|
346351
|
- |
|
adobe
|
acrobat_reader
|
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a cra…
|
CWE-94
Code Injection
|
CVE-2009-4764
|
2017-09-19 10:30 |
2010-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346352
|
- |
|
ipswitch
|
ws_ftp
|
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an H…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2009-4775
|
2017-09-19 10:30 |
2010-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346353
|
- |
|
karl_core
|
bandsite_cms
|
SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php.
|
CWE-89
SQL Injection
|
CVE-2009-4792
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346354
|
- |
|
karl_core
|
bandsite_cms
|
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an e…
|
CWE-94
Code Injection
|
CVE-2009-4793
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346355
|
- |
|
karl_core
|
bandsite_cms
|
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
CWE-94
Code Injection
|
CVE-2009-4793
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346356
|
- |
|
jobhut.spranger
|
jobhut
|
SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter.
|
CWE-89
SQL Injection
|
CVE-2009-4797
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346357
|
- |
|
diskos
|
diskos_cms
|
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields t…
|
CWE-89
SQL Injection
|
CVE-2009-4798
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346358
|
- |
|
diskos
|
diskos_cms
|
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4799
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346359
|
- |
|
sysax
|
multi_server
|
Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command.
|
CWE-22
Path Traversal
|
CVE-2009-4800
|
2017-09-19 10:30 |
2010-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346360
|
- |
|
digitalinterchange
|
digital_interchange_document_library
|
admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via u…
|
CWE-287
Improper Authentication
|
CVE-2009-4806
|
2017-09-19 10:30 |
2010-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
