|
294511
|
- |
|
karl_core
|
bandsite_cms
|
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an e…
|
CWE-94
Code Injection
|
CVE-2009-4793
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294512
|
- |
|
karl_core
|
bandsite_cms
|
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
CWE-94
Code Injection
|
CVE-2009-4793
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294513
|
- |
|
jobhut.spranger
|
jobhut
|
SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter.
|
CWE-89
SQL Injection
|
CVE-2009-4797
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294514
|
- |
|
diskos
|
diskos_cms
|
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields t…
|
CWE-89
SQL Injection
|
CVE-2009-4798
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294515
|
- |
|
diskos
|
diskos_cms
|
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4799
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294516
|
- |
|
sysax
|
multi_server
|
Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command.
|
CWE-22
Path Traversal
|
CVE-2009-4800
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294517
|
- |
|
digitalinterchange
|
digital_interchange_document_library
|
admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via u…
|
CWE-287
Improper Authentication
|
CVE-2009-4806
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294518
|
- |
|
graugon
|
php_article_publisher
|
Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to v…
|
CWE-89
SQL Injection
|
CVE-2009-4807
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294519
|
- |
|
graugon
|
php_article_publisher
|
admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2009-4808
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294520
|
- |
|
sharing-file
|
easy_file_sharing_web_server
|
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4809
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
