
kasseler_cms
|
Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a differe…
|
CWE-22
Path Traversal
|
CVE-2009-2229
|
2017-09-19 10:29 |
2009-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294549
|
- |
|
mybulletinboard
|
mybulletinboard
|
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy paramet…
|
CWE-89
SQL Injection
|
CVE-2009-2230
|
2017-09-19 10:29 |
2009-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294550
|
- |
|
mid.as
|
midas
|
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.
|
CWE-287
Improper Authentication
|
CVE-2009-2231
|
2017-09-19 10:29 |
2009-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
