|
347071
|
- |
|
diskos
|
diskos_cms
|
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields t…
|
CWE-89
SQL Injection
|
CVE-2009-4798
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347072
|
- |
|
diskos
|
diskos_cms
|
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4799
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347073
|
- |
|
sysax
|
multi_server
|
Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command.
|
CWE-22
Path Traversal
|
CVE-2009-4800
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347074
|
- |
|
digitalinterchange
|
digital_interchange_document_library
|
admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via u…
|
CWE-287
Improper Authentication
|
CVE-2009-4806
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347075
|
- |
|
graugon
|
php_article_publisher
|
Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to v…
|
CWE-89
SQL Injection
|
CVE-2009-4807
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347076
|
- |
|
graugon
|
php_article_publisher
|
admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2009-4808
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347077
|
- |
|
sharing-file
|
easy_file_sharing_web_server
|
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter.
|
CWE-22
Path Traversal
|
CVE-2009-4809
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347078
|
- |
|
deslock
|
deslock\+
|
The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4832
|
2017-09-19 10:30 |
2010-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347079
|
- |
|
xpressengine
|
zeroboard
|
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php.
|
CWE-94
Code Injection
|
CVE-2009-4834
|
2017-09-19 10:30 |
2010-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347080
|
- |
|
moviephp
|
movie_php_script
|
Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter.
|
CWE-94
Code Injection
|
CVE-2009-4836
|
2017-09-19 10:30 |
2010-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
