|
297931
|
- |
|
autonomy
|
ultraseek
|
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the …
|
CWE-59
Link Following
|
CVE-2009-0347
|
2017-08-8 10:33 |
2009-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297932
|
- |
|
sun
|
java_system_access_manager
|
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which a…
|
CWE-200
Information Exposure
|
CVE-2009-0348
|
2017-08-8 10:33 |
2009-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297933
|
- |
|
wesnoth
|
wesnoth
|
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0367
|
2017-08-8 10:33 |
2009-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297934
|
- |
|
opensc-project
|
opensc
|
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by…
|
CWE-310
Cryptographic Issues
|
CVE-2009-0368
|
2017-08-8 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297935
|
- |
|
ephpscripts
|
e-php_cms
|
SQL injection vulnerability in browsecats.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
CWE-89
SQL Injection
|
CVE-2009-0401
|
2017-08-8 10:33 |
2009-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297936
|
- |
|
bioinformatics
|
htmlawed
|
Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics htmLawed 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) e…
|
CWE-79
Cross-site Scripting
|
CVE-2009-0404
|
2017-08-8 10:33 |
2009-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297937
|
- |
|
oscommerce
|
oscommerce
|
Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators.
|
CWE-352
Origin Validation Error
|
CVE-2009-0408
|
2017-08-8 10:33 |
2009-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297938
|
- |
|
google
|
chrome
|
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive inf…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0411
|
2017-08-8 10:33 |
2009-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297939
|
- |
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2009-0413
|
2017-08-8 10:33 |
2009-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297940
|
- |
|
microsoft
|
xml_core_services
|
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-0419
|
2017-08-8 10:33 |
2009-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
